back to article Governments resent their dependence on Big Tech

Senior politicians gathered at Singapore International Cyber Week (SICW) this week to discuss the current state of cybersecurity have articulated their discomfort with finding themselves dependent on Big Tech. "Large tech companies wield an unprecedented level of influence over economies and societies. At the same time, they …

  1. Doctor Syntax Silver badge

    Dependence was their own decision although lack of decision might be more accurate. Decision by default, shall we say?

    1. Neil Barnes Silver badge

      Big tech has good salesbods. The points that are being made though are significant and serious... if your infrastructure (both civic and military) cannot be shown to immune not only to external actors but also to the manufacturers, should you be using it? The supplier may not be your friend tomorrow.

    2. Lurko

      The benefits of hindsight

      Taking a high level view, dependence has crept in, rather than been an obvious decision point to accept the risks. Imagine outsourcing welfare payments processing using legacy systems to a third party data centre - that would just be seen as economic and sensible rather than a government welfare department trying to build, equip and operate its own processing. The decision to then buy and adapt an ERP from a major software house would likewise be seen as probably wiser than trying to build your own bespoke system (opinions may vary), but again, think that this is for a government welfare department who aren't IT experts. That of course exposes you to the full data stack the ERP provider is built on, and thus their vulnerabilities - but still, would the welfare department have done better if they'd built from scratch. Next up, the ERTP provider pushes the customer to adopt SaaS, and again that's seen as the modern thing to do.

      So at what point would it have been prudent to say "hold on, it looks like this would save us money, but we'll lose control of our core systems"? There's very few people would agree that many (or any) government departments are suitably clued up to design, build and operate their own systems, or to do so at a viable cost. If anything, the pressure is on from everybody that the government should save money on administration. Who's going to vote for a government that says "nope, not buying commercial IT, we need it bespoke or FOSS, and we'll put up government spending to pay for all the staff and development work we'll need, not just for new systems, but for world-class security on every government asset?"

      The same arguments apply to the private sector, and are why big business is in near universal thrall to the SApacle duopoly. Whether this is a good or bad thing is hypothetical, we are where we are. But hat raises the question this conference ponders but does not answer, where do we go from here?

      1. David M

        Re: The benefits of hindsight

        Government departments clearly don't have the skills or resources to build their own IT systems, but what they do need is a few senior people who understand both the workflows and the technology well enough to ask the right questions, to define appropriate requirements, including for security, and to be able to monitor private sector development and deliverables to ensure those requirements are being met. I suspect that a lot of problems stem from the fact that nobody in the organisation has much of a clue about IT, so it's easy for suppliers to pull the wool over their eyes.

        1. Lurko

          Re: The benefits of hindsight

          Mostly that's correct, but it's not universally true. I work for a government department, and the directorate in which I work built its own case management system using MS Dynamics. Done near enough on time and on budget for a few million quid, it works well, replaces a slew of legacy proprietary systems and internal spreadsheets and databases, and is a real step chaange in organisational capability. Yes, we're on the hook to MS for the underlying technology and hosting, on the other hand we've designed and bullt a system that works, we own the design and can modify as required. Internal PM and design team, used contractor devs because the civil service isn't allowed ot pay the going rates, and because we've used a common technology platform we'll not be facing the skills problems a few years down the road when changes are inevitably required, unlike a true proprietary system. As with everything in both public and private sector, the public only hear about the failures, and the private sector are better at hushing those up.

          I'd suggest the biggest problem for most government departments is not the loss of control to third parties, but those problems David M describes. The chaos at other government departments over case management systems is mind boggling. We're not a tech directorate, our digital team simply asked the right questions, listened to the answers, made sure that created a design for something that would work, and built was was asked for, without involving the usual big consultants like Fujitsu or Crapita who seem to act as agents of failure in so many things they touch. The prison service spent £100m on a case management service and then scrapped the lot of it without even finishing, the courts service have spent over a billion on a CMS system that's barely functional, yet a case management system should be one of the easiest things to build properly.

          In our case, the real senior expertise was letting the digital team get on without interference, not engaging consultants, and it did help that our leadership do actually understand the operational processes and the need very well, all having come up through the ranks.

  2. Anonymous Coward
    Anonymous Coward

    You don't actually have to depend on big tech, you chose to do so because it's cheaper upfront to buy a premade solution and use some else's data centers and network. You also don't have to be as responsible for hunting bugs and security problems.

    As for patch Tuesday being like a car recall every month, given the poor security of automotive software that would activate be an improvement.

  3. b0llchit Silver badge
    Holmes

    Bullshit and I told you so

    ...discomfort with finding themselves dependent on Big Tech.

    Wow! That must hurt to admit that they are a collective bunch of idiots trusting the untrustworthy with your data. As if the signs were not on the wall from the start and they hadn't been told by the knowledgeable. But being good politicians, they have a plan to shift the blame. They will blame "the other guys" and again may shine in the light of utter bullshit eaten up by other idiots.

  4. cat_mara

    Colour me shocked

    You mean the incessant “public sector bad, private sector good” drum you politicians have been beating for the past 50 years, or near as, has left you in thrall to the private sector? Who could have imagined this outcome?!

