The auditor general has lifted the lid on a warning made to government some three years ago that it was facing serious risks to its security due to a catalogue problems. One of a number of reports the auditor managed to complete and pass on to legislators ahead of his departure, Alastair Swarbrick’s latest report on the risks to governments IT reveals that problems identified in 2012 have not been addressed and the situation is even worse. Government is not doing enough to protect its systems and information from the risks and threats of cyber-attack, he said.
Following up on the 2012 audit this year on the poor state of IT security, Swarbrick said, “Progress has been too slow in addressing the concerns raised some three years ago and the opportunity for significant damage to government operations and its reputation should mean that significantly more action is needed.”
With government planning to provide more services online with its e-government initiative, Swarbrick said it was increasingly important for government to protect its assets but so far government has not been doing enough.
In a press briefing on Wednesday he confirmed that the team was able to penetrate and breach the government system, and while he did not wish to go into detail, serious breaches have already occurred.
He explained that the report was not made public before to give government the chance to tackle the problem but after it failed to take action, as revealed in this year’s review, Swarbrick said he was obliged to make this latest report public.
Despite doing nothing for three years, government has now said it is dealing with the problems. In tandem with the release of Swarbrick’s report, the premier’s ministry, which is responsible for governments IT, issued a statement.
The Home Affairs Ministry said it and the Computer Services Department (CSD) have embraced the report and were already addressing issues before receiving the final report.
“Cybersecurity is arguably the biggest threat facing governments, businesses and individuals around the world,” officials said. “Our dependence on technology and the high rate of change in IT systems creates vulnerabilities that put governments, businesses and individuals at increased risks.”
The ministry said the security flaws discovered by the auditor general were “unacceptable” and additional security examinations had been commissioned.
“The collective findings point to issues that are systemic and best addressed through improvements in governance, leadership, processes and procedures along with the appropriate technology,” the ministry stated.
Listing what it has already done, the ministry said it had engaged security consultants and hired a senior IT security administrator, which the auditor had revealed was a job that had remained vacant for more than two years. Training in IT security is now part of the Project Future initiative and the issue has become a priority.
“IT infrastructure found to pose a security risk has been replaced at a cost of $698,551,” the ministry said, noting that the degradation of CSD’s capabilities was due to the budget cuts.
The chief officer in the ministry, Eric Bush, said that much work remains and the worldwide focus on cyber security risks has elevated the issue here as well.
“We continue to work on building defensive IT systems, along with improving systems and processes to minimise cyber risks, increase resilience and speed recovery from cyber-attacks,” he said.
The audit gives cause for alarm as government is planning to use technology to cut the cost and increase the efficiency of its service delivery. Swarbrick warned of monetary repercussions as the systems are not robust enough and the systems that they were able to look at were easy to breach.
However, he said that following this report government was now responding and taking his findings seriously and the necessary resources have been allocated, as he agreed that the problem was down to a lack of investment. Swarbrick warned this would not be a quick fix but he hoped the e-government initiative would be a driving factor.
---
Quelle/Source: Cayman News Service, 02.10.2015
Bitte besuchen Sie/Please visit:
