Incompetent
DEFRA were incompetent during the Foot and Mouth outbreak and they are just as incompetent now.
It has been revealed that the UK's Rural Payments Agency (RPA) lost tapes five months ago which contained the payment details of more than 100,000 farmers in the UK. It told DEFRA and DEFRA told nobody else, certainly not the farmers. DEFRA (Department for Environment, Food and Rural Affairs ) is pointing the finger at IBM for …
"What seems to have happened is that 39 backup tapes were transferred by the RPA to Newcastle from its Reading offices. The tapes then went missing. Thirty seven were found but two were not.DEFRA reckons that the tapes were simply placed on the wrong shelf by IBM staff, who actually operate the RPA data centre in Newcastle, although it seems that Accenture staff at Newcastle were involved as well."
So THAT'S what privatization was really all about - so when everything goes down the crapper you can say 'wasn't me, guv, it was my private contractors'.
I think NuLabour needs to get some t-shirts printed up with 'Privatization Means Never Having To Say You're Sorry' on them...
The problem with IT in a large part of Government (by no means all; I've seen some excellent installations and processes) is that it's often given budget (or rather not given budget) by people who have no clue as to the ramifications of under-resourcing the tech wing.
As far as they see, you have PCs that work, all is good. You can run a browser, all is good. When it goes wrong, someone turns up and presses a few keys, and it works. If a server goes wrong, someone magically fixes it the same way. Either that, or it fixes itself. Honest.
Having Governance people in there to ensure good process is followed is just another unnecessary expense, honest. And when they do get people in there to tick boxes, then hiring the staff necessary to implement all this is really out of the question.
I went to a Business Continuity seminar for a particulr wing of the public sector not too long ago, and the most memorable quote was from a woman who ran a sizable organisation within this sector. When everyone was told how far you have to really go in Business Continuity (i.e. covering the people who work "at the coal face", and out to your vendors, perhaps even their supplier), she said "Isn't that too much effort? Can't we just make sure we've got the management chain covered, as that means we can still function and manage the rest as it comes up?".
Classic thinking in Public Sector management. They don't know how their organisation works, they don't want to know, they don't want the problems that come with taking responsibility for making sure their organisation actually works properly. As long as they can bury their heads in the sand, and get their management reports and figures, as far as they're concerned, the world is working well. Complete disconnect from reality.
With this tape loss, chances are there will be a quick firing, a hiring of someone else who is probably going to be the same as the old person, but with less experience of the environment, and the management practices that allow this to happen will go on the same.
Encryption these days is basically "free", in the sense that it's built-in or bundled with any kit you can buy. You actually have to deliberately not-encrypt, someone doubtlessly did at some point and the beauty of the public sector is he or she will have left a paper trail. Let's find 'em and make an example of 'em...
They've been making a mess of it ever since Margaret Beckett was put in charge and created the agency in the first place. Gold plated specifications and incompetent implementation have caused no end of hardship for a lot of farmers at a time when they already had more than enough to worry about.
Still, no surprise coming from a woman who (when she was in charge of DEFRA) said that food security was a non issue, because we'd always be able to import food from outside the UK....
Speaking from experience, it's not just any old tape device that can read enterprise backups from IBM tape storage systems, and not just anyone can pop out and pick up licenses for the right versions of TSM or FDR, let alone have the right operating systems, software, and agents to put that data on...
When we're talking about having "staff" that move tapes, these are not generic LTO 3 autoloaders and a copy of Backup Exec...
Defra was created to correct some of the deficiencies in its predecessor MAFF. issues raise by Churchill in the 1920s when MAFF was created. This it has signally failed to do, but even so it deserves an even break and it just isn't getting it here. So the public sector is unbelievably incompetent at IT, see above and El Reg passim, but in this case the incompetent public sector has put the task in the hands of two noted big hitters IBM and the suitably renamed Accenture (the name Windscale has been available for some decades).
At this point the unconscionably incompetent public sector gets hit with a pitch fork (this being Defra) according to which its incompetence lead it to specify the service incorrectly, so the service failed because the department in question did not understand its own needs and processes or alternatively it was so useless that it allowed the contractors to run rings round it. But in this case neither of these holds. If you put your data in the hands of IBM and Accenture at vast expense and these two bunches of bandits do not stir for less than shed loads of wonga, you do not need a clause which says 'and while you are at it remember to count the tapes and don't lose any'.
All that said I do wonder how firms like Accenture get any work at all, particularly given the way it walked out of the NHS mega IT project leaving the NHS to bail out Andersen's notorious failed subcontractor ITsoft. Accenture only got its name because, post Enron, it could no longer call itself Andersen.
I completely agree, there's too much focus on saving the taxpayer money! Silly as this sounds, it's better to spend a little more money to resource and plan things correctly, because mistakes like this cost money and jobs. It's a gamble, shave 10% off the budget for the taxpayer, but run the risk of spending double the saving on correcting a mistake that could have been avoided.
In my area of the sector, we have a full continuity plan. I know exactly what will happen in the event of almost any incident. We tightly control all removable media, and dispense bollockings as regularly as required to maintain standards.
I wonder how long it will be before data loss becomes more along the lines of: "We rushed our implementation of the encryption system and now we can't get the data back off the tape."
@Gaius - I'm currently dealing with a designing a global key management and distribution system for IBM tape infrastructure, it is most definately not free to encrypt, especially if you want to make sure you get all your data back every time, no matter where you recover the tape.
Unfortunatly DEFRA, like many government bodys, is hit by being a political tool. Imagin working for a company where your aim changes at the wim of the owner to meet whatever he has seen in the papers this morning, and the CEO changing at random every few months, and the owner changing every 4 years, or two in the case of local govenment.
Its no wonder government bodys have problems. Any private company would fall apart under this (Im not saying they do any better, just that govenment bodys can lose money without going bankrupt)