Page 19 - Service Delivery Review_Volume 14_Number 3_2022
P. 19
ICT Security
How healthy is the Public Service ICT network?
A rapid assessment of the Public Service ICT network health found vigilance, synergy and swiftness that
are key to Government IT systems and data security wanting, writes, Sheilla Ngxeke-Rametsi
s the Public Service ramps up efforts to move ICT Security Health Survey Responses as Required by The
service delivery into the digital realm, vulnerability Emergency Circular:
Afrom doing government business in cyber-space
increases. A recent African cyber threat assessment Preliminary findings and analysis
report by Interpol says as high as “90% of African busi-
nesses are operating without the necessary cybersecu-
rity protocols”. Closer home, readers will remember the
cyber-attack on the operations of a major government
department. This was after a ransomware attack was
visited on a major South African parastatal, with threats
of crippling its operations if money demanded was not
paid up.
One of the unwritten rules when it comes to cyber-attacks is
the tendency for organisations not to publicly acknowledge
the attacks or to downplay them. They fear that reporting in-
cidents might invite opportunistic criminals who are always
on the lookout for vulnerabilities within government IT sys-
tems which they can exploit. Understandably, the need for
privacy and protection from prying eyes is a core security The ICT Security Health Check survey had a set of 18 ques-
feature. However, this should be balanced against the need tions that covered security areas as “mundane” as email to
for the kind of disclosures within government that would complex server operating systems. The security questions
make for quick and coordinated responses to securing its were in turn categorised in terms of whether they related to
IT systems and data. ICT security, infrastructure or applications:
Application security
ICT Security Health Check
After the cyber-attack incidents, the Department of Public Application security is important because applications are
Service and Administration (DPSA) and the State Informa- often available over various government networks and are
tion Technology Agency (SITA) ran an ICT Security Health connected to the cloud, increasing vulnerabilities to secu-
Check survey across the Public Service. Circulated in mid- rity threats and breaches. It was important that the network
September 2021, the rapid survey sought to get a picture health assessment consider application security as one of
of the state of ICT security health in national and provincial the security areas that needed to be assessed during the
departments to identify those areas that needed attention. exercise. During the assessment, the issues discovered
In addition, the 16 September 2021 circular to heads of de- were that:
partment required national and provincial departments to ■ There are delays in issuing secure socket layer
submit their respective ICT related Auditor General’s (AG’s) (SSL) certificates by SITA
findings and the associated AG reports to get a broader ■ Upgradable legacy systems pose a security risk
view of the matter as part of the data collection process. because the operating systems they use are out
of date
Unfortunately, only 62 and 69 national and provincial de- ■ Departments that have 3rd party applications have
partments had respectively responded to the ITC Security limited administrative rights to patch those
Health Check survey and the request for AG information by applications
the deadline of 27 September 2021. Some of the 62 se- ■ Most departments rely on SITA for patch
curity health check spreadsheets that were submitted were managment (transversal systems and other
found to be unusable. Moreover, among these were those departmental IT systems) as they do not possess
that were poorly populated. They did not correspond with internal ICT security skills.
the relevant security areas as per the template questions
and in extreme cases, the responses to the questions were
left blank.
Volume 14 No.3 of 2022 | SERVICE DELIVERY REVIEW 19
