Weak govt systems secured following report
Following a government review of it's own system security last October, the CIO in charge of the investigation says the issues have now been addressed.
The government's Chief Information officer (GCIO) Colin MacDonald published a review of the government’s publicly accessible ICT systems such as kiosks, wi-fi networks and web services.
The review found privacy and security processes within many agencies were under-developed and relied too much on the individual skills and capabilities of staff and suppliers.
Directed to develop a work programme to address the issues raised in the report when it received it in December 2012, MacDonald confirmed 13 high priority issues within the 215 in-scope systems.
"In total, 13 agencies were originally identified where unresolved vulnerabilities exist with publicly accessible systems," MacDonald said.
"These vulnerabilities were identified because these particular agencies have more mature processes in place, in contrast to the majority of other agencies surveyed.
"Of these 13 agencies, I am satisfied that 11 have taken appropriate action to fully address the risk."
Speaking directly to the chief executives of the remaining two agencies, MacDonald says both are aware of the issues and have accepted "the residual risk or to resolve the issue within a short timeframe."
While there was no evidence to suggest the weak points led to any unauthorised access being obtained, the weak points identified were:
Careers NZCommission for Financial Literacy and Retirement IncomeDepartment of CorrectionsEQCMaritime NZMidCentral DHBMinistry for Culture and HeritageMinistry of EducationMinistry of JusticeMinistry of Social DevelopmentTertiary Education CommissionTrade and Enterprise
"Citizens need to have confidence that the private information they supply to government will be appropriately protected," MacDonald concluded.
"Citizens also want to be able to interact with government in the most convenient way, which often involves the use of technology.
"I believe my recommendations strike the appropriate balance of requiring immediate action from agency chief executives to improve security and privacy practices within their agencies, while developing more effective support mechanisms and materials to increase maturity over the longer term."
Government reaction
In response to the findings, State Services minister Jonathan Coleman and Internal Affairs Minister Chris Tremain expect the public sector to put a much stronger focus on privacy and security.
“New Zealanders expect government agencies will be doing everything they can to ensure the integrity of public sector ICT systems,” Coleman says.
“We expect every public service department and agency to comply fully with the agreed plan of action.”