|
|
|
SEVEN SECURITY THREATS GOVERNMENTS FACE
|
One of the most notable keynotes delivered on
Tuesday at SITA GovTech 2009, was that of Dan Lohrmann, chief
technology officer and director of Infrastructure Services,
Michigan Department of Information Technology, which focused on
securing government in a digital world.
 IGlobally,
cyber security threats have risen sharply over the past few
years, with recent local headlines, such as Symantec's concern
about the expected increase of cybercrime during the 2010 FIFA
World Cup dominating the news. Moreover, a recent online
security web site reported that cyber crooks stung the South
African government for 13 million pounds.
The needs of citizens are also changing, he argued. Social
networking tools, such as Facebook, Twitter, YouTube, MySpace
and Second Life, for example, have changed the way citizens
interact with government. However, these volatile technologies
demand that users have to be more vigilant than ever when they
interact online.
Governments, he says, are changing too. There has been a rapid
increase in data sharing and data mining, as well as sharing of
government infrastructures across departments via broadband
access. Other issues, such as data consolidation, government
online, as well as public-private partnerships, all demand
stringent security measures.
At the keynote, Lohrmann's questions to the audience via the
conference's interactive mobile polling devices revealed some
interesting results. Those who participated felt that security
staff at their organisations, although highly skilled, tend to
delay key projects and don't add much value to their companies.
Additionally, hacking and malicious damage by disgruntled
employees were also top of mind for the audience.
For government, Lohrmann said the stakes are high. There is a
need to instill public confidence in its ability to deliver
services, as well as increase productivity as a result of online
investments. Other issues he touched on included the security of
confidential data and data integrity to ensure that it is not
tampered with. "No wonder," he added, "governments must get a
reality check about their security."
He highlighted seven trends in the security arena that everyone
should be aware of.
| 1. |
Organised cybercrime is
exploding globally, with hackers becoming more and more
professional and using sophisticated techniques to remain
undetected while they steal information, such as credit card
and financial data, which are hot commodities in the
underground economy. Cyber criminals are highly skilled and
have adequate resources in place, such as compromised
computers all over the world that form bot networks or rogue
servers to attack, while they remain untraceable. On the
flip-side of the coin, governments do not have the skills,
resources and understanding about the very scope of these
cyber threats. |
| 2. |
Adding fuel to the fire is that
of continued government budget cuts where everyone has to do
more for less, said Lohrmann. He mentioned that the state of
Michigan cut $100 million last year, which translated to
approximately 20 percent of its overall budget in the last
three years. The impact of tight budgets on information
technology (IT) security directly affects governments'
ability to protect themselves. As a result of the decreased
spend, technology refresh lifecycles now stretch over
periods of four to five years, versus the two to three years
they were in the past. So why is security such a hard sell?
Lohrmann said companies have to consider a politican's
view.... Where do they cut? Human resources, education, IT,
security? Additionally, return on investment is hard to
prove. Executive buy-in is also not high and most
organisations find it difficult to present a solid case for
robust security, Lohrmann noted. |
| 3. |
Securing portable devices, such
as PDAs, phones, flash media etc, is another trend that is
sweeping the globe, as data is vulnerable when outside of
the firewall perimeter and as such becomes frequent targets
of online crime. These devices are merging and morphing into
mini-computers and have the ability to attach to unprotected
government networks via wireless. Unfortunately, security is
often an afterthought at best. Configuration control, asset
management and other traditional principles of security are
also difficult to enforce on these devices. To make matters
worse, many devices are either lost, stolen or simply thrown
away. |
| 4. |
Malware attacks via loopholes
in unpatched operating systems, which are performed by
trojans, viruses or hackers, are difficult to detect and
there is no immediate fix or recourse once a network has
been compromised. |
| 5. |
Protecting critical
infrastructure assets is a real priority in all government
industry verticals today. These include energy, agriculture
and food, banking and finance, communications, defense,
industry, IT, national monuments, transport systems, as well
as water affairs. What makes matters worse, he said, is that
state-sponsored hacking is growing. There is a need within
government agencies to test security plans through regular
risk assessments. |
| 6. |
Globally, security experts are
calling for national and international co-operation to fend
off, detect and prosecute cybercriminals, by building
partnerships and collaboration as a growing approach to ICT
security. |
| 7. |
Changing culture through
security training is the number one challenge for all
government organisations, Lohrmann added. People are the
weakest link in the security chain, yet everything hinges on
the human element. Overall, security depends on people,
processes and technology. Sometimes it takes a massive jolt,
such as 9/11, and massive data breaches for organisations to
come to the party, he concluded. |
|
|
|
|
