Public Data at Risk: Cyber Threat to the Networked Government

Public Data at Risk: Cyber Threat to the Networked Government

publicdataatrisk2015Executive Summary
Being a networked government can offer tremendous opportunity for governments globally to connect with their citizens, productively collect and use information, as well as streamline and enhance the efficiency of internal work streams and processes. However, this can open up the Government to severe threats to national security, infrastructure, data, and international diplomacy. Addressing and mitigating these threats are essential to constructing a robust and resilient cyber security strategy.
In most cases, it is the government Chief Technology/Information Officer (CTO/CIO)’s responsibility to understand and manage the issues. However, a more holistic approach towards cyber security must be undertaken if a country is to be cyber ready – from the setting up of technical computer emergency response teams (CERTs), to educating both civil servants and the public at large, to protecting the procurement and purchasing process, which is often a gateway for malware and viruses to enter a system through unhygienic procurement practices.
This paper aims to provide a non-technical explanatory framework by which public officers other than the technically-trained officers can understand and discuss the issues together. These should include (but not be limited to) public officials from the communications, procurement, finance departments etc. This paper should also be used as a tool by the CTO/CIO to garner more broad-based support across the various government agencies for a whole-of-government approach to cyber security.
This report begins by reviewing the high government dependence on IT, the key information stored and managed by governments, and where government IT spend goes to. It then outlines the types of cyber threats governments are facing today, and concludes with a roadmap to creating a cyber security policy, offering a practical checklist by which governments can assess their institutional cyber security robustness. These chapters are outlined in brief below.
Chapter 1: Government IT Systems and infrastructure

  • Development of e-government infrastructure and online services has had a significant positive impact on interaction and engagement with citizens through e-governance infrastructure. The USA, South Korea and Singapore are regularly being ranked as leaders in this field.
  • The provision of public utilities and national defence services has also increasingly also been networked and channelled through IT systems.
  • While tremendously useful, if not managed properly, this could expose governments and citizens to severe breaches of privacy, data theft and compromise in the provision of key public services.

Chapter 2: Types of information stored by governments

  • Large amounts of public and private data are now stored and made accessible through government IT systems. This includes public information and documents that are now accessible online, sensitive data such as national ID numbers or tax information, internal government communications such as email and classified security information.
  • Different levels of security and protection are required for the different levels of data and it is essential that governments take the right steps to ensure the integrity of the types of information that are stored and accessed on their systems.
  • Major cyber attacks in recent years have targeted information and data stored by governments that have compromised citizen security and resulted in enormous cost to and loss of confidence in government.

Chapter 3: Public Sector IT Spending

  • North America, Western Europe and Australia lead in committing money and resources to cyber security efforts. Several Gulf and Asian countries have stepped up commitment in recent years following attacks.
  • Public Sector spending on cyber security is generally focused on rapid detection and response to a threat, remedial work necessitated by data breaches, and ongoing maintenance of websites and online services.

Chapter 4: Types of Cyber Security Threats to Government

  • The types of cyber security threats posed to governments are numerous with as many levels of severity of impact. Common attacks include: cyber terrorism and threats to critical infrastructure, theft of confidential or sovereign data, denial of service attacks on e-government infrastructure, cyber espionage and advanced persistent threats.
  • Counterfeit software, lack of maintenance and lax procurement supply chains pose a significant security risk by providing doorways to malware entering and abusing government networks and systems.

Chapter 5: A Roadmap to Constructing a Resilient Cyber Security Strategy

  • A resilient cyber security strategy must be holistic and address different stages of an attack, including prevention, response and mitigation.
  • An effective roadmap towards constructing a resilient strategy should include steps taken to:
    • Raise awareness and the level of understanding among the general population, by educating business owners, students and government agencies on the threats that exist as well as how to protect their networks from attack.
    • Ensure Readiness through the creation of Computer Response Emergency Teams (CERTs) that coordinate capabilities and share knowledge.
    • Prevention of attacks through building and maintaining a safe and secure network infrastructure and supply chain through good maintenance and procurement practices.
    • Responding effectively to attack through empowering legislators, regulators and policy makers with good regulation and using cyber hygiene tools that can fight attack.
    • Mitigate damage by rebuilding trust with citizens and other stakeholders through effective communication, established review processes and building partnerships with industry, other governments and international organisations.

 

[download full report here]

Media Cover:

Related Articles

人口減少社会における旅客輸送サービスの再検証:大都市圏以外における調査結果と移動格差解消に向けた解決策

人口減少社会における旅客輸送サービスの再検証:大都市圏以外における調査結果と移動格差解消に向けた解決策

Access Partnershipと国際大学グローバル・コミュニケーション・センター、日本における移動格差の実態を調査、交通システムの改善がもたらす経済効果を推計 人口動態を踏まえたライドシェアなどの柔軟な交通手段の導入により、年間5.8兆円の経済効果が期待 Read this article in English 詳細は、以下のリンクをご覧ください: 著者: Abhineet Kaul (Access Partnership), Swee Cheng Wei (Access Partnership), Chailyn Ong...

25 Mar 2025 General
Bridging Access for All: Why does enhancing mobility matter for Japan?

Bridging Access for All: Why does enhancing mobility matter for Japan?

Access Partnership and the International University of Japan’s Centre for Global Communications (GLOCOM) Release Economic Study on Enhancing Mobility in...

25 Mar 2025 General
Google Cloud Region in the South African Economy

Google Cloud Region in the South African Economy

The economic impact of establishing a Google Cloud Region in South Africa Our analysis finds that having a Google Cloud...

19 Mar 2025 General
Navigating the Digital Frontier: America’s Evolving Cybersecurity Strategy

Navigating the Digital Frontier: America’s Evolving Cybersecurity Strategy

This opinion piece is part of Access Partnership’s  ‘A Digital Manifesto’  initiative, which recommends a framework to develop US global leadership on...

3 Mar 2025 Opinion