Digital governments will prove transformative for planning and delivering services to citizens.
However, the massive amount of data being captured, stored, analysed, and managed poses significant concerns for security and privacy.
Essentially, digital government is the outcome of a gradual process that is moving government information and services online.
The government provides a platform for citizens to access and use these services, via the cloud, from mobile devices, when and where their citizens want to use them, in a truly transformative way - this global trend is being actively pursued by governments all around the world, New Zealand included.
“The global trend towards digitising government is gaining pace because of the speed at which new technology is being developed,” says David Jarvis, National Practice Lead, UXC Saltbush.
“It offers great benefits to governments such as costs savings, increased efficiency, more effective planning and policy development, better integration of services, and a more personalised approach.
“For citizens, digital government enables self-empowerment and self-servicing. It also lets governments accurately measure and analyse a multitude of dimensions regarding their resources and their citizenry.
“These types of measures will mean more accurate forecasting and, in turn, let governments create more effective policies and provide smart services that address citizens’ needs.”
Jarvis believes these developments will prove transformative, but the large-scale capture, management, and storage of significant amounts of personal and private data about citizens poses some incredibly difficult questions regarding privacy and security.
“As individuals become increasingly virtualised, the potential and implications for the misuse of their data becomes more realm” he adds.
“Keeping the balance between possible risks and benefits to citizens, while executing effective government policy and providing services will be no mean feat: it could prove a stumbling block for digital government.”
Jarvis says citizens already expect a certain level of service based on their existing digital interactions with private businesses, and they bring those expectations to their interactions with government.
“But in the process of moving to digital services, government needs to provide solutions that go above and beyond the boundaries of traditional systems,” he adds.
Going forward, Jarvis outlines five security and privacy must-dos for digital government:
1. Prioritise and use patch management to ensure that applications and operating systems are kept up to date, and apply patches as they become available.
Zero-day threats are not the only concern; many exploits occur in the wild against known vulnerabilities after a patch has become available. Know your technology stack and insist on transparency from providers with regard to underlying technology, including mobile applications.
2. Enforce application whitelisting. It’s much easier to manage a limited set of applications than to chase a moving or unknown target.
Limit privilege and functionality to the task at hand by minimising administrator privileges to ensure that, even if a compromise occurs, the possible damage to systems and data integrity will be limited.
3. Have strong and transparent data collection policies, and enforce them. Limit the data collected only to what is necessary for the system to function.
It is also important to understand the value of data and assets. Use classifications according to sensitivity and prioritise security investments according to classification.
4. Use good information about network behaviour to be aware of possible issues highlighted by anomalies, and about current threats from the wild to ensure appropriate monitoring and preventative measures are taken.
5. Make security and privacy a consideration in the development of every new digital process. Even as systems and solutions mature to being outsourced the responsibility remains with government to ensure that solutions are designed with security in mind.
“It’s important to remember in all this that security is an iterative and infinite process,” Jarvis adds.
“Government policies must continue to be tested regularly against changing real-world conditions.”