Use of technology provides improvements in productivity, cost savings and more accurate process execution in almost all industries. This applies to both private and public sector (Government bodies). Use of technology reduces back logs, increases the speed of processes and improves overall transparency for the Government and its partners. Governments across the world realize this and are embracing the latest technologies such as mobile platforms and IoT devices (for public utilities) such as smart meters and controllers. While the adoption of new technology is helping in governance, it is also bringing in some risks with it. Government organizations are one of the favorite targets of hackers and are known for data breaches. In fact, incidents of data breaches in government are quite common. From first world countries such as USA, UK, and France, to developing countries such as India, Bangladesh, etc., the government of almost every country has suffered more than one data breach in recent past. Let’s try to understand the situation of risks in government sector in a little more detail.
What is the technology used by the government?
Let us look in a structured way and understand the kind of technologies which the government uses. Primarily, there are three types of technologies used by any organization:
1. Information: Computers, data servers and more recently, smart phones and tablets.
2. Communication: Voice, video, and data that moves using wires or wirelessly.
3. Operational: Process controls (water, sewer, etc.), meters, sensors, cameras (security and traffic cameras), etc.
Like any other organization, these technologies are also used by government agencies. All of them are prone to issues such as failure of technology, human error, failure of management, natural disasters, security incidents and data breaches.
Why is there a risk?
To understand the risk, one must first understand the nature of data held by government and its sensitivity. A few examples of the data held by the government include:
- Tax data: This contains tax paid by the citizens, which in turn needs income data, assets held and other financial information of the individual.
- Social security data: This includes personal, demographic and eligibility data. In certain countries, it may also include biometric data.
- Driving license data: This has personal and demographic information, driving records, past violations and driving eligibility data, etc.
If any of this data falls into the wrong hands, it can be hazardous for the individual and can have serious repercussions for the government. Apart from the personal data, there is also other highly sensitive data that the government of any country holds. For example:
- Contract data: Information about upcoming contracts before the contract is published.
- Defence related data: Strategic information which cannot be made public and can be damaging in wrong hands.
- Intelligence information: This contains both internal and international intelligence about anti-social and anti-national elements.
- Criminal justice system information: Information about ongoing criminal proceedings which cannot be revealed to the public due to various legal and judicial reasons.
- State secrets: Other state secrets that cannot be made public.
What are the risks?
The kinds of data that government collects and manages can lead to following kinds of risks:
1. Legal risks: Government is not absolved of its legal liabilities if it errs. In case there is any breach of data, the government is liable like any other organization and can be penalized.
2. Financial risks: Any breach of financial data, can lead to huge losses for the government. The famous Bangladesh Bank breach is a case in point.
3. Operational risks: Exposure of an upcoming contract or the budget allocation etc; if breached, can be used by unscrupulous contractors to gain an unfair advantage. Loss of other operational data can bring many government services to a halt.
4. Reputational risks: Exposure of state secrets and other confidential information not only poses the security risks but can also lead to huge embarrassment for the government on both domestic and international front. Wikileaks and NSA leaks are just some examples of the same.
5. Societal risks: This is often one of the biggest risks for the government. Any change in employment pattern caused by any kind of breach, misrepresentation of finances due to a breach of data, failure of government schemes can lead to social unrest and can be the reason for fall of the government.
Due to the nature of the data it holds and its role in the smooth running of the society, the government is one of the favorite targets for a data breach. The resistance to change and adoption of new technology contributes to breaches due to negligence and human error. The budget constraints and slow pace of procurement and implementation further complicate the situation. Due to these reasons, government departments need to pay extra attention to data loss prevention and cyber security solutions. By adopting the right data security solution, the government can minimize the risks and ensure that the society receives maximum benefit from technology uptake by the government.