Tameside Council has invested in technology to secure its
web applications against hacking, as it gears up to offer a new
range of customised services to the public.
The council, which already offers online access to 800 services,
ranging from ordering school meals to paying council tax, plans to
tailor its services to the individuals accessing them over the next
12 months.
Both businesses and public sector organisations will view the
project with interest as they attempt to put more personalised
services online.
"We want a reasonable level of confidence that people cannot hack
in and pinch personal information off our systems," said Dave
Hutchings, Tameside Council's strategic project manager. "We are
putting a lot of investment into new channels for services and we
don't want that to be a security risk."
Although Tameside has invested in firewalls and created
"demilitarised zones" to protected five Microsoft NT servers used
to provide the online services, Hutchings realised that hackers
could gain access to internal systems by attacking the web
applications.
Tests by security supplier Kavado showed that hackers could gain
access to the council's systems by making applications behave in
unexpected ways by, for example, reprogramming cookies or causing
buffer overflows.
"[Kavado] proved to us they could access databases and create file
directories on servers. They reckon they could have got from the
web servers onto corporate servers with personal information on
them," said Hutchings.
The council installed Kavado's Interdo software on a dedicated
server behind the firewall to secure the web applications last
November. The installation, which took two days, is an essential
first step towards the council's plans to create a personalised
portal for the 220,000 residents of Tameside. The portal will need
to be secure to protect personal data from attack, said
Hutchings.
"We want to be able to personalise the forms they fill in to share
information we have about them. For example, if someone reports a
death, we want to be able to inform all departments and tell
relatives that they are entitled to benefits, counselling and
discounts to council tax, and try to roll it up in one service," he
said.
Tameside has begun a BS7999 review and said it will expect its
business partners to have the same level of security if they want
to interconnect with council systems. "If anyone wants to work with
us they will have to have the same standards," said Hutchings.