EXCLUSIVE: Security at some government buildings 'shockingly bad' says Cabinet Office chief
SECURITY controls to prevent unauthorised access to many of 5,000 Government office buildings across the country are "shockingly bad", a senior civil servant has admitted.
Michael Brunton-Spall, deputy director of the Cabinet Office, said he was leading a project to bolster security after a series of flaws were identified across seven million metres squared of office space across the "Government estate."
Yet, he warned he is not confident of solving it within the next two years. Mr Brunton-Spall, known as MBS, revealed that entry passes were not always deactivated or handed back when staff left and in an apparent security lapse, admitted he still has six in his possession, including one in someone else's name. He even said some entry systems to buildings were still being operated through dust-caked 27-year-old computer equipment that looked like it "had not been touched since the 1990s." He also said that security staff were not always qualified to check people's identities and some staff members used inappropriate photographs. Mr Brunton Spall is heading the project GovPass to standardise and improve entry pass systems across the estate, which is understood to include offices at Whitehall and nationwide for Government departments and 400 agencies. He did not specify if the Houses of Parliament were included in the problem and the Cabinet Office would not be drawn on this. However, Mr Brunton-Spall said it concerned only offices and did not include state-owned schools, courts, prisons, job centres or HMRC tax offices. He hopes to get a system up and running whereby passes are automatically deactivated once an employee leaves, with all buildings updated, and all cards having correct details such as dates of births and security clearances of holders on them. He said: "Access control in buildings is pretty shockingly bad in the Government estate. "Around thirty per cent of cards that are in use are woefully insecure. They do not meet the criteria that we would need. It is easy to clone a card. Somebody with a single lost card and access to your building can probably gain access to most of your most secure areas with very simple techniques. "We normally check your ID, but most people who are doing that are not actually qualified." He said in one case a staff member had a pass with a holiday snap of them printed on it for the last few years, with security letting them through. "We are also very bad at taking the passes back. I personally have a collection of six passes at home, one of which is not even in my name.
"My boss and the ministers in Government don't really care if the passes are bad, all they care about is if they turn up to another department and are not allowed in to get to their meeting. "We have found systems that were deployed in the 1990s, that probably has windows 95 on, and are on a PC that was so covered in dust it has probably not been touched in the entire time... but that pc was still critically running the ability for all civil servants to enter and exit that building on a regular basis. Maintenance is a huge problem and not a problem we can easily solve." He said having government staff sharing offices with the private sector and in buildings open to the public was presenting new security risks as was the overhang from coronavirus with people still working from home, as security procedures had been relaxed to allow remote working with a "tsunami of technical debt" on the horizon. He said: "How can you do a security induction if no one ever comes into the office and how do you ensure the team knows each other if they have never met face to face? "In 2022 we are facing risks very unfamiliar to the ones we've seen before." Mr Brunton-Spall made the warts and all revelations during a speech at the International Security Expo in Olympia. He said: "I wish I could say we have solved everything, that access control was fixed in Government, we'd be delighted to be able to do that, but unfortunately I can't... I can see a future for us where we spend the next two years connecting (card) readers and turning up to rooms and discovering that the readers have been left in a pile on the floor." The Cabinet Office appeared to dismiss Mr Brunton-Spall's concerns. A spokesman said: "The safety of our staff and security of our buildings is of paramount importance and we have robust security measures in place across our estate."