A problem shared: how governments are tackling cyber threats
At GovernmentDX in Washington DC, top digital leaders from the US and beyond discussed how governments are protecting public services and infrastructure from the growing danger of cyber threats
In an increasingly volatile world, governments around the world are facing cyber security threats that pose a risk to national security.
Speaking in April during a roundtable on cybersecurity at GovernmentDX (now renamed Government Service Delivery), senior figures from government around the world discussed the action that need to be taken to protect and enhance digital government services.
The cyber environment is effectively a field of battle – and a unique one, noted Anjana Rajan, assistant national cyber director for tech security at the US Office of the National Cyber Director. “Unlike other battle domains, it’s man-made – which means that every single day, your arena is changing. That’s what makes defending it so hard,” she said. “But we can use that dynamism to our advantage because we can change the topography; we can move the mountains. Doing so requires a different way of thinking and an understanding of the technical underpinnings of how to re-architect the landscape so that our adversaries don’t lead the way.”
In the cyber world – as on the battlefield – people are “tempted to think about defending the perimeter”, she added. “But we don’t know what that border looks like because we have supply chain attacks; we have insider threat. So we have to take a building block approach and reinvent the raw materials of cyberspace. We need to shift our thinking on cybersecurity, from taking an incident response approach to making it a manufacturing problem.”
In a recent report, said Rajan, the Office of the National Cyber Director pointed out that key infrastructure and government systems contain “undisclosed vulnerabilities”: as well as ensuring that new software and tools entering the market are secure, federal officials must act to make existing systems safer and more resilient. “For new products, new companies, new projects, we can teach ‘secure by design’ principles,” she said. “But the hard problem is: what about the legacy code and all the legacy systems? This is where the next phase of this work begins.”
Civilian targets
These days, the private sector is just as threatened by cyber-attacks, Rajan argued. “When the war in Ukraine started, the first cyber-attack was on a satellite company. In the modern world, conflicts can quickly affect a wide range of organisations beyond government systems that have been vetted and met a compliance standard,” she said – threatening the activities of any organisation “that adds value to critical infrastructure”.
So businesses must understand both the risks and the necessary response. This in turn requires a mindset shift among private sector leaders, said Rajan: top executives must recognise that gaps in cybersecurity present an existential threat to their businesses. “If we can reframe cybersecurity as helping your product go to market faster; keeping your customers safe; making you win economically – that will get attention,” she suggested.
Even within the tech sector, the incentives facing senior leaders often point them in the wrong direction. “How do we get the manufacturers to patch known vulnerabilities? The administration has spent a lot of time thinking about those levers,” said Rajan. In the view of Scott Jones, president of Shared Services Canada, public sector leaders should say clearly to software providers that regarding security: “These are the things we’re not compromising on anymore and we expect you to rise to the occasion.”
Governments could increase the commercial pressure on tech firms by “partnering with critical infrastructure sectors, the finance sector, telecommunications” to require a high standard of cybersecurity, he added. “That hits a pretty significant bottom line for companies.”
Read more: ‘Team captains’: National digital leaders on the role of governments in cybersecurity
Coming together
In addition to federal digital leaders, infrastructure owners and tech providers, departmental chief executives and finance leaders must be persuaded of the central importance of the cybersecurity agenda, said US federal chief information officer Clare Martorana (left). “I don’t think we have figured out, as a global technology community, how to interact with our budget colleagues and our leadership,” she said.
There’s a need for digital leaders to find effective ways of demonstrating the “return on investment that comes through securing our networks, our infrastructure and our security”, she continued – adding that cybersecurity can become “the tip of the spear to help us drive digital transformation across the entire ecosystem”.
“We have a responsibility as digital leaders to change the dialogue and bring people along on that journey, which we’ve done in the US by bringing our budget and cybersecurity teams together to outline cyber investment priorities for each fiscal year,” Martorana concluded. “By doing this, we’ll get the funding both to secure our systems, and also to continue to improve the delivery of services to the public.”
Read more: Organised chaos: how Russia weaponised the culture wars
Boosting services in the field of cyber battles.
The session also heard from Gulsanna Mamediieva, an adviser to Ukraine’s minister of digital transformation, on how the government has improved services amid Russia’s attacks on its digital infrastructure.
As Global Government Forum has documented, Russia is home to some of the world’s most aggressive and accomplished cyber-attackers – and they’ve been assailing Ukrainian infrastructure and services since well before Russian forces mounted a full-scale invasion in February 2022.
The country began its digital transformation in 2019, Mamediieva (left) explained, “despite ongoing Russian cyberattacks that since 2014 have targeted government institutions and critical infrastructure”.
“Often, when there are attacks on the physical infrastructure, they’re aligned with attacks on the cyber infrastructure and connectivity in that region. Russian forces try to cut people off from information, attacking TV towers, internet cables,”
Given that background, security and resilience are critical: “The government’s flagship app, Diia, is built on safety-by-design principles and doesn’t store personal data,” said Mamediieva.
Digital technologies are now central to Ukraine’s war effort, she added – permitting the government to deliver a range of critical services such as online teaching, refugee registration and emergency benefits. “Nobody could imagine how the government could continue to operate and deliver services without public digital infrastructure,” said Mamediieva, emphasising the crucial role that Ukraine’s allies have played in fields such as cloud services and cyber-intelligence sharing.
Mamediieva told the participants that Ukraine’s experience demonstrates that “cybersecurity is not a barrier to innovation or delivering user-friendly, convenient services, but a fundamental enabler that ensures the safety, trust and resilience of digital solutions”.
The invitation-only Meeting at Government Service Delivery is a private event, providing a safe space at which civil service leaders can debate the challenges they face in common. We publish these reports to share some of their thinking with our readers, Note that, to ensure that participants feel able to speak freely at the meeting, we check before publication that they are content to be quoted.
The 2024 Meeting will be covered in four reports, covering the four daytime sessions:
– Seamless by design: the barriers to overhauling legacy technology in government – and how they can be overcome
– The tip of the arrow: how cybersecurity can help drive government transformation
– AI in government – how, where and why?
– What you need when you need it: the power of user-centred design
For information on the 2025 Government Service Delivery Conference and Meeting, which will be held on May 13-14, visit our dedicated website.
About Matt Ross
Matt is Global Government Forum's Contributing Editor, providing direction and support on topics, products and audience interests across GGF’s editorial, events and research operations. He has been a journalist and editor since 1995, beginning in motoring and travel journalism – and combining the two in a 30-month, 30-country 4x4 expedition funded by magazine photo-journalism. Between 2002 and 2008 he was Features Editor of Haymarket news magazine Regeneration & Renewal, covering urban regeneration, economic growth and community development; and from 2008 to 2014 he was the Editor of UK magazine and website Civil Service World, then Editorial Director for Public Sector – both at political publishing house Dods. He has also worked as Director of Communications at think tank the Institute for Government.
Related Posts
