LONDON (04/18/2000) - Governments that want to have an online presence face the same thorny security issues as companies on the Internet, according to a panel discussion here today.
Governments have to decide how to provide secure intranets as well as how to offer secure Internet sites between government branches and to the public. That much is known, but these questions remain: what security method is best, and how much security is necessary?
For instance, one panelist said that while authentication is necessary, technology doesn't need to determine the identity of the user as part of the authentication process. Instead, technology should determine just the fact that the user has authentication before allowing or denying access, said Richard Walton, director of the communications electronic security group GCHQ, said in the discussion at "GC2000: The E-government Exchange."
Such an approach gets around privacy issues, but adds a measure of security.
"We have to find ways to enforce that technology can help privacy, and not just hinder it," noted Bob Assirati, chief executive, Central Computer and Telecommunications Agency.
But the wrong method of security might give the public false feelings of protection, panelists said.
"There are huge holes in the security that banks currently use," Walton said, adding that he thinks all of the blame for credit-card fraud rests with the banks.
Besides those concerns, governments further have to figure out which technologies to use online and how to create the security infrastructure, which panelists also touched on.
"I think we need to remain technology neutral in designing the framework," Walton said.
It's important, panelists said, for entire governments to have one security standard. Choosing one will prevent government branches from becoming disjointed, said John Elvidge, secretary and head of Scottish Executive education department, Scottish Office.
In the meantime, government workers who are dealing with the Internet might need extra desk space.
"Current technology is not anywhere near taking care of the mismatch between public information and top-secret information, so you're going to have to have two terminals on your desk," Walton said.
GC2000, in London, continues through tomorrow. More information can be found here.