Is the UK government failing to promote safe use of the internet and technology in the UK?

I was catching up on some of my reading the other day about the lack of IT Security in the UK, the article stated that IT security at 96 per cent of UK businesses was “not fit for purpose”.  So, I wanted to compare UK to American government sites and what help it offers for businesses…..

First off let’s look at where for most people may be the starting point for a search for information, Google, Bing or Yahoo.

If you look on Google for “uk it security”,  nothing from any UK government site was returned on the first 2 pages, same was true for Bing and Yahoo.  Google did offer the suggestion of “uk homeland security” in the related searches, and that returned MI5′s site as the first link.

However, once getting to the MI5 site, and clicking ‘What You Can Do’ followed by ‘Business Security Advice” it just ended up with a link to the UK Police website, after some time wandering around this site I lost the will to live and gave up.

I did try “disaster planning uk” as a search, and the first item on a UK Government site to show up wasn’t for the UK, but “Largest ever UK disaster response for Syria crisis“.  I admit that there were lot’s of links for commercial sites in the UK that showed up, but the actual Governmental sites were well hidden.

In comparison a search for “usa it security” on all three search engines sites gave me links to the U.S. Department of Homeland Security site a quick look here and I got a redirect to National Initiative for Cybersecurity careers and studies, the home page here had information for:

  • Federal Employees
  • General Public
  • Students
  • Educators
  • Parents
  • Cybersecurity Professionals
  • Human Capital Managers
  • Cybersecurity Managers
  • Policy Makers
  • Veterans
  • Women & Minorities

Looking for incident management/disaster recovery was pretty much the same.  On US websites it only took a couple of clicks to find on the FEMA site and from there Emergency Preparedness Resources for Businesses.  This contains links to loads of resources for Risk Assessment Survey, Emergency Planing documents, Cyber Security etc. etc.

There is also links to the US-CERT the United States Computer Emergency Readiness Team website.  Her you can find “Those with more technical interest can read the Alerts, Current Activity, or Bulletins. Users looking for more general-interest pieces can read the Tips.”.  In the Publications section you can find All sorts of resources for Home, general internet security, Technical Publications, and more.

The only down side from the American sites, is for some this can be a little too much information and for non IT folks this could be a case of information overload.  Still there is “Cybersecurity: What Every CEO Should Be Asking” it’s has a downloadable 2 page pdf file which is a good place for ‘management’ to start.

So, there is a mass of easily found information thanks to the Americans out there, as for advice from the UK government, well clearly the attitude here is “IT Security.  The first rule of IT Security is we don’t talk about IT Security”.  I was going to say some of the American documents covering Hurricanes, flooding, chemical attacks and terrorist attacks might be a little over the top, but given that 12 weeks on, after initial Christmas storms and flooding and parts of the UK are still under water, maybe the Americans do have a point.  Meanwhile here in the UK… well I think the reaction of one of the Governmental Agencies sums up quite well how they don’t seem to grasp technology quite as well as most countries.  The Environment Agency, refused to publish documents about following an enquiry as there was a lack of space on the internet!


Repost from March 7th, 2014