  5. JimmyPage
    Mushroom

    Oh, grow up

    "Large tech companies wield an unprecedented level of influence over economies and societies. At the same time, they enjoy a remarkable degree of freedom from regulation and accountability for their activities and the content they carry," opined Singaporean minister Teo Chee Hean at Monday night's opening address.

    That is almost the bumper sticker for Western capitalism. Power and money with naff all oversight, regulation or where possible competition

    And for all their performance handwringing, all I can see from where I live is governments are aspiring to the same. Certainly here in the UK where it seems you are robbed with the threat of prison for your taxes, and yet discover that no one in government is actually responsible for anything.

  6. ChoHag Silver badge
    Pint

    "It's best to utilize expertise, which is rarely located within government."

  7. cschneid
  8. Anonymous Coward
    Anonymous Coward

    How about governments get their shite together

    Europe has GDPR. Australia has their Essential 8. US has DISA & FedRAMP. The list goes on & on. They are all bitchy and whiny about where their physically resides....usually because their government wants Big Tech to spend millions on a new data center inside their country.

    Security knows no such bounds. Security doesn't care where your data resides or what government policies it falls under. If it is vulnerable to compromise, then it will be attacked.

    If the public sector wants better security from the private sector, make it easier for the private sector to deliver. If the governments of the world adopt a unified security standard then we can all stop playing the stupid games - in EMEA we do it this way, in APJ we do it that way, and NAM is a completely different animal....

    That would never happen though because governments don't like to play nice with each other. They all like to claim they are somehow more special than each other. But again, the attackers know no such bounds & limitations.

  9. Danie

    Government is lazy

    Well our government (jn South Africa) could follow though on its promise back in 2007 to go open source, or finish the 10-year eGov project that they started (self-built with open source). It would likely cost a lot less than SAP or Oracle, and keep all the money on-shore with local businesses. Estonia has done it, India has also done it (and has shared their code), so why can't we? It just takes some willpower and a sense of commitment.... Buying into a foreign owned cloud service is only going to cost more and more, and you'll have very little you can ever extract and use elsewhere (equals vendor lock-in).

  10. Tron Silver badge

    Well they could have all used Linux, but most didn't.

    I have no problem with governments going back to paper-based technology and fax. The rest of us can muddle through with our computery things as best we can.

    1. Dinanziame Silver badge
      Meh

      Re: Well they could have all used Linux, but most didn't.

      I do have a problem with my government going back to paper-based technology. I haven't filled a paper-based tax return in over ten years, and I don't intend to ever do it again.

    2. garwhale

      Re: Well they could have all used Linux, but most didn't.

      Most servers run Linux. I did have a boss who insisted I change a LAMP RedHat server to Windows Server. As soon as they left, I changed it to Ubuntu.

    3. garwhale

      Re: Well they could have all used Linux, but most didn't.

      Who can receive fax today outside of, say, Japanese companies?

  11. Anonymous Coward
    Anonymous Coward

    Greener grass elsewhere

    Big Tech are virtual countries with exceptional highly paid workforce. Internet has made physical borders irrelevant. Governments will never become more competitive to attract the talent, unless they lock it physically like in China or North Korea. The dependency is unlikely to disappear due to concentration and monetization power.

    As for impact of social media and disinformation, the power of Big Tech is easy to tame by legally forcing the companies to exclude sensitive and political content from boosting and suggestion algorithms. For example a political video or post must not be impacted by likes, comments or other metrics. It will be there, but its position or views will not be manipulable. Such content should not be subject to algorithms meant for general entertaining content.

  12. Anonymous Coward
    Anonymous Coward

    Bloody turncoats

    For the last thirty years, to my knowledge, governments have deliberately rolled over and invited Big Tech to tickle their tummies with whatever gobshite (sic) their salesmen were peddling that day. 10 years ago I was part of an initiative, supported by the Cabinet Office no less, to change that. Yes, folks, 10 years ago the Cabinet Office was 10 years ahead of its time. Like fuck did their fellow Departments want to know.

    Today I am a one-man initiative in another part of the forest (hence AC). Thank you Laura Dobberstein for the tipoff.

  13. TheMaskedMan Silver badge

    "Meanwhile, these companies ultimately "make their own decisions," such as which nations they boycott or the content they carry."

    A company making its own decisions? You mean they're not prepared to let a government - or anyone - dictate what content they carry? And are prepared to walk away from any nation that tries? How very dare they!

    While I appreciate the security concerns, the general tone of the quotes here sounds like bratty political types having a tantrum because they can't have their own way with other people's systems.

    The ability to walk away enabled WhatsApp et all to stand up to the British government over encryption, leading to a magnificent bit of face saving. I can certainly see that governments don't like that, but it's worked out well enough for the rest of us. If government wants absolute control, it should build its own systems (and look how well government IT projects usually work out). Otherwise, they have to put up with being just another customer.

  14. garwhale

    IT systems built by government departments have a long history of enormous cost, massive cost overruns and delays of years in delivery. Firms are not immune from such problems, but competition forces poor performers out. To force companies to take security seriously, big fines and compensation need to be introduced.

  15. garwhale

    Digital infrastructure is no different from other stuff. Should governments, including local government, manufacture, grow, and build everything they need? No, thanks. Government conrtacts are important for private industry.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like