Many Govt agencies in need of better web security
21st June 2004 (The Star)
By Steven Patrick

KUALA LUMPUR: Government departments seem to be hestitating to implement Managed Security Services despite the increasing number of web defacements involving public sector websites.

Haji Khalid Ahmad, ICT director of Government Integrated Telecommunication Network Sdn Bhd (GITN), said there is growing awareness of Managed Security Services among the departments, but the implementation of such services by them is still smallscale.

GITN (www.gitn.com.my) is the official network provider for Malaysia's e-Government initiative and provides such security services.

Khalid said some government agencies were hesitating because the defacements did not impact business operations. "They think that the thing at issue is reputation rather than disruption to business," he said.

What these agencies fail to realise, he said, is that the web defacements may only be the beginning of more serious intrusions. "There needs to be a secure environment because more and more business transactions by government departments are moving online," he said.

According to him, GITN now provides Managed Security Services to just 30 of the 400 to 500 public sector agencies in the country. "Most have only basic security systems in place," Khalid said. "A lot are spending on antivirus software and firewalls only."

He said the weakest link in many of the departments is a lack of staff to run the technology. "You need dedicated people to implement policies and procedures. (Unfortunately) many tend to look at security as forced expenditure rather than an investment," he added.

The Malaysian Computer Emergency Response Team (MyCERT) said in its quarterly report, released in April, that there were 231 incidences of web defacement in the first quarter of this year, compared with only six in the previous quarter. And more than two-thirds of the cases involved government websites.

Managed Security Services are computer network security services that are monitored and managed remotely using a centralised network.

GITN's services include a firewall, an intrusion detection/prevention system, antivirus software, public key infrastructure (PKI) services and business continuity systems.

It also offers security training assessment and security policy development services to strengthen a client's existing IT processes and employee skills.