Govs ‘must address security risks of future digital services’

Digitally ‘smart’ future public services will raise security concerns that governments must deal with, according to McAfee.

The IT security vendor has released a report into the security challenges of next generation governments as more services go digital and data sharing increases.

The report, titled Why Can’t I Vote on my Phone?, highlights potential future security issues including unsecured data, identity assurance and compromised devices.

It read: "The introduction of ‘smart’ public services raises security concerns. Governments have to balance risk when making changes.
"An increasingly interconnected world is breeding an increasing number of cyber security threats and governments confront this head-on when they adopt new technology."

The Government Digital Service (GDS) is currently busy turning 25 key UK public services into digital ones run on the Gov.uk platform, and aims to save £1.7bn a year after 2015 by digitising services.

And McAfee believes the technology transformation will not stop there, predicting a growth in mobile connectivity as the Government allows citizens to use its services directly from their personal devices.

"This will move beyond portals to platform-specific applications to provide even greater instantaneous utility. It will therefore be equally easy to submit a tax return via desktop or a personal connected device," the report read, adding that services will become citizen-specific.

Identity assurance

These personalised services will require more thorough approaches to authentication than username and password in order for the Government and citizens to use them properly, said McAfee.

Specifically, it pointed to two-factor authentication, where another identity verification method is needed on top of a password, and fingerprint technology – biometrics – as possible solutions.

But it cited the Government’s Verify programme, which is currently in private beta and which aims to provide a single assured identity for citizens to access all government services using two-factor authentication.

The report said: "This programme is at a relatively early stage, but shows governments are already taking the issues raised by identity assurance seriously. It also indicates that not only is there an wareness of the need, but that security solutions need to be appropriate to the service offered and function required.

"This principle is likely to remain pivotal across the future of digital service delivery."

Data collection

As technology advances, the capacity for data collection by governments will increase, predicted McAfee.

There are multiple potential benefits to this, it said, including smart devices collecting medical data and automatically providing that to doctors and diagnostic machines to inform treatment.

But it also warned that as the scale of networks handling data expands, there is more potential for vulnerabilities where the data can be maliciously altered, citing the example of human error.

An August study by the security vendor found more than 80% of 16,000 business users fell victim to a phishing email.

And the report warned: "Advances in security technology can protect from advanced digital threats, however unless the human element remains similarly advanced, it can become a vulnerability."

It added: "The use of technology to protect data in Next-Gen Governments must be matched with measures taken to secure data against threats that emanate from human actions in order to be truly effective."