Impatient governments eager to push out new online services are the biggest risk to their own security, according to Peter Major, IT security manager for InTACT, the ACT Government's shared IT services provider.
(Credit: International Quality
and Productivity Centre)
In an interview conducted by the International Quality and Productivity Centre, ahead of its e-Security Government forum in September, Major said the rush to get new services out to the public often left governments open to security risks.
"What happens is they want to deliver services yesterday — everything has to happen; they get a new initiative, they get a new budget imperative, and they want to deliver the services as effectively and efficiently to the market as they can," he said. "Unfortunately with change happening so fast, you tend to lose the rigour of how change control happens and websites of importance become available too quickly."
"An instance of this was going back many years now, when they tried to launch their ABN Tax Number type set-up in the [Australian Taxation Office] — that was a very, very short spanned project and ... it ended up as a sacrifice in security to get the outcome and they paid the penalty," he said.
Major said a rigorous governance approach should be taken for all developments and all delivery of e-government and e-business.
"It may delay things, but that delay can actually save you a lot of time and a lot of money in the future."
Major said government and industry had developed good security precautions but echoed a House Committee report released earlier this week that said there was not enough public education into cybercrime risks.
"What we're not doing is investing in the community. We can see many incidents where e-security and cybercrime and cyber attacks are not hitting the governments and not hitting the business sectors, they're actually hitting the end-user," Major said. "We're not teaching the end-user how to use their equipment safely, which then, in turn, removes a number of attack points that an educated assailant can use against government and industry."
"You have to spend more, and I mean more, on our kids and on the public, get them aware that that PC they have at home has more processing power than the average mainframe had a few years ago."
Major remained optimistic that the next generation of users would be better equipped to prevent cybercrime.
"The kids are going to come along and they will know how to keep their PCs at home robust and secure and they'll have security on their mind," he said.
Major said Gen Y will know how to install antivirus software and keep their firewalls up-to-date "once they get past their Facebook and Twitter phase".