Browsing Category "Politics"
19 Nov
2013
Posted in: National - Australia
By    Comments Off on Is this for real?

Is this for real?

As a devotee of IT Security (and, somewhat of an expert in the space), I watch with droll amusement the dog and pony show of people running around talking about CyberThreats, but then reverting to comments like Password strength, and malware, and so on.  The recent revelations that Nation States have been conducting ongoing espionage of each other, suddenly seems to be “new news” even though we all grew up reading the James Bond books, apparently, not believing them to be true.

Of course, much of the mechanics of communications is now within the private sector. And as such, there comes an arms length (of sorts) engagement between that private sector and the government, but that implies that there is at least the vague-est level of knowledge amongst those concerned.

I refer to the following discussion, from Australian Federal Senate Committees. LUDLAM is a West Australian Federal Greens Senator, on the ICT Committee. Seittenranta was the CIO of Parliamentary Services, i.e. the Person ultimately accountable for the information security around our most senior politicians.

What I find stunning is a) the “no we are not aware that our major Software Provider has provided back doors to a foreign intelligence agency, into our  systems”,  b) the “our plan to deal with this (the intrusion by a software supplier (Microsoft) is to make sure we are up to date, on all of the software patches from said company”, and c) we lack the ability to delve more deeply into this.

 

Senator LUDLAM: I figured.

We know that Microsoft software contains a back door which is utilised by the US NSA and Microsoft has been very active in assisting the NSA to circumvent the company’s own encryption standards. What can you tell the committee about the network-level security threats posed by using Microsoft software given that it has been backdoored by foreign intelligence agencies?

Ms Seittenranta : I would have to take that on notice.

Senator LUDLAM: Why is that?

Ms Seittenranta : It is not a level of detail that I am familiar with.

Senator LUDLAM: I am not sure that I would call it detail. For example, do we provide for a specific patch against that back door, or is the parliament’s network open to intrusion by the US government?

Ms Seittenranta : We implement the patches provided by the Microsoft organisation to their systems based on malware that they are aware of. We do not get specific advice on vulnerabilities that may or may not be built into the software.

Senator LUDLAM: Okay, but you are aware that Microsoft is under a legal obligation to allow the US NSA access to its servers and its hosting services.

Ms Seittenranta : We are aware that there are rumours to be things like that around, yes.

Senator LUDLAM: It is not a rumour; we have primary source documentation and know that is correct.

Ms Seittenranta : We do not have capabilities to create any patches for vulnerabilities of that nature. We are dependent on what the industry provides us and advice that we might get from the Australian Signals Directorate.

Senator LUDLAM: So should parliamentarians and staff working in this building assume that we are exposed to that level of intrusion.

Ms Seittenranta : Yes, I suppose you should be able to assume that. Also, it probably should be noted that our network is not a protected network. It is unclassified.

Senator LUDLAM: Yes. What about ministerial?

Ms Seittenranta : For ministers their home departments provide their IT. Each minister has access to the parliamentary computing network in the same way as backbenchers.

Senator LUDLAM: I would have to chase the departments around this building one after another to see what they do, wouldn’t I?

Ms Seittenranta : To see what they do.

Senator LUDLAM: Okay. But, as far as the work of ordinary MPs-everybody sitting around these tables and most of the people behind-that back door is in effect? You have not taken any actions to remedy that security hole that has been opened by the NSA?

Ms Seittenranta : No, we would not have taken a specific action?

Senator LUDLAM: Is there any reason why not? Could I request that you might take that action on behalf of all of us?

Ms Seittenranta : We would be dependent on somebody being able to provide us appropriate patches to close that. We do not have the technical skills to create patches to close that nature of vulnerability, so we would have to take that on notice to work with the Australian Signals Directorate.

 

2 Nov
2010
Posted in: Politics, Technologies
By    Comments Off on eGovernment in Australia – are they really serious?

eGovernment in Australia – are they really serious?

In conjunction with the “Magic” NBN and various other efforts we keep hearing about eHealth and eGovernment and so on. eHealth is a whole separate “other story”, so let’s focus on eGovernment, or the “Big Picture”, although Health will come into the discussion.

In the United States we are starting to see a massive movement towards eGovernment. When they first started out, there were but a handful of applications, now the US Government datasets (and applications being built from them), are running into the hundreds. Here in Australia, there are a mere handful. Possibly one of the notable in the US, is the NY state Senate – it has opened up almost everything, and actively canvasses for mashups and so on.

I have a particular “beef with government” on this issue.  I was inspired when I saw, the “google transit” Project.   You may already know that Google “do” maps. If you are watching closely, you will see that their maps include the ability to present directions – how to get from a to b, and with a number of variations, like graphically forcing a slightly different route (to pick up something on the way). Equally, you can specify to Google Maps that you want to walk – I am not sure what the differences are in terms  of route selection, with this (I am assuming, walking across parks and gardens rather than around them, and so on).   But the most often understated component of google maps is Google Transit.  Google have an open specification for data formats which they keep at. The bue

Other areas of eGovernment, that just aren’t happening in Australia, must include the mammoth efforts of NEHTA. The National Electronic Health Transition Agency, has to be one of the most ultimately ineffective bodies associated with our government. It has drawn a budget in the billions of dollars, over the course of the last half dozen years – It has staff in the hundreds. It’s brief was to develop standards for e-health, and after much delay and fanfare – they just adopted an international standard – SNOMED-CT (Systematized? Nomenclature of Medicine – Clinical Terms). This takes hundreds of people? How so?

It is the epitome of “non-delivery” with Doctors billing for things that it hasn’t even made yet, such as
Phantom payments. There is a reasonable assumption that if you are meant to be the peak body for Medical IT Standards in the Country, that you would be keeping track of such things.

But then, the track record in our medical system in general isn’t all the flash. There has been an IEEE standard for Medical Device Management for over a decade. IEEE11073, as I recall. Oximeters and Infusion pumps typically have compatible connectors for this standard – and how many of our hospitals that we have spent billions in IT on, have networks capable of connecting and monitoring all of these…

And then you have simple things like tides data. You can get it for all sorts of locations around the world. But try to get it in a raw format to feed into a program, from the Boreau of Meteorology. Nope they have to print up tide books and charge for them (again and again). In this day and age, an app on an IPhone to do the same, would make so much more sense.

Or there is the ABS (Bureau of Stats) – Tons of Data, but very little of it, in a manipulatable format.