The official version of this document can be found via the PDF button.
The below content has been automatically generated from the original PDF and some formatting may have been lost, therefore it should not be relied upon to extract citations or propose amendments.
WQ.229/2021
WRITTEN QUESTION TO THE CHIEF MINISTER BY SENATOR T.A. VALLOIS
QUESTION SUBMITTED ON MONDAY 17th MAY 2021 ANSWER TO BE TABLED ON MONDAY 24th MAY 2021
Question
Will the Chief Minister state the current budget within Modernisation and Digital, both capital and revenue and including any heads of transfer made this year after the approval of the Government Plan, for Information Technology (I.T.) cyber-security; will he advise what further funding, if any, is anticipated as required for this area; and will he inform members of the current status of all the projects in this area that are currently being carried out?
Answer
The total approved capital budget for the Cyber Security Programme is £13.8m as set out in the 2020 Government plan. Subsequently, there was a major project budget transfer of £2.2m from 2020 to 2021 within the Cyber Security Programme budget envelope but no overall increase to the 2020 Government plan numbers.
In addition, provision for an initial Revenue budget of £0.5m per annum was included within the original business case, with scope to increase as additional services/capabilities are defined and delivered into BAU over the course of the programme and beyond.
There is currently no additional funding required within Modernisation and Digital for the Cyber Security Programme over and above that which has already been agreed. However, a key element of the first phase of the Cyber Security Programme has been discovery. In the light of discovery and the ever changing and increasing cyber threats, additional, as yet unquantified, expenditure is likely to be required in the future to maintain and build upon the outcomes of the Cyber Security Programme.
Current status of all projects in-flight as follows:
Managed Security Services – project is in delivery, with the deployment of monitoring, vulnerability management and end-point detection services ongoing to advance our response to live threats on the network.
Governance Improvements – good progress made with the delivery of new processes for cyber risk identification and governance, reporting of cyber metrics and the launch of a new suite of policies and standards.
Identity & Access Management – delivery of a strategy overview for the future of identity and access management provisions throughout government, with the ongoing development of a new identity provisioning and governance platform nearing completion ready for early adoption on 15 key applications. Work to improve the quality of data in core directory and authentication systems ongoing.
Asset Management – definition of key process for asset identification and inventory complete, with good progress being made on population of data/information and physical assets into new registers.
People Security – all analysis and development complete for Training & Awareness programme, with new Computer Based Training module launched across government and campaign activities underway.
Network Security Services – assessment of exiting network estate complete with detailed report submitted for review, design complete for new security features to be rolled out across GoJ network and part way through core network changes to enable segmentation.
Retained Incident Response – agreement finalised for advanced technical security support in the event of a severe incident, with formal on-boarding to the service part way through completion.