Government faces serious IT security threats
(CNS): The auditor general has lifted the lid on a warning made to government some three years ago that it was facing serious risks to its security due to a catalogue problems. One of a number of reports the auditor managed to complete and pass on to legislators ahead of his departure, Alastair Swarbrick’s latest report on the risks to governments IT reveals that problems identified in 2012 have not been addressed and the situation is even worse. Government is not doing enough to protect its systems and information from the risks and threats of cyber-attack, he said.
Following up on the 2012 audit this year on the poor state of IT security, Swarbrick said, “Progress has been too slow in addressing the concerns raised some three years ago and the opportunity for significant damage to government operations and its reputation should mean that significantly more action is needed.”
With government planning to provide more services online with its e-government initiative, Swarbrick said it was increasingly important for government to protect its assets but so far government has not been doing enough.
In a press briefing on Wednesday he confirmed that the team was able to penetrate and breach the government system, and while he did not wish to go into detail, serious breaches have already occurred.
He explained that the report was not made public before to give government the chance to tackle the problem but after it failed to take action, as revealed in this year’s review, Swarbrick said he was obliged to make this latest report public.
Despite doing nothing for three years, government has now said it is dealing with the problems. In tandem with the release of Swarbrick’s report, the premier’s ministry, which is responsible for governments IT, issued a statement.
The Home Affairs Ministry said it and the Computer Services Department (CSD) have embraced the report and were already addressing issues before receiving the final report.
“Cybersecurity is arguably the biggest threat facing governments, businesses and individuals around the world,” officials said. “Our dependence on technology and the high rate of change in IT systems creates vulnerabilities that put governments, businesses and individuals at increased risks.”
The ministry said the security flaws discovered by the auditor general were “unacceptable” and additional security examinations had been commissioned.
“The collective findings point to issues that are systemic and best addressed through improvements in governance, leadership, processes and procedures along with the appropriate technology,” the ministry stated.
Listing what it has already done, the ministry said it had engaged security consultants and hired a senior IT security administrator, which the auditor had revealed was a job that had remained vacant for more than two years. Training in IT security is now part of the Project Future initiative and the issue has become a priority.
“IT infrastructure found to pose a security risk has been replaced at a cost of $698,551,” the ministry said, noting that the degradation of CSD’s capabilities was due to the budget cuts.
The chief officer in the ministry, Eric Bush, said that much work remains and the worldwide focus on cyber security risks has elevated the issue here as well.
“We continue to work on building defensive IT systems, along with improving systems and processes to minimise cyber risks, increase resilience and speed recovery from cyber-attacks,” he said.
The audit gives cause for alarm as government is planning to use technology to cut the cost and increase the efficiency of its service delivery. Swarbrick warned of monetary repercussions as the systems are not robust enough and the systems that they were able to look at were easy to breach.
However, he said that following this report government was now responding and taking his findings seriously and the necessary resources have been allocated, as he agreed that the problem was down to a lack of investment. Swarbrick warned this would not be a quick fix but he hoped the e-government initiative would be a driving factor.
Category: Government oversight, Politics
Anyone remember the days when the Information Technology Strategy Unit (ITSU) was in operation? Anyone remember what it did??
just sayin’…
Given how many forms I have had to fill out on carbon copy paper and the money wasted on having documents needlessly notarized I am surprised to learn that the civil service has any computers at all. I thought they all operated on a strict late 19th century filing model.
Is this going to be a job for the Security Centre? The known factors are in place for this to be awarded a contract or sub contract to them. Can CNS find out if this is being considered?
Computer services should be outsourced to a reliable Secure source. Data for all departments should remain secure and not under the eye of a person who had their rights to work taken away.
This sounds like a pre release to prime the general public prior to the awarding of another big fat contract to the Security Centre. Wait for it…
They have computers and systems and Internet? Why do we need to go line up for everything, waste precious hours doing so and create more traffic and vehicle pollution? If we had decent systems this could be a much better place, however then 3000 people would have no work to do. And therein lies the problem. Or does it? Most of them don’t work anyway.
It is a “make jobs” programme. Entirely different from a “make work” system. So your solution poses no problems.
It is a known fact that 92% of civil service passwords are “Donuts”.
The other 8% use “chickenwings”.
Mr. Eric, please look into an advanced technology that the govt can purchase to watch over all of its computers so that hackers who break in and access any keyboard can be identified and prosecuted. I understand that cctv systems are available for this type of thing and can be purchased from a local supplier. Also you should consider hiring private security guards with experience in monitoring desktop monitors and place them in all govt offices. Lastly, you could order some remotely operated drones to fly outside the govt offices and look in through the windows at night to make sure hackers are not trying to get in. Thank you.
@8:02 – the nuances of this email are fantastic!!!
However due to failure to back up the new infrastructure it has now been lost and is unrecoverable.
Yup. Unrecoverable disks are a very good security strategy…..especially guarding against those pesky FOI fanatic hackers.