DWP blocked 28,500 non-UK attempts to access Universal Credit in three months

The department denies that there was anything suspicious about the activity

The Department for Work and Pensions (DWP) blocked more than 28,000 attempted visits from 36 different countries to the Universal Credit online service in the last three months.

According to the government's latest update to its cyber security strategy, the department has been working with GCHQ to counter fraud in the provision of its digital services.

However, a spokesperson for the department told Computerworld UK that the attempts to access Universal Credit were merely a result of international interest in DWP's flagship welfare reform project.

"Interest in Universal Credit from overseas is inevitable due to the high profile nature of this reform and the global nature of the internet. We don't believe that the visits from overseas represent fraudulent attempts to access the site, but we have the necessary counter fraud measures in place to keep the site secure - which we are continually improving," she said.

"The UC site has so far proved resilient to cyber based threats, but we're not complacent and work tirelessly to make it as robust as possible against attacks."

Work and pensions secretary of state Iain Duncan Smith (IDS) has previously said that there has been no fraud or error in the phased introduction of Universal Credit, but the project is still in its early stages with only a few thousand people claiming.

Universal Credit aims to merge benefits such as jobseeker's allowance, income support, housing benefit, child tax credit and working credit. The IT system supporting it will require real-time data on the earnings of every adult, from a new Pay as You Earn (PAYE) system being developed by HM Revenue & Customs (HMRC).

DWP plans to spend £2.4 billion to implement Universal Credit up to April 2023 and has spent £425 million up to April 2013. Most spending so far (£303 million) has been on contracts for designing and developing IT systems. However, to date there have been a number of suspected problems with delivery.

Duncan Smith recently told MPs on a select committee that he is in control of the project and that there is "no debacle". However, he admitted that the department has had to write off, or 'impair', £40.1 million worth of IT assets to date - nearly a fifth more than the £34 million figure revealed to the National Audit Office earlier this year.

Moreover, this figure could increase: "If anything goes wrong going forward, that [figure] might be different," said Duncan Smith.

Universal Credit consists of £152 million worth of intangible assets, with £34 million of this to be used as software code in the final digital version.

The remaining IT assets will now also be written off over a five-year period, as opposed to the 15-year period that the department had originally planned.

Join the CSO newsletter!

Error: Please check your email address.

Tags securityDepartment for Work and Pensionspublic sectorGCHQ

More about GCHQNational Audit Office

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek du Preez

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts