Well thats all right then....
"Security requirements are being developed to minimise: (i) the likelihood of such an event taking place, and (ii) the impact should it occur. The development of these requirements has involved extensive consultation with other government departments and relevant agencies, as well as with industry."
So, were talking to ourselves and everybody knows the stellar record the government has with IT.
Were talking to the industry who has no vested interest in this at all and can be relied on to deny any and all problems .
Were talking to "relevant agencies" who we won't tell you who they are but will be making money from this.
So that's all right then......
What they need to do is talk to people like geohot and other selected white/greyhats or give these systems to the university's and say - "Right we are 100% confident these are secure and will give you £100K for every flaw you find. You have the right to publish if we don't fix the problem."
Either it will be a very expensive exercise which will lead to a much more secure system or a very cheap exercise which will validate a reasonably secure system. Whatever, I would trust what these sort of people say about the security rather than "government agencies" or "industry".