E-govt services on intranet 'tricky'

It will be "tricky" to shift e-government services to locally-hosted intranets as both residents and overseas citizens would find it difficult to access these sites, which would defeat the purpose of having these services online. Governments should instead focus on other methods of securing these Web sites from cyberattacks, observers urge.

Ngair Teow Hin, CEO of SecureAge Technology, told ZDNet Asia that it is possible for a country to put its e-government services on the intranet if it is really serious about it. However, this will be done at the expense of accessibility, which will be "greatly curtailed and limited" to end-users who have access to the intranet.

It will not be easy for these governments to provide global Web resources such as Google Map or its search engine function too. "More importantly, the citizens may lose their ability to communicate with others in the world," Ngair said.

Paul Ducklin, head of technology for Asia-Pacific at Sophos, said it will be "tricky" for a country to go from a fairly free and open Internet to a separate network limited to its residents and citizens. This problem is amplified when the country has a large diaspora of citizens working abroad, or with a vibrant foreign community locally, he added.

Ducklin said: "Think, for example, of how many Australian expats there are working in, say, Singapore, and how many Singaporeans in Australia. Each group would need, or at least benefit from, access to their host country's e-government services to pay taxes but they also want access to their home country's services to register for elections, for example."

Malaysia-based Web user Dorothy Chang said she does not want her country to host its e-government services on a special intranet because of the inconvenience. However, if the Intranet service is provided for free, she is willing to give it a try.

Their comments come after the Iranian government said in early August it was taking its e-government services offline as sensitive intelligence was vulnerable on the public Internet. It said it will move key ministries and state bodies onto a "national intelligence network" which it hopes to develop into a national intranet.

Asked if the Singapore government has similar plans, an Infocomm Development Authority of Singapore (IDA) spokesperson simply said: "Singapore e-government services are made available on the Internet to enable convenient access by the public."

Other ways of securing data
The security players noted there are ways to keep information secure without moving e-government services to a domestic Intranet.

Ducklin said it is much better for the country to come up with systems that are secure despite being connected to the world at large, rather than build a smaller version of the Internet on a domestic level.

Technologies such as Web application hardening, Web application firewalls, two-factor authentication, secure development methodologies, and application control are examples of IT security tools governments can use to safeguard sensitive information from cybercriminals, he noted.

Ngair added that e-government services servers should be limited in their access to critical and highly-sensitive information so that in the event these are compromised, the damage can still be contained.

There is a use case for dedicated intranets though, he noted. For networks such as those used by the military, a separate intranet is usually set up to support internal services and end-user machines to protect the system against malicious attacks and content from the Internet, he explained.