Australian InfoSec Leaders Discuss Digital Government
Efficiency and accessibility are key motivators behind the shift to digital government, but identities and data must be protected
Digital government matters. Our world is increasingly digitally aligned and connected. As such, Australian businesses and people expect their dealings with government to match their experiences with other sectors.
Australia is striving to be one of the top three digital governments in the world, calling for digital transformation to provide all Australians with the ability to deal with government anywhere, anytime, on any device, for every service.
Given that certain government interactions are mandatory for Australian businesses and individuals (such as tax obligations) digital government services should strive for less friction between people and government and increase the overall ease with which these interactions can take place.
Former Australian Taxation Office Chief Information Security Officer Jamie Norton, who is now a consulting partner at cybersecurity firm McGrathNicol, says efficiency is the core answer to why governments must transact digitally.
“It just improves the user experience and is much more timely when you can interact digitally and not have to worry about paper forms or outdated ways of doing things,” he says.
“It’s faster, more efficient and hopefully requires far less work on the back end to process and automate those transactions. It also gives consumers the ability to get a quick answer, solution or transaction experience and not have to experience the frustration of accessing support via a call centre.
“Whether it’s health-related, related to taxation, human services or welfare, it’s much more efficient to do these things online, both for the agency and the consumer of those services.”
In a large, sparsely populated country like Australia, going digital should also broaden the access of government services, according to Federal Court of Australia Chief Information Security Officer Tom Daniewski.
“As a citizen, the digital enablement is about supporting and servicing our community better. Faster and safer of course, but accessibility is also a key issue,” he says.
“Particularly in some of the more remote areas. For example, I have my mum living on a country property, and it’s not easy for her to just go into a government office.
“It’s also about ease-of-use by different groups of citizens. We have a lot of different ethnic minorities, and it’s exciting to make access to services more profound and more user-friendly for all.”
Internal Enablement
In a connected society, increasing the reach of government services through digital channels makes sense from an efficiency and access perspective.
Digitisation in government can not only help to connect Australians to services, it can also improve the way agencies operate.
For Australian Parliament House Director for Cyber Security Operations Nadia Taggart, digital enablement ensures the function of the organisation itself.
“While we do provide ICT services to the general public who visit Australian Parliament House, our primary users are the Members of Parliament and their staff,” she says.
“What we seek to provide for them is to support their ability to conduct parliamentary business. Usually, this means maintaining the availability of our ICT environment so they have seamless and uninterrupted operations.
“It is important for cyber security to be a business enabler. Technology is now critical to supporting almost every aspect of how we engage with our world, be it in our personal life or at work.
“Understanding the requirement to support and enable people to achieve personal and business outcomes is why we have seen the shift from focusing on compliance to focusing on risk management.”
What Does a Secure Digital Government Experience Look Like?
The benefits of transacting digitally with government are clear in that they enable efficiency, greater reach and speed, both for the customer and hopefully the agency.
Many users won’t typically be thinking about how a government department’s back end is storing and protecting their data in the face of the online threat landscape, so we asked government cyber leaders what they think a safe and secure government experience means from the user’s perspective.
McGrathNicol’s Jamie Norton says during his tenure as CISO at the ATO, he was heavily involved in the security of online services, including integration with MyGov and the digital identity program involved with that. He says there a couple of key factors that consumers, himself included, are interested in when it comes to engaging with these digital services.
“One is obviously the security of my data at a fundamental level,” he says.
“There’s the expectation that when you transact with government, that information transfer is handled securely, but also that once the data is with them it is looked after in the right way and won’t be found floating around on the internet somewhere. Particularly if it’s taxation or medical data or something sensitive.
“The other part is around your identity itself. As we become more digital and more systems potentially integrate with each other, that is its own issue for people concerned with how much sharing occurs across agencies.
“So, it’s really important to make sure the primary identity piece is secure. The more digitised we are, the more rich our data held by government is, which introduces a lot of risk if that data is compromised.”
For Johan Fantenberg, Principal Solutions Architect, APJ with ForgeRock, ensuring trust requires that users understand how data will be used and shared across government services, but also that those services feel convenient to use.
“Today we expect mobile-first experiences, the ability to use biometric means of authentication and service enrolment and linkage processes that are designed with information minimisation principles in mind,” he says.
“For example, only asking for what is required to offer a service and use data that is already available and consented by the user, such as not asking users to repeat things like date of birth, name and other details. Those core attributes should already be known and just referenced if required for a service.
“It is also important that digital government services are inclusive and usable by a wide range of users, including users with disabilities and specific language preferences.”
Level-of-risk discussions play a big role in making digital government service experiences more positive and frictionless, while remaining trustworthy.
Australian Capital Territory Government Chief Information Security Officer Julian Valtas says the model that government agencies can strive for is what some technology giants have already achieved.
“Big private technology companies have introduced security that is nonabrasive,” he says.
“We aim to have service principles where sign-up is simple and identity validation has appropriate assurance. Whether it’s assisted by smartphones or federated accounts, when the utility of the service is valuable and user experience is considered as a core design principle, people will want to interact with it, and it benefits them to do so.
“I think providers that force their users to have frequently expiring 20-character passwords while claiming that this makes the service more secure are giving a false impression of security. That kind of user experience is so compromised that take-up will invariably suffer.
“Contrast that with the big tech giants introducing opt-out passwordless authentication, single sign on and risk-based MFA… that all goes towards the recognition that identity security is now our biggest challenge.”
This article is an excerpt from Corinium’s new report, Building Trust in Digital Government, Australia. Follow this link to download the full report for free now!