For government’s recently appointed chief technology officer David Knott, his new job is something of a homecoming. Over the course of a career that started in 1986, Knott has worked for a number of the world’s biggest financial services providers, consultancies, and tech firms. But it all began in an office in his home town of Southend where, after completing his A-levels, he got a job writing code for mainframe computers operated by what was then known as HM Customs and Excise.
Returning to government after 35 years, Knott says that he was pleased to find the sleek east London headquarters of the Central Digital and Data Office are a significant upgrade on his previous civil service digs – in which much of the furniture appeared to be twice as old as him.
But, even after such a long time away, some things about working in government have not changed.
“The thing that is recognisable is the very strong sense of values: people do civil service jobs because they want to make a contribution, and they have a strong sense of the purpose and mission of what they’re doing,” he says. “I saw that when I was doing my job years and years ago – when I was a very small part of a cog in the Customs and Excise wheel, helping produce the tariffs that went out to ports. Decades later – in a very different role, at a different level – I still see people whose reason to be here is to align to those values, and deliver their particular mission or purpose. That’s the same.”
Knott’s new posting in the civil service is a government-wide role at the head of a team of 40 people that sits within CDDO, the Cabinet Office unit created in 2021 – as a sister agency of the Government Digital Service – to take on leadership of the digital, data and technology function, as well as set cross-government strategy and standards and oversee their implementation.
The role of the CTO’s team is to work from the centre to foster a collective approach to some of government’s biggest technological challenges and priorities – including tackling legacy IT, implementing secure-by-design approaches, and getting the most out of emerging tech, such as artificial intelligence.
As well as leading his team, Knott will also chair the Chief Technology Officer Council, which convenes IT leaders from various departments and reflects the kind of cooperative approach he wants to pursue more broadly.
“The key thing here is that we’re not going to try and do anything in isolation,” he says. “Everything we do is in collaboration with my counterparts in departments and other organisations, where we’ll strive to collaborate on figuring out what the right answer is, and then how to adopt that across government.”
A lasting legacy
CDDO last year created a framework for assessing the risks of legacy IT systems in use across government and the guidelines have since been used to identify 153 key assets that are priorities for remedial work. Departments will be supported in tackling these ageing systems and reducing cyber vulnerabilities by a cross-government funding package of £2.6bn announced in the three-year spending review of 2021.
Addressing the prevalence of legacy tech is perhaps the most striking challenge facing the new government CTO. But it is not an unfamiliar one for someone whose career to date has been largely comprised of roles at major corporations.
“The number one thing I’ll say is the problem is not unique,” Knott says. “Most enterprises who’ve been operating technology for more than a decade or two have legacy – today’s release is tomorrow’s legacy. I don’t think the legacy challenge within government is any more daunting than what I’ve seen in the private sector.”
He adds: “There are multiple approaches to fixing legacy; one is the sticking-plaster approach, where you just bring things up to [date] and remediate immediate risk – which can be absolutely essential, but doesn’t actually tend to change very much in terms of the quality of service being delivered to end users. A more transformational approach can combine both improvements in the quality of service and remediating risk from underlying infrastructure. I’ve been a big advocate for some time of the public cloud, and I think one of the attractions is it helps people address legacy infrastructure challenges.”
Knott’s comments were made a few days before the CDDO issued a revamped version of government’s long-standing “Cloud First” policy.
The updated guidance represents the biggest overhaul of the guidelines in their 10-year existence, including the introduction of nine core “cloud principles”. The central tenets of the policy have also been strengthened, with departments now instructed that they must “default to public cloud first, using other solutions only where this is not possible”, and that those “who do not deploy in public cloud should ensure they can evidence the decision, business case and value for money behind their choice”.
Additional encouragement to consider a variety of potential suppliers is also included, with public bodies advised that they “should always challenge themselves on the selection of a specific vendor… and government wants to be users of a range of vendors”.
With the civil service cloud landscape having seemingly become increasingly dominated by Amazon Web Services in recent years, could a greater diversity of suppliers benefit government?
“My personal perspective – and I’m still figuring this out… but, in the finance sector, having a thoughtful multi-cloud strategy was pretty much standard across the industry,” he says. “Partly for reasons of competition, but also reasons of resilience as well.”
Knott adds that he and his team would give consideration to the question of “what’s the right multi-cloud strategy for government”.
This will include examination through “two lenses” – addressing both “what’s the right diversity of supply and deployment for a department… [and] what’s the right ecosystem across government”.
With plenty of infrastructure yet to make the move to cloud, the government CTO indicates that there should be plenty of opportunity for a variety of players to work with departments.
“There’s plenty for everybody in the stuff that’s not claimed yet,” he says. “And I think there’s room for all the industry players to have some kind of meaningful role.”
Knott adds that the progress of cloud migration in government compares favourably with other sectors characterised by large, complex organisations – including the financial services world in which he has spent much of his career.
Large departments have now typically moved 15% or more of their systems to a cloud environment, according to the tech leader.
“One of the things I have seen and have been impressed with in government is actually the pace of cloud adoption,” he said. “But the general feeling is we could still go faster.”
Complementing work to update computing infrastructure, the CTO’s team also has a key role in the transformation of front-end citizen services by supporting the use of secure-by-design approaches, in which cyber resilience is embedded throughout the development process.
The CDDO recently published a set of 10 principles that embody such approaches, including maxims such as “design flexible architectures”, “minimise the attack surface”, and “build and embed continuous assurance”.
The implementation of secure-by-design is currently in its early stages and will focus initially on new services, Knott says, but may be used for existing tools as this work develops.
“We are working with different departments to pilot the approach, and there will be a feedback loop of improving and iterating as we go forward. And, as that feedback loop progresses, one thing we will look at is: how do we retrospectively apply this? My instinct is that... if a department is making major changes to an existing system, then that’s a good candidate for applying these standards. I think the thing we haven’t addressed yet is how it could be fitted retrospectively to applications that might not have any major change coming.”
In fulfilling his horizon-scanning remit for emerging technologies, it is perhaps unsurprising that Knott says his primary focus in the near-term is likely to be on generative AI – a category which includes the likes of large language models Google Bard and the ChatGPT platform from OpenAI.
The technology is also the subject of new guidelines for use by civil servants, released by the Cabinet Office shortly after this interview takes place.
The advice sets clear restrictions on using generative AI for any work that involves personal data or classified information, as well as instructing officials that using the technology “to write a paper regarding a change to an existing policy position… is not an appropriate use of publicly available tools such as ChatGPT or Google Bard”.
But the guidance adds that “with appropriate care and consideration, generative AI can be helpful and assist with your work”.
“You are encouraged to be curious about these new technologies, expand your understanding of how they can be used and how they work, and use them within the parameters set out within this guidance,” the document says. “For all new technologies, we must be both aware of risks, but alive to the opportunities they offer us.”
Knott says that it is too early to speculate on potential specific use cases, but says his team “will be looking at all the usual questions about something as early in its maturity cycle as generative AI”.
He adds that these include:“What does it mean for us? How do we use it responsibly and effectively? Where are there going to be actual practical use cases and benefits? Who do we partner with? What capabilities and skills do we need?”
1989 Year that Knott began his career as a computer programmer in the-then HM Customs and Excise
2013 Year of introduction of Cloud First guidance – which now instructs departments to use public cloud unless it is ‘not possible’
40 Number of people in the government CTO’s team
153 Number of legacy assets across government identified as priorities for remediation
10 Number of Secure by Design principles departments are encouraged to adopt
Productive work
Asked what he would like to achieve during his first year in the job, Knott says that he wants to foster an iterative approach of “product-style thinking” for the guidance, standards and policies issued by CDDO to departments.
“Which means having all the things you’d associate with a product lifecycle, [such as] a really strong connection with the people who consume them; and a really strong feedback loop, and I would love those products to be valued and respected,” he says. “Right now, I think a lot of the things we have published are good guidance for how civil servants should deploy and use technology. But bringing that together as a coherent product set is one thing I’d like to achieve over the next 12 months, alongside configuring the team so that we are doing everything that goes with being that kind of very internal customer-oriented, and citizen-oriented product organisation.”
Knott adds: “I would also like that team to be seen as a place where people would like to be – whether they come from industry or come from other parts of government, and also a place where spending time in the team will be an accelerator to their career and give them experiences they couldn’t get elsewhere.”
The government tech chief’s experiences may have led him back to where he started almost 40 years ago. But he concludes our conversation with an assertion that his energy and motivation remains undimmed.
“One of the things I want to bring to this role is enthusiasm and curiosity about technology,” he says. “There are a lot of people out there who rely on technology that, as technologists, we have a duty to explain – and we have not necessarily done a great job in explaining it to date. Part of our job should be making this stuff firstly approachable and accessible. And then, if we can do that, maybe we can generate some of that excitement and curiosity that we as technologists feel.”
Sam Trendall is editor of PublicTechnology