Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
19 March 2007  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp.Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

Enabling trustworthy e-Government

The delivery of e-Government is moving towards a task-oriented, Web services paradigm

E-Government is commonly referred to as the use of information technology to enhance access to and delivery of government services to citizens, businesses, and governments, including government employees. E-government encompasses everything that a government provides—from security to economic development and education to healthcare. The consumers of these services expect that these services will be provided in an efficient and secure manner at all times.

The delivery of e-Government has also evolved from traditional, organisation-oriented computerisation to the use of Internet or Web-based technologies focusing primarily on the development of Web portals, and a Web presence, using simple forms, and is now moving towards a task-oriented, Web services oriented paradigm.

Digital Security

While information technology and e-Government systems and services have evolved over the years, we are also seeing changing attack patterns and profiles in the digital world. In the early days of computing, computer viruses, network worms, and Trojan Horse programs were mostly experimental and even when these were exploited, the motives of the perpetrators were often egoistic, with limited financial gains, and the attacks were seldom well organised. While substantial financial losses may have been incurred by some victim organisations, to most others, those attacks were often considered annoyances rather than real risks. However, over the last few years, the situation has changed dramatically with cyber attacks becoming more sophisticated and organised. Instead of leveraging malicious code or programs for a specific purpose, we now see the prevalence of an assortment of malicious code (including viruses, worms, Trojans) exploiting multiple vulnerabilities at different layers of the system, right from operating system kernel to Web interfaces to e-mail and other online collaboration applications. Commonly known as blended attacks, perpetrators, mostly operating in organised groups, are now focused at taking control over computer systems and networks that are not adequately secured to create “Armies of Zombies”, or Botnets, i.e., machines that they can control remotely. These Botnets are used to perpetrate crimes ranging from email spamming to providing illegal downloads, software piracy, distributed storage of pornographic materials, and DDoS extortion. In the context of the national security, cases of digital espionage have been reported as well. To the online citizens, reports of targeted attacks such as Phishing and Identity Theft have been a major concern in addition to the safety of children online. Such concerns erode the confidence of citizens in the online world and can act to retard the uptake of eGovernment services and the growth of a digital economy.

Such cyber challenges, if not adequately addressed, would undermine the trustworthiness of e-Government systems across infrastructure, platforms, networks, application, and people.

Trustworthy Computing and e-Government

In terms of security, e-Government systems need to be secure and resilient against attacks. They need to have a strong security infrastructure to identify and authenticate citizens and business partners using the systems. They need to be able to provide access to e-government products and services securely, protecting information confidentiality, integrity, and availability.

From a privacy perspective, e-Government systems need to assure the privacy of citizens’ personal information such as medical records, financial transactions, and other personal identifying information (PII). This also needs to take into account international treaties and agreements, especially in today’s context when personal information of the mobile workforce as well as that of customers is crossing national boundaries. There is a fundamental challenge of balancing such privacy controls over cost of operations, as more controls imply more steps, checks and balances need to be put in place.

It goes without saying that e-Government systems need to be reliable as well. They must be available when needed, work as expected, and be dependable to complete a service or tasks within specified performance criteria. Reliability, however, often means different thing to different people. Managing expectations is therefore another challenge that lies ahead.

Last, but not least, when government systems evolve to become part of the e-Government infrastructure, many facets of these systems will inevitably be transformed. They would begin to lose certain human touches. e-Government systems would come with a new face, and become a new embodiment of government servants who interact more frequently with citizens. To gain confidence and trust, addressing security, privacy, and reliability needs alone may be incomplete. e-Government needs to be responsive to emerging issues, demonstrate transparency and openness in addressing citizens and partners’ needs, issues, and challenges, reflecting the same of the government bodies.

Security in e-Government

From the e-Government systems perspective, given the scope involved, which is largely different than a technology provider, a different focus will be necessary. In analysing e-Government systems, we recognized that the three core areas that are fundamental to their security are Critical information infrastructure (CII) protection; Information security competency across government, industry, and citizens; and Information security assurance.

Critical Information Infrastructure

The information infrastructure, which includes networks, servers, databases, applications, computing devices capable of processing information, and supporting processes, form the foundation of any e-Government system. Such information infrastructure is critical to the availability, integrity, and security of e-Government. Protecting the CII during development and ongoing use to ensure trustworthiness is therefore fundamental. This should include, but is not limited to, secure design and architecture development, security processes to deal with known and new security attacks, including emergency and incident response and handling, and ongoing support for resiliency and recoverability. Across all this, an identity metasystem (i.e., a ‘system’ of identity systems) for managing the digital identity of all users (including administrators, developers, managers, and citizens at large) is necessary and fundamental.

Besides infrastructure technology and processes, people across the government, industry, and citizens need to be competent in information security, relevant to the roles they each play in e-Government. In terms of government, security competency is necessary for developing and enforcing appropriate information security related policies and regulations to enable digitisation of the economy, while deterring criminal activities.

For the industry, a competent security industry capable of providing secure services and solutions are essential to evolving a trust ecosystem capable of protecting information and delivering trustworthy services for e-Government.

For the rest, including citizens, children, students, IT professionals, and other computer users, awareness and knowledge about the safe and secure use of computing systems is critical to protect their digital assets, lifestyle, and work-style against cyber perpetrators.

Assurance of the trustworthy e-Government initiatives is crucial to gain the required level of confidence on the effectiveness of various security programs involved. For the government, an important question that needs to be answered is “Are the e-Government systems secure, or trustworthy?” A continuous program of security risk assessment and management would be necessary for this endeavour.

It is also necessary to gain assurance of the capability of the people involved in the use of the e-Government systems. Establishing assurance baseline or criteria to assess and constantly improve peoples’ capabilities to protect information, and use computing technology safely and securely would go a long way to ensure the safe and secure use of e-Government systems and related services.

Public-private Partnership

Most governments face a challenge of resources availability, both from the competency, and financial standpoints. In this regards, a strong public-private sector partnership is therefore necessary to leverage available and capable resources from the private sector while at the same time provide opportunities for their involvement in the development of trust in e-Government.

It is critical for the government to define what are the attributes that constitute trust in the e-Government context, consistent with regional and global understanding, and identifying the trustworthy requirements for e-Government systems. This should incorporate legal, regulatory, social/people, process, and technology perspectives. The framework for trustworthy computing discussed in this article provides a basis for such an undertaking. Focusing on critical information infrastructure development and protection, security competency, and assurance are three fundamental but key areas to begin building a strong foundation.

The author is the Director, Competitive Strategies at Microsoft India

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.