by Simeon Tassev, MD and QSA at Galix
We often talk about cyber-security from the perspective of the private sector, however, governments and public sector organisations hold vast troves of data on citizens. If this gets into the wrong hands, it can wreak havoc, and diminish the trust among the voting public.
We have already seen elements of this in South Africa. For instance it was reported that in 2016 almost 9 million South Africans were victims of some form of cyber-crime. Government plays a crucial role in securing the citizen data held in its databases, as well as in helping to educate our nation on the measures to protect themselves against global crime syndicates.
The dream of providing a rich array of e-Goverrnment services that serve the nation can certainly not be realised without a strong focus on cybersecurity.
But just how can the public sector embrace new, disruptive technologies, to improve the digital experiences for its constituents?
Develop clear frameworks and policies
Cyber-security planning and assessment, technology deployment, workforce management, training, and change management should be supported by clear guidelines that are standardised across departments and recognised as best-practice.
Locally, our government has established the Public Sector Risk Management Framework, which guides the way departments should pre-empt or deal with a variety of risk categories. It’s important for security pros in the Public Sector to translate these principles into clear policies for the specific field of cyber-security.
Central vs federated?
As we enter the era of Cloud-based architectures, cyber-security and data integrity becomes far more complex. At a high level, national government must determine what should be stored centrally – such as data logs collected from government’s various sectors and systems, to simplify reporting and data management.
Yet, for more sensitive core data, it’s probably appropriate to federate this information into discrete silos, owned by a particular department, and strongly protected by the very best security defences. That said, data protection should be aligned with national security frameworks and standards.
Lead the way with strong legislation
Of course, governments also play a major role in creating legislation to govern cyber-security issues for companies, people and public sector departments. A lot of work is being done to create legislation around data security, including the State Security Agency’s National Cybersecurity Policy Framework.
One of the stated goals of this framework is to: “Strengthen intelligence collection, investigation, prosecution and judicial processes, in respect of preventing and addressing cybercrime, cyber terrorism and cyber warfare.”
In addition, to enact this intent, the Computer Security Incident Response Team (CSIRT) was established, as part of the State Security Agency. CSIRT highlights emerging threats to government departments, helps them to swiftly deal with incidents if they arise, and coordinates strategic discussions at an industry level to combat the scourge of cyber-crime.
Make the most of advanced security tools
Across the entire ambit of the cyber-defence spectrum, new defence technologies are emerging to help fend off attackers. Consider for example the likes of biometrics to help secure end-user computing terminals and devices, encryption for sensitive data as it traverses networks, and artificial intelligence services that run continuous ‘white hat’ simulation attacks to test organisation’s defences.
Have a clear incident response plan
Despite our best efforts, security breaches can occur, and when this happens the focus then moves towards speedy incident response and damage limitation. Through a comprehensive incident response plan – covering the technologies, processes, responsibilities – government departments can minimise the impact of threats.
Take a balanced approach
The very nature of disruptive technologies is that they inevitably alter an organisation’s cyber-risk exposure. Each new wave of innovation tends to expand the threat surface in new ways. However, fear over security threats should never be the reason to forgo innovation or shun new technologies.
To solve SA’s service delivery challenges and improve society at large, we need to adopt the latest technologies – from e-classrooms to tele-medicine, to smart cities, smart metering, tech-enabled transport, and more. The right approach is to carefully evaluate all new technologies from a risk and security perspective, thoroughly understand how they may affect the threat landscape, and then adopt them judiciously.