back to article Universal Credit at high risk of cyber-attack, fraud from the outset

Documents released after a four-year legal battle reveal the extent of the UK government's blithe disregard for the risks faced by Universal Credit. This week, internal reviews of the enormous project in 2011 and 2012 were published by the Department of Work and Pensions under Freedom of Information laws. The dossiers reveal …

  1. Voland's right hand Silver badge

    Why this does not surprise me

    Listening to the "Vlad" for a half an hour is sufficient to establish the fact that he is both mildly paranoid and largely delusional (the "quiet man" speech is a good example). From there on it is a classic case of "fish rots from the head" - the whole project has been paranoid and obsessive on not overpaying an extra penny here and there by mistake while being obliviously delusional on the subject of real threats.

    1. HmmmYes

      Re: Why this does not surprise me

      Just a thick ex-Army Captain.

      Forces are full of then. Bunch of morons.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why this does not surprise me

        Yes, for many, termination as Captain is not a good sign. Now if they had recruited someone who had left as a Sergeant Major - or even RSM, things might have turned out a little differently.

        1. Anonymous Coward
          Anonymous Coward

          Re: Why this does not surprise me

          I knew someone who's wife taught remedial English at UK Army camps. Her students included officers up to (and including) the rank of Captain.

          So no great surprise there either.

        2. Anonymous Coward
          Anonymous Coward

          Re: Why this does not surprise me

          Dear god,

          Having an RSM as a project manager. I was in the army and the only person who scared me was the Colonel and the RSM. The Colonel had no idea who I was and I kept it that way, sadly the RSM did know me and just about everybody else. I suspect that the Colonel was scared of the RSM as well.

          Having an RSM as the lead person on the project would be brilliant. They would take zero shit, I have a suspicion that even in the public sector they would deliver on time and budget. Now there may be (real) bodies left in their wake, but hey, things would happen, and you never know, the bodies may be senior politicians so a win-win situation.

          Also the RSM would know how to handle Captains pretty well, indeed any NCO knows how to handle their 'superior officer' with skill. Any decent officer worth his salt would listen to their NCO very, very carefully and follow any 'advice' offered. Certainly if the RSM offered any advice all the officers would take careful note. Nobody wanted to be on the wrong side of the RSM.

          Oh well, sadly there aren't enough RSM's to dig the govt out of the shit on this one but its nice to dream.

          1. qwertyuiop

            Re: Why this does not surprise me

            Hmmm... I'm reminded of a very old (WW2) joke about two former school chums who meet up in a bar. One is a Captain in the Army, the other a Wing Commander in the RAF.

            They talk about their different "jobs" and the Captain says he would love to see a Spitfire (I told you it was an old joke!), so the Wing Commander arranges for him to visit his squadron.

            When the Captain arrives the Wingco takes him out and shows him the beautiful work of art that is a Spitfire and they climb up and look inside the cockpit. He explains the use of the various instruments and controls. The Captain looks astonished and then turns to him and says "What? You have to deal with all of that on your own? In battle? And no competent NCO to help you?".

          2. KeithR

            Re: Why this does not surprise me

            "I have a suspicion that even in the public sector they would deliver on time and budget"

            Actually the Public Sector would routinely deliver on time and on budget - if we weren't forced to use the Private Sector...

            1. Anonymous Coward
              Anonymous Coward

              Re: Why this does not surprise me

              I agree entirely. I spent a good number of years working in ITSA before it was flogged off wholesale. There was a large presence of "Consultants" mostly from Andersen Consukting (Accenture). They arrived straight from university, having completed an induction course and were parachuted into teams of techies. I had one "team leader" with a degree in history from Cambridge and not the first idea about programming in C whose job involved reviewing the code I wrote. Another wrote his CV for a new role and stored it on a publicly shared area of the network. We took great pleasure in reading that, it seems the said droid was a "dry ski slope instructor".

              Don't get me wrong, there were some exceptional folk working with us who have gone on to very great things. These however were the exception and I always felt that major DSS projects were seen as a training ground by Andersens; they got their new starters in en masse, trained them and got paid handsomely by the DSS for the privilege. It was this approach that led to me leaving in the end. The civil servants were the ones in general who stopped the projects turning bad.

