Latest news with #GovernmentDigitalService
Telegraph
21-05-2025
- Politics
- Telegraph
Britain's primary data portal just failed a red-team test. Yes, that is very bad
Late last year, GCHQ's specialist cyber security centre warned that UK business and government had never been in such danger from cyber attacks. The message from the National Cyber Security Centre (NCSC) and its partners in the Five Eyes nations was clear: bolt the doors, and fasten the hatches. So it's disturbing that the Labour Government wants to force us all to use an unsecure system to handle all our most important data. Let me give you some background. In January, The Telegraph was contacted by a whistleblower working on the Government's new digital identity verification system, One Login. The plan is that this will be the way we sign in to pay our taxes, collect pensions and other benefits, and in time other things. The senior civil servant, a professional in assessing risk and security, was shocked by what he had found at the Government Digital Service (GDS) which is developing One Login. The GDS had inherited the 'move fast and break things' culture of Silicon Valley. At once, I alerted Parliamentarians with an interest in security and critical national infrastructure. The whistleblower's testimony, backed by copious evidence, was disturbing. He said that developers on the One Login project had been routinely accessing the system without the required security clearance and background checks on laptops that were not secure. Some development on One Login was even taking place in Romania, without the top leadership's knowledge. Foreign intelligence services are active in Romania, which is a favourite with cyber criminals. All of this should have alarmed senior management at GDS, but instead, their response was to disband the whistleblower's team. We published some of the disclosures last month. Ministers responded to the story by saying that the allegations were old, and irrelevant. But now GDS has confirmed our worst fears. In the course of a 'red-team' penetration exercise by an external specialist, which simulates a hostile cyber attack, One Login was penetrated at the highest level without detection. No flags were raised, and no alarms went off. This took place in March, indicating that One Login today is an insecure system. It should never have come to this. The Science Minister, Peter Kyle, responsible for One Login, had been contacted by the whistleblower last July, but blandly accepted the project management's assurances that there was nothing to worry about. That now looks foolish. Instead of being a dispassionate observer, whose interest is to protect the public, Mr Kyle is a Tiggerish digital enthusiast, keener to get One Login system adopted than to hold his civil servants to account. While we can all benefit from trustworthy government digital services for the potential savings they may yield, they should not be encouraged at any cost. They certainly should not compromise national resilience. The Government's handling of the disclosures about One Login project puts the digital government project at risk of losing that trust. The agonies suffered by Marks and Spencer and the Co-op after their recent cyber attacks remind us how devastating a cyber attack can be. To meet deadlines, GDS spurned the chance to nip a potential disaster in the bud by tightening up security practices. It seems ministers have not been told the truth. Only a fully independent audit by NCSC can now allay the public's legitimate concerns. As the Government Digital Service itself wrote in its 2022 Business Case for the project – which, incidentally, it refuses to release in response to Freedom of Information requests – security vulnerabilities could be used by 'fraudsters to steal user information or by hostile actors seeking to disrupt national infrastructure. This could have severe consequences for a large number of people, and result in persistent reputational and political damage'. If this problem is not sorted out, the risk of a national disaster is very real.
BBC News
10-04-2025
- Business
- BBC News
West Berkshire Council takes part in government Minute AI trial
A council has been selected to take part in a scheme trialling the use of artificial Berkshire Council is one of 25 local authorities selected to trial Minute, an AI transcription and summary tool workers can use in was developed by the Incubator for Artificial Intelligence, part of the Government Digital Service, which is within the Department for Science, Innovation and Poole, portfolio holder for transformation and corporate programme, said she was "delighted" the council was part of the trial. "If used securely and ethically, artificial intelligence has the potential to revolutionise how the public sector works," she Incubator for Artificial Intelligence is responsible for prototyping and deploying AI tools for use across the public sectorIt is working with the Local Government Association and other organisations to give authorities trial access to Minute, and gather evidence on public sector transcription trial will conclude in July, at which point it will publish a summary of the Poole said AI would not be used to make decisions or create final versions of reports."Everything will be created by an officer but helped by using Minute," she said. You can follow BBC Berkshire on Facebook, X (Twitter), or Instagram.
