McAfee highlights security challenges of a next-generation government

McAfee has released a report investigating the security issues the 'government of tomorrow' might face

McAfee has released a report, Why Can’t I Vote on my Phone, looking into security issues the “government of tomorrow” might face.

The report investigates how technology is aiding governments around the world and how technologies may change future government.

 “As governments are increasingly technology-enabled, one might ask 'why can’t I vote on my phone?'. The technological capacity exists, and many countries have experimented with e-voting, so it might seem reasonable to expect voting on personal devices to be forthcoming,” reads the report.

The UK government claims to be making strides with its digital-by-default agenda, whereby the government digital service is creating easy-to-use online public services. The government claims digitising public services will make cumulative savings of £1.2bn in this parliament, rising to an estimated £1.7bn a year after 2015.

The Government Digital Service is digitally transforming 25 of the most used public transactions, while encouraging wider government to take inspiration and create their own services.

But McAfee warns that governments will have to balance risk when making changes to digital strategy and creating "smart" public services in case security is not sufficient.

“Where technology is involved, risk can include considering returns on investment or whether a service will work at all. However, an increasingly interconnected world is breeding an increasing number of cyber security threats and governments can confront this head-on when they adopt new technology,” said the report.

Data sharing

A “next-gen” government would see a great increase in data sharing and data collation for public transactions to work digitally.

“Increasing the internal availability of data could achieve similar effects in supporting the next generation of public services,” said the report.

McAfee points to the Public Services Network (PSN) as a scalable approach to mitigate the risk of compromising the network. “Common standards are applied to those seeking to connect or provide services across the network. This aims to protect the network from vulnerable connections while not significantly restricting new access.”

Besides securing data, governments must secure data handlers as well, because humans are seen as the weakest link in the security chain.

“The fundamental nature of the threat is unlikely to change as governments move towards the next-generation," said the report.

"On one hand, new technology could reduce the number of human ‘entry points’ into the system. On the other, the human element that remained would be that most critical to the system’s operations. This could mean the impact of a breach would be more significant than in a situation with multiple users with more limited responsibilities.”

The report stated that the use of technology to protect data must be matched with measures taken to secure data against human threats to be truly effective. “Similarly, a dynamic approach is required to enable staff and citizens to respond to changing environments and emerging threats.”

Identity assurance – Verify

McAfee also predicts advances in identity assurance will significantly streamline interactions with government services, reducing the data input requirements for citizens.

“Common data, such as name, address and date of birth will be centrally held, and pushed out to services to grant access,” said the report. “Increased use of cloud functionality will enhance this capability.”

Meanwhile, the government’s new digital identity assurance system is ready to go live, with the first service expected to be launched “in the next couple of weeks”. Verify enables citizens to prove who they are when accessing online public services. The system has been in a private beta test since February for invited individuals only, but the Government Digital Service (GDS) has announced Verify is now ready for its first public test.

Verify will use a number of third parties to check users’ identities and allow citizens to securely use government services. It will work in the same way Facebook and Twitter usernames and passwords can be used to log into other websites.

When the first digital service goes live using Verify – likely to be either HM Revenue & Customs' new PAYE service, DVLA’s view driving record service or rural payments for farmers – only one third-party identity provider will be involved, but the government has said there will be four by the end of the year.

Read more on IT for government and public sector