          3. Anonymous Coward
            Anonymous Coward

            Give it up for the RN...

            I've worked with a few ex-CPOs who would give a RSM a run for their money.

          4. allthecoolshortnamesweretaken

            Re: Why this does not surprise me

            The officers command the unit - the NCOs run it.

  2. BebopWeBop
    WTF?

    It just goes from bad to worse. Kudos to John Slater and FOI, but it is clear (a) why they did not want to release it and (b) that this administration (and almost certainly the one to come) will be working very hard to continue to hobble FOI in practice or through legislation.

  3. Pascal Monett Silver badge
    Flame

    One question : are those "responsible" still in place ?

    The number of fails in this single project is amazing. From declaring the use of a methodology in order to get the project finished quicker, then not using said methodology, to totally forgetting that there might be risks to the proper safeguarding of data - the list goes on and on.

    Had this monstrosity gone live, the personal data of tens of thousands would have been freely available to any hacker who would have a passing interest and five minutes to spare.

    Those who have their names on this shame of a shambles should lose their position and their pension and be either fired or degraded to serving tea with the corresponding salary.

    1. Anonymous Coward
      Anonymous Coward

      Re: One question : are those "responsible" still in place ?

      Having spent time at DWP, I'm pretty sure there was no-one 'responsible' and that those involved are, as we speak, making tea.

      1. John Brown (no body) Silver badge

        Re: One question : are those "responsible" still in place ?

        "and that those involved are, as we speak, making tea."

        More likely in the bath. A very long bath. With a rubber duck. There's nothing quite like a bath to take ones mind off the stress of the job.

        (with thanks to Douglas Adams)

    2. Primus Secundus Tertius

      Re: One question : are those "responsible" still in place ?

      The Civil Service are, as an almost forgotten election slogan once put it, "Failing the nation". They should therefore be taken into public ownership, er, or something.

      It would indeed be a punishment for the mandarins if they were lectured and ordered to do better by the ordinary people they so despise, for our ignorance of "higher considerations" i.e. departmental policy.

      In other news today, the deputy chief of the Home Office was ordered out of a parliamentary committee hearing for failing to give proper answers. That is an example of mandarinate arrogance.

      1. Anonymous Coward
        Anonymous Coward

        Re: One question : are those "responsible" still in place ?

        Well the government appoint the top civil servants and they only appoint those who tell them what they want to hear.....

        Gone are the days of Sir Humphry running rings around hapless ministers.....

      2. Doctor Syntax Silver badge

        Re: One question : are those "responsible" still in place ?

        "the deputy chief of the Home Office was ordered out of a parliamentary committee hearing for failing to give proper answers"

        Even better, AIUI, he was told to go and find out and come back with the answers by the end of the day. I hope the day in question was specified to avoid wriggle room.

    3. qwertyuiop

      Re: One question : are those "responsible" still in place ?

      "Had this monstrosity gone live..."

      Ummm... it has gone live, albeit in a very restricted way.

  4. Rich 11
  5. John Smith 19 Gold badge
    FAIL

    Smells of "We'll do *exactly* what the MInister asks for"

    That's a senior civil servants version of "work to rule."

    Usually driven by

    a)It threatens us in some way

    b)We don't think it's a good idea.

    it should have been obvious from the onset this was a huge project both in terms of data volume and complexity. Phased (and fairly slow) roll out was the only way it was ever going to deliver the full benefits.

    But that would not fit a certain Ministers agenda.

    1. BebopWeBop

      Re: Smells of "We'll do *exactly* what the MInister asks for"

      Quite agree, but that phased roll out should have been accompanied by a rethink of the complex and not always appropriate benefit system (with associated working practices and legislation).

    2. BurnT'offering

      Re: Smells of "We'll do *exactly* what the MInister asks for"

      That's universally what 'leaders' get when they don't know how to manage experts - "We warned you it wouldn't work - and now we're going to prove it".

      1. Doctor Syntax Silver badge

        Re: Smells of "We'll do *exactly* what the MInister asks for"

        "That's universally what 'leaders' get when they don't know how to manage experts"

        I've always considered it the ultimate IT way to deal with users when advice is ignored.

  6. Anonymous Coward
    Anonymous Coward

    What about the NAO response?

