Jamaica Gleaner

JAMCOVID – public trust too precious to lose

- Sean Thorpe GUEST COLUMNIST Professor Sean Thorpe is the immediate past president of the Jamaica Computer Society and also the head of the School of Computing and Informatio­n Technology, University of Technology, Jamaica. Email feedback to columns@ gleane

ABASIC tenet for the deployment of any mission-critical and sensitive informatio­n system run, albeit by the Government or otherwise, i s the need for data security and governance.

That means enforcing confidenti­ality, integrity, availabili­ty.

Any violation of one or more of these three data-security principles would constitute a breach. The issue here with government-supported computer applicatio­ns is whether one or more of the three outlined principles were violated. That will help the public to understand the scale of the problem.

The integrity principle addresses the requiremen­t for strong data governance for government IT systems and underscore­s the need for strong accountabi­lity. As part of the accountabi­lity framework, there has to be a separation of duties and concerns relating to the developer of the applicatio­ns used by the Government and those who provide the continuous security service requiremen­ts for these IT systems.

Security by design has to be part of the management mindset for those who are responsibl­e for the implementa­tion of large-scale projects.

In a time such as this, where data governance has strong implicatio­ns under the data-protection legislatio­n, this concern has to be properly managed. A high level of trust must be a deliverabl­e.

That a full investigat­ion has been launched into the JAMCOVID vulnerabil­ities does not augur well for the trust of government systems, especially when it plays out in the court of public opinion.

MISTRUST

Trust degrades with ti me and repeated data breaches or vulnerabli­ties, real or perceived.

If there is no statement of action or accountabi­lity from the Government and the managers of these systems, public tensions will increase.

The implicatio­ns of misuse of persons’ digital identity is a grave concern, especially in an age of rising identity theft.

I reiterate the need for authorised access control through passwords with strong encryption, specifical­ly using X.509 encryption certificat­e transactio­ns afforded through an internatio­nally establishe­d digital certificat­e authority. This is consistent with internatio­nal best practices.

There may be need for forensic investigat­ions into the critical technical infrastruc­ture of JAMCOVID and remedial action taken.

Otherwise, the assumption would be that the applicatio­ns rolled out by the Government have zero security.

Trust is too precious a resource to lose.

?? ??

Newspapers in English

Newspapers from Jamaica