'Don't charge departments for IT security'

Friday, March 19, 2010

Government departments should not be charged for internal information assurance work, instead it should be part of the central IT budget, GCHQ's director has said.

Iain Lobban, who was appointed director of the government's eavesdropping centre in January 2008, said the current system was under strain in both resources and money.

Speaking to the Intelligence and Security Committee (ISC), Lobban said the information assurance services that GCHQ provided through CESG – the national technical authority for information assurance – were to a growing customer base. The services were being delivered on a repayment model, but Lobban thought this model was no longer viable and there was a shortfall in funded work of several million pounds.

"I want to move from a model where repayment from other government departments is the norm to one where more work, especially that needed to keep us ahead of technology, is funded centrally," he told the committee.

"I believe there is a strong argument that as government becomes more and more dependent on IT... we need to consider what proportion of government IT spend should be going towards making the systems secure and resilient."

Lobban said he had recommended to the Cabinet Secretary Sir Gus O'Donnell that charges for CESG services should stop with effect from April 2010 or 2011 at the latest.