In light of all the cybersecurity breaches that have happened, both within the Caribbean and worldwide, can there be any guarantee that a network is truly secure?
In an article published by the Jamaica Information Service (JIS), the Minister for Science, Energy and Technology, Dr the Hon. Andrew Wheatley, sought to reassure “the public that the newly launched GOV.JM is a secure portal, and users’ personal information will not be compromised”. Further, in seeking to encourage the public to use the online tools now available, Dr Wheatley highlighted some recent efforts, such as preparing a new web security policy, conducting security audits, and upgrading the security of websites, all of which are geared towards making government websites more secure.
However, although it can be appreciated that the Minister is eager for buy-in from the Jamaican public, and for more people to use government websites, particularly GOV.JM, it can appear a bit foolhardy to be asserting – even guaranteeing – that the websites are secure. The fact of the matter is that organizations and countries that are considerably better resourced, and have more extensive and cybersecurity frameworks than Jamaica, have experienced major breaches that have resulted in, among other things: data corruption; data theft; their computing devices being used as robots (bots) in other attacks; and public systems and networks (such as those for transport and utilities) being compromised.
The enemy within
Further, although the Government of Jamaica has implemented several measures to improve network security, there is still a glaring hole that has yet to be addressed: staff behaviour and actions that can undermine those networks. Across most government ministries, departments and agencies, staff-directed policies and rules on the use of public electronic resources, and the associated capacity building, have not yet been implemented.
As a result, and for example, there might still be a considerable portion of the public services that do not know how to begin to identify likely spam and malware, and what to do in those circumstances, or how and when to use USB flash drives. Hence even with the best security, essentially, ‘the enemy’ can already be on the network.
Threat remain inevitable
It must also be emphasised that the threat landscape is growing, and becoming even more sophisticated. Frequently, the cybersecurity effort is playing catch-up, that is to remedy or block vulnerabilities that have been exposed (well) after a breach. Further, in light of the trend for network security threats to be deeply embedded in systems, yet be dormant (or barely imperceptible) over an extended period of time until fully activated, we really cannot say – for sure – how safe our systems are. They may already be compromised and we do not know it!
That being said, increasingly, we are all required to conduct business online. However, we, the public or external user, ought to be vigilant in how and where we access the websites of interest, and pay attention to the experience we are having. In many instances, it is us, the public, who may be the first to realise that a particular network is not as secure as claimed, and may also need to deal with the fallout.
Image credit: Marolyn Dudfield (Pexels)
____________
Good catch there Michele about the lack of training for the human resources. It’s a very valid point. Too often the focus on e-government is on the technology and not the “human” element. Training would need to be enabled on both ends – providers and users – to mitigate the public’s buy in to e-govt.