PD Newsletter #96

👋🏽👋🏻👋🏾 Hello, welcome.

We’re proud to announce PD as a recipient of the King’s Award for Enterprise in International Trade. The award recognises our success in helping governments and businesses worldwide deliver smarter, fairer services through digital innovation and structural reform.

In this edition, we look at cyber challenges.

Pete, Rob and Rosemary

🌟 View this newsletter on LinkedIn
🚀 Forwarded this email? Sign-up.

✨ Introducing our guest editors

Pete Chamberlin is a technology leader and digital specialist with a background in software engineering and architecture across the UK public sector. He helps organisations make sense of their technology challenges, turn policy ideas into working systems and grow their people and capabilities to operate sustainably.

Rob Miller is a senior digital leader, with a background in local government and retail. He helps organisations use technology and data to deliver better services for citizens, work in smarter and more sustainable ways, and reduce their costs.

🚀 Latest from Public Digital

Read Mike Bracken’s contribution to Bold ideas to remake the State from think tank Re:State, featuring authors including Andy Burnham and Michael Gove.

Join us for our next PD Sessions event, exploring opportunities for radical service transformation through local government devolution and reorganisation.
📅 When: Thursday 26 June, 18:30- 20:00 BST
📍 Where: Broadway House, London or via Zoom
For more information on our events, please contact events@public.digital

We’re taking Data Bites out of London. Register to attend Data Bites #56 in Liverpool.
📅 When: Wednesday 4 June 18:00-19:30 BST
📍 Where: The Spine Building Liverpool, or via YouTube livestream.

Watch our video below for the best bits from Data Bites #55

⚠️ The cyber challenge for organisations ⚠️

Cyber has featured prominently in the news recently, from high profile incidents affecting major UK retailers like M&S and Co-op, to attacks on global firms and local councils.

Attacks like this are extremely disruptive for businesses and their customers. Dealing with the aftermath puts high pressure on teams across the whole organisation, and requires complex work to keep services running alongside technical recovery work, which can take weeks, months or even years.

The task of communicating what has happened is also highly complex, with lots of unknowns, high exposure, and the need to build confidence and trust. M&S has been recognised for how they have managed this difficult balance, with “genuine humanity at the helm that has genuine concern for their customer's experience.”

Cyber attacks are becoming ever more sophisticated. As threat actors find new ways to operate, including the use of weaponised AI and ransomware as a service, it becomes increasingly challenging for organisations to protect themselves.

It isn’t possible to be 100% ‘cyber safe’. However, there are practical steps that organisations can take to become 'cyber safer':

Public Digital has recently helped the Local Government Association to develop a ‘cyber incident grab bag’, designed to support councils through the early stages of responding to a cyber incident. It’s highly relevant to any organisation, and can be a valuable tool for assessing your cyber readiness. We applaud the LGA for making this openly available. And we definitely recommend taking a look.
On our blog, Rob offers steps you can take to become cyber safer. He highlights the importance of being ready for cyber threats, no matter how strong your assurances are, developing a collaborative and outcome focused organisation culture, and tackling legacy technology and architecture to make sure you are as resilient as possible.

Building cyber resilience in large organisations (including government) is vital, but is also hard. The UK government faces a severe cyber threat, but, as MPs warned this month, is likely to miss its cyber resiliency targets.

The Cyber Security and Resilience Bill, presented last month, aims to address risks in the supply chain and increase the scope and powers of the ICO, including regulation of managed service providers like the one thought to have been the gateway for the M&S attack. These measures are needed. But as the barriers for threat actors become lower all the time, wholesale modernisation is critical to reducing overall risk.

Ways of working

💥 Cyber incidents are one of numerous potential threats to ‘business as usual’, but as Linda Essen-Möller writes in her piece on the need for chaos-testing, a crisis can be a catalyst for change: “Organisations that embrace disruption as an opportunity, rather than a threat, will be the ones that thrive in an era of continuous change”.

🏗️ Likewise, an organisation’s ability to weather a crisis comes down to its invisible infrastructure - defined by Topology co-founder Jen Briselli as “the relationships, conversations, and improvisations that shape how things really get done”. To strengthen that infrastructure, Richard McLean offers some practical tools to build trust in your team.

💵 Another lesson in resilience from our CTO James Stewart on the cost of change when it comes to switching technology providers, and why it’s helpful to think more broadly than the problem of vendor lock-in.

🌟 What makes a good outcome? Our Network Member Jamie Arnold offers a helpful explainer on outcomes and how to write them. Notably: make them human, and make them memorable. Plus, Steve Messer’s guiding principles for metrics, measures, and indicators lays out how metrics can enable outcomes, with a shrewd reminder that metrics are tools, not goals: “we don’t measure whether we’ve delivered a product or feature, we measure the impact it’s having.”

🙌 Read Kate Tarling’s excellent 12 principles for service organisations, divided into a) delivering better services and b) developing the conditions to deliver better services.

🧑‍💻 We love gov.uk design lead Kuba Bartwicki’s thoughts on what makes a good design team. The quality of ‘stupidly ambitious’ captures what we mean when we tell our clients to ‘be bold’. As Kuba writes, reimagining services “isn’t about tinkering at the edges or exclusively iterating on an existing way of doing things, but about trying new approaches”.

Technology in focus

😏 Klarna has rehired its customer service staff after claiming AI could replace them. It’s a high-profile turnaround that suggests the unfeasibility of full automation: As its CEO has emphasised, customers must have the option to speak to a human when needed. Similarly, the New York Times reports that, contrary to expectations, AI is not stealing radiologists’ jobs at the Mayo Clinic.

🎥 We’re fans of Channel 4’s AI principles. These are shaped by the broadcaster’s mission and values, and are specific and unique to the organisation. While organisations find their feet with new technologies, principles like these provide essential grounding.

🚗 Why do so many IT projects go so wrong? As this Economist piece explains, it’s the scale and unpredictability of change involved in technology transformation that often leads to dramatic overspending. Echoing a comparison we often use: “A new road does not require motorists to drive differently, but digitisation usually requires employees to alter how they work.” It’s why a test and learn approach, symbolised in the story of Universal Credit by the humble sticky note, offers the greatest chance of success.

🏘️ How community businesses can shape the future of tech, from Careful Industries. The report on how community businesses are engaging with digital and data highlights the role they can play - with greater investment - in shaping a fairer digital future.

Digital government

🇿🇦 South Africa has published its roadmap for digital transformation as part of a wider initiative to bring national reform. The roadmap - to be implemented by the newly established Digital Services Unit - features plans for a Digital Identity system as well as an emphasis on DPI investment. This year South Africa will be the first African nation to host the G20, which has had a strong digital government focus in recent years.

🤖 Why generative AI isn’t transforming government (yet), according to Tiago C Peixoto. The answer is complex, but Tiago points to a lack of task-specific implementation, suggesting the need for “careful task selection, technical validation, and adaptive governance.” On the subject, the UK Government’s “Humphrey” AI tool has been put to work. But governments should be wary of what they use AI for: This new AI-made peat map from Natural England has drawn criticism for its many inaccuracies.

🇵🇰 Interesting reading on the unintended consequences of digitalisation, as shown in this case study on the effects of digitalising land records in Punjab, Pakistan. As the roles of civil servants transformed, their changing behaviours had unforeseen impacts on other government functions like tax collection.

✨ “The centre has more to learn from the edges than the other way around”: James Plunkett makes the case for bottom-up reform of the relationship between neighbourhoods and central government. On a similar theme, Jon Hoeksma offers some compelling arguments against centralising IT in the NHS, emphasising the distance between central authorities and delivery, as well as the likelihood of big, high-risk contracts.

🧰 How the GOV.UK Forms team improved their review process by building their own system of “review apps”: A brilliant example of tailoring tools to fit the needs of the whole team, and of the value of multidisciplinary working and user-centred design in technical teams.

🚍 Finally, in a novel approach to user-centred design, Shanghai has launched a transit platform allowing commuters to design their own bus routes.

Something fun

Perhaps it doesn’t get more fun than LegoGPT, an open-source generative AI developed by researchers at Carnegie Mellon University, which takes a text-based prompt and generates a Lego structure.