• Home
• Analysis
• Policy
• Central Government
• Local Government
• Healthcare
• Education
• Digital Inclusion
• Technology
• Security

Central Government, Security

'Govt 2.0 should come with health warning'

By Robin Hicks | 23 October 2009

Governments need to be more wary of the security risks posed by the consumerisation of the internet and the changing working habits of the public sector work force. So senior executives at global cyber security firms have warned civil servants in interviews with FutureGov.

The use of web-based email accounts by governments such as India, Indonesia and Australia, and the rising popularity of social networks as internal and external communication tools, is more widely exposing governments to cyber crime, according to Art Gilliland, Vice President of Product Management, Enterprise Security Group, Symantec, one of the world’s largest information security firms.

“More consumer technology is entering the government work space, which is giving cyber criminals more opportunity to steal government information,” said Gilliland.

Jonathan Andresen is Director, Product & Solution Marketing, Asia Pacific, at Blue Coat, another large information security vendor. He says that it is alarmingly easy for web criminals to scan behind a users’ Facebook or Mixi page to steal personal data and then sell it on the underground market.

“Should government staff be allowed to use Facebook at work?” Andresen questions. “Policy makers need to put more thought into when and how platforms like Facebook and Friendster are used.”

Andresen says that while blocking social networks would be a step too far, civil servants should not be allowed to upload or download any content from these sites during the working day. This, he says, would limit government’s exposure to cyber criminals who now populate social networks in ever larger numbers.

Gilliland points out that while the global economic downturn has caused the security portion of government IT budgets to - in most cases - fall or stay flat, the downturn has had the opposite effect on the economic might of cyber crime organisations.

Cyber crime is now a bigger industry than the global drug trade, with annual revenues estimated to have reached US$1 trillion, up from US$600 billion in 2007, according to the United States Department of the Treasury.

“The primary vector for crime is now the internet. Traditional criminals have moved from the physical to the virtual world, which is where the money is,” said Gilliland.

The latest tactic in the evolution of cyber crime is, according to Symantec, “scareware” – software that ‘pretends’ to be legitimate software, playing on the fears of users. This is currently more of a worry for citizens than governments, says Gilliland. But the increasing use of the “recreational web” by government employees is playing into the cyber criminals hands, he warns.

The increasing mobility of government work forces poses further information security risks, notes Andresen. Not only from the use of USB devices, of which six billion are in circulation globally, but also from internet radio and the web-based telephony service Skype, which enables users to use web cams, chat and download information.

“Governments need to think more seriously about policies that factor in the rising mobility of their work forces. More information is moving from the office to the home, which calls for a different approach to security,” he says.

---