Java security disaster pending in England? What about Scotland?

Java security disaster pending in England? What about Scotland?

Posted on 23/03/2015 

by Ridha Lachhab

Research by Avecto, the leading software security company, suggests that over 55% of local authorities in England are using unsupported versions of Java.


In fact, only 6% of all English councils are running Java 8, the most up-to-date version, and this is a major concern, given that councils handle a lot of sensitive information. Moreover, with (local) government increasingly trying to offer citizens a single entry point to council services, where any individual can login to an account that allows him or her to pay council tax, make enquiries about housing, investigate social welfare provisions, etc. there is going to be a lot more personal data housed on council servers.


Cyber crime is an increasing, serious problem. Paul Kenyon, EVP at Avecto said: “Java needs frequent maintenance with security patches needing to be rolled out regularly. Unsupported versions are essentially an open door to cyber criminals that target entry to systems via outdated applications or web browsing. Since councils handle a huge amount of sensitive data, it's critical to ensure it doesn't fall into the wrong hands.


“Challenges that include compatibility issues when moving to the latest versions, are not an excuse for running unsupported software, particularly when councils are given plenty of notice by the vendor”.


Interestingly, this research didn’t cover Scottish, Welsh or Northern Irish councils. We don’t know what the situation is in these countries. However, although we can hope that the problem only exists in England, it’s unlikely that all the rest of the UK’s councils are as secure as they should be.


One of the problems is, of course, that councils, especially in England, are under huge financial pressure, and it’s likely to get worse rather than better. Even GCHQ, whose campaigns to recruit the specialists with the skills to defeat the cyber criminals have won many awards, finds it difficult to entice these people to join them. This is principally because GCHQ’s appeal is largely based on the technological challenges on offer and the hope that an unashamed patriotism will underpin this rather than the amount of money on offer. The private sector pays far more and those with the specialist skills vote with their wallets. In local government, IT departments are small units, often supported by contractors. The money is not great. With cyber crime increasingly conducted by big, criminal ‘business corporations’, with sales targets and staggeringly good technology, it seems a one-sided contest. Yet it’s in all our interests that the problems identified by Avecto are not ignored, whether they are in councils in England or Scotland. The alternatives are not worth contemplating. We need more IT experts in all areas of government to stop the cyber criminals.


Ridha Lachhab - Principal Consultant