National security

With cyber-crime on the rise, we look at how governments can protect their e-services and market that protection.

  • E-Mail
By  Brid-Aine Conway Published  October 21, 2007

What is important for e-governments securing their services, is to making sure that their users are aware that they are secure. In any project, it is the uptake of the service that is the mark of success, and if a service cannot lure users, it cannot succeed, regardless of its technical capabilities. With cyber-crime moving up in the public agenda, e-governments and security providers need to market and publicise the protection of those services.

"We appreciate the need to educate and create awareness amongst the masses regarding not only the new services that are being made available but also to ensure that they are aware of the steps being undertaken for ensuring the privacy and security of their data," Al Qaed states, adding that a comprehensive PR and marketing strategy is in place in the Kingdom of Bahrain.

Once you have access to that data, you can get into personal records, financial records, there’s just no end to it.

Many security specialists, including Khan of McAfee, feel that the way to reassure end-users is by compliance to international standards.

"What e-governments need to do is get themselves certified in terms of international standards, get themselves compliant to all these standards, do assessments from well-reputed auditors and then go and market these out to the world outside through media and through other means. They need to map the people, process and technology and prove to the people that they have a good framework in place. They also need to back it up with some kind of evidence that that framework has been audited and checked by international security standards and organisations," he asserts.

Some specialists feel that, in an ideological way, governments have a stronger responsibility to their end-users than those who are looking at services in terms of profit and loss, and that therefore their requirements should be more stringent. As well as compliance to international standards, many recommend laws that should govern the release of information about e-government breaches, although within reason. Oracle's Eisen believes that where governmental or national security is an issue, transparency is at the government's discretion and Juniper's Abdul Malak agrees.

"I think it's a balance. In today's world, when it comes to the side that impacts the security of the country, I think it's really going to be for the government to deal with the way they perceive to be appropriate. Definitely giving some awareness out and some information out and marketing some statistics is important because you can fight some of those events and actions by sharing some of those statistics," Abdul Malak says.

Eisen recommends that governments retain other channels through which the population can access services.

"While I'm a huge proponent of e-government, I definitely think it's a mistake to use that as the only channel by which you can deliver services to citizens. First of all, access to the public web is still not as ubiquitous as we might think and second, there's still a varying level of risk associated with many of these applications, so I think it's extremely important to have multiple channels for service delivery," he says.

Another recommendation from Abdul Malak is that governments have a central body of information, rather than replicating databases across different e-services. A central database is efficient and cost-effective, but it is also much easier to protect against penetration.

"There should be at least one unified platform for governments and that could be the main or the core e-government that provides services, especially when it comes to data and the bank of information, because you don't want to replicate," he adds.

Steve Grey is the Middle East regional manager at Websense, which works in internet security. He says that because e-government is such a recent development, there are more doubts in users about its security.

"People tend to feel that they're probably more secure with their bank - they tend to feel that their bank has got the pedigree and the systems in place to manage the security effectively. Whereas e-government services, not just in the Middle East but around the world, are quite a new area and governments are having to research and identify suitable solutions to protect them," he says.

Most specialists agree that more needs to be done to promote awareness in target users. Both Eisen and Abdul Malak believe that one of the ways to achieve this goal is through strong government leadership of these projects.

"You need to have a government leadership that can sponsor the project and take it forward. You need to talk about the go-to-market strategy, how do you take small successes and applications that you do quickly and take them outside and expose them so that you start to build support for the services in order to ensure adaptation by the users," asserts Abdul Malak.

Eisen adds, "Clearly, there's a whole series of fantastic technologies that really should provide a citizen that's knowledgeable about those technologies with a degree of confidence about, for example, registering with these websites. But I would argue that most citizens would not be knowledgeable about these technologies. I think ultimately it's about the strength and the confidence of the government support for the initiative in the first instance."

Symantec's Chantzos sums up: "When it comes to awareness, all of us can do more. Because awareness is a constantly moving target, it's not something which one is going to be able to get from one day to the other."

He feels that as long as e-government is a new initiative, awareness is something that will be continue to be important for everyone that is involved.

"There's a question of educating the organisation itself which is going to be using the technology to provide the service, there's a question of educating the organisation about the security limitations and there's a question of educating the users about the security limitations and about the service which is going to be provided. And there's also an additional challenge - that of the user at the very beginning of using that service and of being convinced to use the service," he says.

However, as e-government services become more widely available, and the numbers of users increase, the need for awareness is unlikely to decrease. It is technology that makes all of these services possible, but those same technologies are available to the criminals who want to penetrate the security in place. When it comes to staying ahead of those criminals, Abdul Malak observes that there are new technologies all the time and some will offer not just protection, but predictability and prevention capabilities.

Nevertheless, he acknowledges what all those who try to prevent crime know: "It is a race."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code