Sean Thorpe | JamCOVID - public trust too precious to lose
A basic tenet for the deployment of any mission-critical and sensitive information system run, albeit by the Government or otherwise, is the need for data security and governance.
That means enforcing confidentiality, integrity, availability.
Any violation of one or more of these three data-security principles would constitute a breach. The issue here with government-supported computer applications is whether one or more of the three outlined principles were violated. That will help the public to understand the scale of the problem.
The integrity principle addresses the requirement for strong data governance for government IT systems and underscores the need for strong accountability. As part of the accountability framework, there has to be a separation of duties and concerns relating to the developer of the applications used by the Government and those who provide the continuous security service requirements for these IT systems.
Security by design has to be part of the management mindset for those who are responsible for the implementation of large-scale projects.
In a time such as this, where data governance has strong implications under the data-protection legislation, this concern has to be properly managed. A high level of trust must be a deliverable.
That a full investigation has been launched into the JamCOVID vulnerabilities does not augur well for the trust of government systems, especially when it plays out in the court of public opinion.
Trust degrades with time and repeated data breaches or vulnerablities, real or perceived.
If there is no statement of action or accountability from the Government and the managers of these systems, public tensions will increase.
The implications of misuse of persons’ digital identity is a grave concern, especially in an age of rising identity theft.
I reiterate the need for authorised access control through passwords with strong encryption, specifically using X.509 encryption certificate transactions afforded through an internationally established digital certificate authority. This is consistent with international best practices.
There may be need for forensic investigations into the critical technical infrastructure of JamCOVID and remedial action taken.
Otherwise, the assumption would be that the applications rolled out by the Government have zero security.
Trust is too precious a resource to lose.
Professor Sean Thorpe is the immediate past president of the Jamaica Computer Society and also the head of the School of Computing and Information Technology, University of Technology, Jamaica. Email feedback to email@example.com