[ISN] Govt scores poorly in security test

From: InfoSec News (isn@private)
Date: Wed Jul 07 2004 - 03:44:13 PDT


Karnjana Karnjanatawe
07 July 2004

Government web sites could be at risk from security threats, according
to a recent survey, which found that only 12% of 267 surveyed agencies
used data encryption technology, and only one organisation _ Krung
Thai Bank _ utilised digital signatures.

The survey by the National Electronics and Computer Technology Centre
(Nectec) covered 267 government deparment-level agencies, universities
and state organisations.

It also found that almost half of the web sites surveyed relied on
only a user name and a password to authenticate users, while 12%, or
32 agencies, secured information with SSL or data encryption

"Some agencies do not even have a firewall to protect against hackers.  
This is a weakness of the government," said Nectec director Dr
Thaweesak Koanantakool, adding that agencies needed to be more
concerned with security and provide secure transactions to the public.

ICT Ministry permanent secretary Dhipavadee Meksawan said to help ease
security concerns, the ministry plans to invest up to eight million
baht to provide 50,000 digital signatures for government officers by

"The digital signatures will be issued by the Government IT Service,
TOT Corp and the CAT Telecom," she said, adding that they will help
reduce document fraud and provide secure transactions.

The survey, conducted between 14 January and 31 March this year, aimed
to find out the e-service readiness of the web sites. It also tracked
information provided by the sites, including basic organisation
information, history, email, news and links to other agencies.

More than half (64%) are bilingual web sites but only two
organisations (1%) had features for easier accessibility, such as
captions for pictures and clear fonts and colours.

Most of the agencies (91%) updated their information once a week while
the remaining 9%, or 25 agencies, updated the information more than
once a week.

Some 77% of sites offer interactive functions such as an email form
(82%), web board (74%), FAQ (39%) and internal search service (47%),
while 55% or 145 agencies have transaction functions including log-in
forms (54%), data transactions (10%) and online payments (6%).

None of the government agencies provides applications on their web
site and only seven percent (19 agencies) have implemented basic
intelligence that can provide information based on a user's log-in.  
Most of these were web sites of universities, said Dr Thaweesak.

"We want to see more integration and intelligence from the government
web sites in the future," he said.

Meanwhile the ICT Ministry permanant secretary said the survey would
be used to reflect the status of government agencies to Cabinet and
for allocating its ICT budget.

Nectec also plan to extend its survey to cover the web sites of
provincial administrative offices, schools and ministries in the

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Wed Jul 07 2004 - 06:29:10 PDT