Source www.sundayherald.com
By Iain S Bruce Online Editor
Sunday Herald
24 August 2003
This morning, organisations worldwide are still struggling to contain the 23 million copies of the Sobig virus which has already wreaked an estimated £500 million worth of damage after only seven days. But a parliamentary investigation has sparked further fears that flaws in the UK’s £10 billion e-government strategy will leave the national infrastructure at the mercy of future online attacks. Escalating fraud, collapsing civil administrations and chaos in the benefits system are amongst the potential consequences if the systems go live without proper security.
“Dangers posed to national infrastructure by online security threats cannot be overstated. The impact of a major virus infecting public sector networks could affect the entire population, yet it seems the rush to reach the 2005 e-government deadline is forcing public organisations to press ahead despite known flaws ,” said security expert John Griffith, of Compusys.
“Political expedience is no excuse for spending billions on something that not only doesn’t work, but places essential services in real jeopardy.”
Suspicion that the Cabinet is failing to exercise due caution over its push to make every government department’s services available online by 2005 have apparently been confirmed by the influential Parliamentary Office of Science and Technology (POST). A cross-party committee chaired by Labour’s Dr Phyllis Starkey, its latest report claims the “Gateway” checks designed to ensure the quality of public sector IT contracts are being ignored whenever they threaten to impede politically important projects.
“It is possible for political pressures to override Gateway recommendations so, for example, projects may not be cancelled if they are of high political priority, even if given several red lights. The process can lapse into ‘box ticking’ with the presence of the right documents being enough to reassure reviewers,” the report said. Security testing specialists NTA Monitor has claimed 49% of government IT systems are at “considerable risk” from online attacks. Meanwhile, virus and hacker attacks are increasing by 20% each year.
“E-government might improve efficiency and access to services, but it will also provide a tempting target. Every aspect of public life will be online and if just one piece of Trojan horse software infiltrates a local authority’s system, for example, the personal records of every single constituent will be compromised and open to exploitation,” said security consultant Alex Findlay. “As reliance on computer networks increases, so do the risks. One mistake could allow a virus to bring the NHS to a grinding halt or let a hacker break into the public purse.”
Britain has already felt the effect of government computing’s failures. Last year the Department for Work and Pensions blamed database problems for an annual £900m loss – mostly to fraud – while in May officials confessed a “glitch” in the Inland Revenue system created a £15bn pension crisis after up to a third of workers were not notified to top up their national insurance contributions.
“This week’s Sobig attack is nothing compared to what’s ahead as virus writers and hackers become increasingly sophisticated,” said Findlay. “The risks can be managed and minimised, but only if organisations are given time to develop systems that are up to the task.”
Despite the threat of fiscal penalties for failing to meet the 2005 deadline, a civic rebellion is beginning to emerge. Reports that many public bodies are behind schedule emerge almost daily. Oxfordshire County Council last week broke ranks and urged local authorities to forget the timetable and concentrate on realistic and achievable goals.
“We’re not fussed whether we have all the boxes ticked. We are confident of meeting the target, but if there is a trade-off between quality and the date, we’ll go for quality,” said Stephan Conaway, Oxfordshire’s head of IT strategy.
With less than two years remaining in the e-government timetable, the necessity for speed has been further undermined by a lack of public enthusiasm. A January survey by Portfolio Communications indicated that take-up of online services will remain low until at least 2013.
But Downing Street remains unmoved. Pointing to the POST report’s assertion that its monitoring system has proved successful for many of the 100 major e-government projects underway, Paisley South MP Douglas Alexander, minister for e-transformation at the Cabinet Office, reiterated Labour’s promise that all services will be safe, secure and implemented on schedule.
Whitehall insiders say the Cabinet is confident technical hitches remaining unsolved by deadline day can be addressed after the fact. Any doubts are said to be outweighed by concern that failure to deliver on time would further cool the already lukewarm reaction to cyber-civics, but many critics believe the bid for short-term gains could have profound long-term consequences.
“There is every possibility Britain is about to place every aspect of its infrastructure at risk from malevolent hackers, thieves and vandals without being absolutely certain that it’s properly protected,” said Griffith. “It is an enormous gamble where one mistake could cause chaos on a national scale, permanently damaging confidence in e-government and shattering public faith in the administration itself.” |