It’s part of our role as the Government Digital Service to set the standards needed for digital government to be successful.
As we continue to move away from the PSN, we need to think about the new standards we use to share services and exchange data so there is trust in the interaction and integrity in the data.
These new standards could include adopting technical controls like using standards-based approaches to email security and encrypting web transactions using Transport Layer Security (TLS). They could also include leveraging commodity edge devices and/or using Virtual Private Networks (VPNs).
Some of these approaches are already being adopted. Secure email, for example, is a popular PSN alternative with almost 200 public sector bodies as users, and more to follow over the coming year as we continue to encourage migration away from legacy gsi domain names.
Before we move ahead with an assurance alternative though, we’ll need to test each approach. All new projects at GDS follow the government design principles, including the first one – start with user needs. We’ll be holding a discovery to find out which solution/s will most satisfy users. And an alpha to prototype some of the ideas from the discovery outputs.
Discovering what we need
A discovery is about understanding the user journey. Our project discovery will involve user research into the types of standards and guidance we need now we have begun moving away from the PSN to the internet. We need to make sure users feel supported and create a secure structure for different parts of government to communicate, both local and central.
We need to understand:
- which government users need to exchange data securely
- the needs of these users, how we can meet them and any needs we’re not meeting (we’ll work closely with departments and their digital teams to analyse and articulate new user needs)
- what technology and services are currently meeting users’ needs
- how we can gather and analyse data from the PSN (such as basic network traffic and security vulnerabilities) to inform the applications being used
- how we should start developing solutions for the new future network
- how we can encourage suppliers to work with us to develop common standards for the new network so all suppliers can participate equally and fairly in the new marketplace (this stage will most likely involve interviews with suppliers)
- how organisations can verify their networks to meet the new set of standards we adopt
We’re currently hiring a multidisciplinary team for this discovery, including: user researchers; specialists in network scanning and analysis, networking technology and the marketplace; and security countermeasure specialists. We’ll also be using one of our in-house data analysts experts to look into all the PSN data.
This discovery team will help set the direction for government network strategy for the foreseeable future. They’ll have privileged access to specialists across the public sector. If you are interested in the opportunity (you’ll need to be SC cleared), please see the Digital Marketplace for more details.
The next step: beginning an alpha
Following the discovery, we’ll use an alpha to prototype the ideas we’ve discovered. This will involve testing the technology with users, identifying any problems and deciding how these can be solved. We’ll also look at the costs and risks involved with any new technology or standard we’re adopting.
By the end of this alpha, in around 6 months time, we should have a good understanding of how we can assure connections for a wide range of public sector organisations using the best available standards-based approaches. We’ll then move into beta.
Working with suppliers
During the discovery and alpha, we’ll keep in touch with network users and commercial providers to make sure those who need to make decisions get clear information. We’ll also be working closely with the National Cyber Security Centre (NCSC) and the Crown Commercial Service (CCS) to ensure we will still have the widest possible range of suppliers when buying network services.
We’re really keen to create a healthy supplier market around the technology we use to establish high-quality connections, just as we did with PSN. We’ll be setting the standards but will look to suppliers for guidance. For example, if it’s commodity edge devices that we’re using, we’d ask suppliers in this space for advice on implementation and configuration.
It’s also important that industry works together with us to develop common standards that don’t prevent any suppliers from participating in the marketplace. At the moment government organisations can buy a PSN connection from dozens of suppliers and this connection will work with PSN connections from their competitors. This interoperable framework needs to continue under the new assurance network so we can continue to see the performance and security benefits.
To make sure you stay up to date with all the latest developments, you can sign up to alerts from the GDS Technology blog.
If this sounds like a good place to work, take a look at Working for GDS - we're usually in search of talented people to come and join the team.