    They used 'Agile' to excuse the need for requirements on the basis that 'requirements always change so why bother with them'. Agile (as they were using it) you can get away with on a 5 page web-site. With no back-end.

    It ignored the fundamental that most people who need help aren't internet savvy and often have little or no access.

    It also ignored the question of 'What actually is Universal Credit? How does it actually unify all the hundreds of things into one big thing?'

    Anon as I did chat about this with an acquaintance at the National Audit Office who was aghast at how bad it all was.

    1. Mark 85
      Devil

      Re: What about the NAO response?

      That's ok... now that they know Agile doesn't work, they'll probably give DevOps a shot....

      1. Anonymous Coward
        Anonymous Coward

        Re: What about the NAO response?

        Agile and other modern delivery methodologies can work in Gov - if the existing DWP (or any other department - they're all as bad as each other) staff didn't use petty office politics, bureaucracy and just sheer bloody-mindedness to prevent it from being implemented properly - or at all.

        Anon ex Govt IT staffer who has seen this all before, and will likely see it (or at least hear about it from contacts) again.

      2. Miss Lincolnshire

        too late

        It's built by DevOps at HP

  7. kmac499

    It's the mindset of the elected career politician . I was elected therefore I have the full authority of the entire nation to do whatever I think to be right. No matter what proportion of the electorate who voted for them the winner takes all mentality dominates.

    Let alone the catastrophe of UC and the wreckage it will leave behind, IDS and people with similar mindset are now arguing for a Brexit. Which if the people vote for it. may well hand the reins of government to people like IDS boosting their confirmation bias through the ceiling.

  8. Anonymous Coward
    Anonymous Coward

    Y'don't say..

    "There have been previous instances of the media having a negative view of the government's ability to deliver new programmes."

    And do you think that might possibly be due to the government's negative ability to deliver well-functioning new programmes? Hmmm?

  9. Brewster's Angle Grinder Silver badge

    Mmmm... brains....

    "...and senior people not engaging their brains."

    The person who, at the time, was most senior doesn't seem to have had a brain to engage.

  10. Starace

    Old data?

    So this is what the situation was in 2011/12.

    So the meetings that happened in 2013/14 to fix it won't be included?

    That said telling the civil service what they need to do and them listening are very different things but don't jump to the conclusion they haven't been told how to sort it. I understand the Treasury bods are particularly resistant to input.

    1. BurnT'offering

      Re: Old data?

      "So the meetings that happened in 2013/14 to fix it won't be included?"

      So is it fixed?

  11. Scott 53

    And I thought this was meant to be a joke

    http://dilbert.com/strip/2007-11-26

    1. allthecoolshortnamesweretaken

      Re: And I thought this was meant to be a joke

      15 years or so ago I used to wonder "where does Scott Adams get his ideas from?"... well, I've stopped wondering.

  12. Known Hero

    Can we get our benefits in bitcoin yet ? Or has that buzzword passed ?

  13. theregister5634

    Agile

    HMRC are heavily invested in the rhetoric of 'AGILE'.

    The program to digitize tax is presented to 3rd party developers by senior hmrc bods as using this approach.

    The reality is that the task before them is so vast and complex that all they can do is deliver minor bits and pieces and hope by calling it 'agile' no one will notice that they are not ever going to deliver...

    1. Miss Lincolnshire

      Re: Agile

      I had an interview for a role with HMRC Cloud and Digital a few weeks ago.

      The bloke leading the session seemed to have a poor view of suppliers and little trust for the grades below him but he had read a lot of theoretical papers. Hadn't delivered anything of note.....

  14. John Smith 19 Gold badge
    Unhappy

    Just to *roughly* get an idea of what we're talking about

    So 6 benefits x Millions of people x Decades of benefit history x number of files to implement each benefits data model x No of hardware platforms --> "f**k me sideways" volume of data.

    GB of data? Definitely. TB? Quite possible.

    Clearly you'll need seasoned, hard core systems architects and experienced ETL types to have any serious chance of getting it done in an orderly fashion, probably with mainframe (possibly ICL/Fujitsu OS & DB) skills at some point. So no point in me applying. :-( .

    One suggestion. Do the data cleaning before you upload to the new system. You will have fewer claimants on the system to start with but their details will be reliable details, and that give the claimants confidence it's going to work.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon