Credit: MasterTux/Pixabay

The government is to launch a research project that aims to better understand vulnerabilities across the cloud computing sector, and how outages could impact the country’s finances and way of life.

A supplier with a “good understanding of digital infrastructure” is being sought to deliver the project, on behalf of the Department for Digital, Culture, Media and Sport. Once work begins next month, the chosen firm will be asked to “research critical systems and dependencies of the UK data-processing and storage infrastructure sector and to inform estimates of the financial and commercial impact of outages”.

“DCMS is seeking to better understand the data infrastructure sector in terms of key vulnerabilities, and the impact of risks materialising,” the department said, in a contract notice. “We must understand dependencies between the interconnected systems that comprise the sector, any direct dependencies on other sectors, and the features on paper and in practice of dependency chains.”

Reaching an understanding of these systems will enable the department’s policymakers “to more accurately and clearly determine what should be [considered] critical national infrastructure, effectively plan how impacts and scenarios can be managed, and evidence whether [government] interventions would be value for money – by comparing the potential cost of a risk materialising against the cost of a proposed mitigation”.

The infrastructure to be examined will be that which is used to support “large-scale data storage and processing services” on behalf of external organisations, such as businesses and public bodies. This will include physical and virtual environments owned or run by datacentre operators or cloud services providers – such as Amazon Web Services, Google, and Microsoft. 

Related content

• Home Office keeps 250 sets of applications in AWS or Azure
• HMRC renegotiates £94m AWS deal
• Government agrees cross-public sector deal with Google Cloud

The research programme, which will last up to four months and is supported by a budget of up tp £120,000, will first aim to determine which systems can be considered to be of critical importance “in terms of significant impact on the UK economy, way of life, essential services, public safety and/or national security”.

The project will then consider where these depend on or otherwise interact with other systems and sectors, and how the network achieves redundancy – the process by which a network uses alternative connections or routes if one part of it goes down.

The final stages of the desk- and interview-based research will include attempts to provide a “high-level” estimate for the potential cost of outages, including both raw monetary cost and commercial impact. The supplier will also be tasked with informing DCMS of any instances where it is the information sought does not exist or cannot be found, or would need significantly more time to uncover.

The department intends that the project will “produce data and insight to inform national policy”. The findings will support the work of DCMS officials, as well as those at the GCHQ-based National Cyber Security Centre, and the Centre for the Protection of National Infrastructure, whose work is overseen by MI5.

The contract notice said that previous research on the UK’s data infrastructure landscape has failed to capture certain information and that “understanding of dependencies remains limited”.

Bids for the work are open until midnight on 4 November.

The project takes place against the backdrop of an investigation by Ofcom that aims to discover whether the ongoing dominance of the cloud market’s three major players is “working well for consumers and businesses”.

Between them, the trio account for more £4 in every £5 spent on public-cloud services in the UK, with AWS accounting for 41% of the market, ahead of Microsoft on 25% and Google on 16%.

This means that, in 2021, all other suppliers held a collective market share of just 19% – a figure which has fallen from 30% since 2018, according to data from Synergy Research Group cited by Ofcom.