The running down of the national Public Services Network is likely to take a few years, and will place new demands on how organisations provide data assurance
It’s official: government is on a journey away from the Public Services Network (PSN) and towards using the internet, with the appropriate technical controls, for the secure exchange of data.
Last week’s indication from the Government Digital Service (GDS) that organisations should forget about the PSN for new services and concentrate on the technical controls reflects the fact that technology has moved on since it was set up in 2011. There are now reliable alternatives to using the dedicated ‘network of networks’ for the public sector.
It also reflects the mixed record in its take-up, with organisations discovering those alternatives for themselves, or opting for regional versions of the PSN.
Now it is raising questions about whether it will demand a big shift in thinking and how a post-PSN outlook will evolve.
Given that public authorities have been encouraged to use the PSN, the shift in direction could create some angst. Martin Ferguson, director of policy at public sector association Socitm, says the decision is right in principle but will take plenty of time to make a difference.
“From the technology point of view the Cabinet Office is right on government moving away from the PSN and there are other measures that can be effective,” he says. “But the practical reality is that we are five to 10 years away from seeing it fully implemented.
“For example, if we look at the integration of health and social care, there is a £900 million procurement to integrate the new Health and Social Care Network with the PSN and the sharing of personal data will go through the conjoined network.”
Organisations are gearing up to use this channel and will not change quickly, but over time they will be able to size up options such as the security built into relevant applications and the use of software defined network (SD-WAN), which enables them to define the rules governing data traffic through internet connections.
Ferguson says the problem is that SD-WAN and some of the other possibilities are not yet widely understood, and acknowledges it will be an awkward transition for many. It will become easier when relevant services are built into public sector framework contracts.
“But it will happen eventually,” he says. “It will probably be gradual and come through a transitional period of hybrid applications.”
There is a view that the significance of the change is limited by relatively few organisations being dependent on the national PSN. Des Ward, information governance director at Innopsis, the suppliers’ association that was originally set up to focus on the network, says that few rely on it. This could encourage a relatively quick transition away from the national version.
But he says the regional networks – such as the Yorkshire and Humberside PSN and the LondonPSN – are used more heavily, and this is likely to continue. Also, any change should not diminish the attention paid to securing the exchange of information.
“We have to understand there is not going to be a wholesale move away from assured WANs (wide area networks) and information to totally unassured networks,” he says. “The (GDS) blogpost clearly points to the guidance for the internet which is not the Wild West.”
He says the real issue is to ensure that reliable network connections are in place, with the right levels of security, and that the network guidance provided by GDS should be sufficient in a purely technical sense. But organisations need to do more than rely on their network providers.
“The key thing is not to expect network providers to do all the good stuff; the network guidance is clear that it is down to the customer to ensure that whatever they buy is fit for purpose. That is the crucial thing.”
Need for documentation
This should play a role in the design and procurement of a network, and there could be a role for some documentation to prove it has been addressed.
“When you have such clear guidance from GDS on how to buy the networks and the network principles, I think that procurement should refer to how they have looked at these and considered the needs.
“We have the principles. When there’s such guidance from GDS on what a network should be, then it’s fair to show that you’ve considered everything within it from a design and needs perspective. Everybody will say they have, but sometimes it’s useful when you have a procurement consultant coming in to provide those checks and balances.
“It can just be a statement, but I think we need something.”
Ward adds that it is important to stick with the principles, especially as the exchange of data coming from internet of things (IoT) devices – some of it from wearable technology with information on people’s personal behaviour – will pick up in volume. This applies as much to the legal obligations as the technical principles.
“The existing legal framework is perfectly acceptable if you take the time to understand it,”he says. “The problem is that many of the people who have been involved the discussion are looking at the technology rather than the information.”
He adds: “The only adaptation needed is to stop talking about data and start talking about information. Information is data you understand.
“If GDS was to change the word ‘data’ to ‘information’ you would get a different reaction. Humans react to words they understand.”
The PSN may have saved organisations from paying close attention to some of these issues, and it could suit them to continue to rely on it while it is there. Over time they will have to take on the responsibility; it could be a burden, but it could also open up new possibilities for the exchange of information.
Image: Rozszerzonej Gwiazdy, public domain