Government departments are continuing to rely on stovepiped IT projects that leave them exposed to myGov-style system crashes and cyber attacks, according to an independent think tank.
The warning is contained in new resource released by the Australian Strategic Policy Institute to help government agencies deal with peak and surge demand for digital services.
It comes after high profile fails including the myGov website crash during the early days of the covid-19 pandemic in 2020, and the offlining of the eCensus in 2016 after a series of DDoS attacks.
The current reality is that individual departments, responsible for delivering their own IT projects, continue to rely on many stovepiped, single-purpose projects that can’t deal with unexpected demand.
ASPI International Cyber Policy Centre
Distributed Denial of Service (DDoS) attacks disrupt digital services by flooding them with malicious traffic.
ASPI’s International Cyber Policy Centre says government services are attractive DDoS targets for those who enjoy causing chaos and confusion and the types of attacks, as well as their scale, is continuing to increase.
Dealing with demand
ASPI’s International Cyber Policy Centre says agencies fall down when they aren’t equipped to deal with unexpected and unpredicted demand.
In an ideal world agencies need to be able to predict demand when there’s likely to be demand for government services, when surges will arise and how long they’ll last.
But the paper, authored by ICPP senior analyst Tom Uren, acknowledges this is fraught, because under-investment in resources to do this can leave government agencies politically exposed (as the 2016 census demonstrated) while over-investment can result in higher than necessary costs.
“Variability in demand is a fact of life,” ASPI says.
“Because crises are, almost by definition, unexpected, trying to model demand and then build services to cope is problematic.
“A service can be built to handle a crisis by including essentially wasteful overcapacity that’s not expected to be used in normal operation, but a service that’s built to handle modelled demand is almost guaranteed to fail in a crisis.”
Cloud strategy
ASPI says increased use of cloud services, something that is encouraged by the DTA’s Secure Cloud Strategy can overcome the need for crystal ball gazing about demand.
It says despite the benefits of could technology for government services, “the current reality is that individual departments, responsible for delivering their own IT projects, continue to rely on many stovepiped, single-purpose projects that can’t deal with unexpected demand”.
The stovepipe approach also leads to duplication of effort and siloed expertise, when resources coud be more efficiently pooled under a cloud model and the ‘secure hubs’.
However the paper acknowledges that budgetary, skills and cultural issues within the public service will need to be overcome before wholesale uptake of cloud services is adopted.
The paper recommends the ‘CIA triad’ (Confidentiality, Integrity & Availability) as a best practice model for digital government services.
The model is based on data only being available to authorised users; being safe from tampering, loss or corruption; and the ability to use the service when needed.
Comment below to have your say on this story.
If you have a news story or tip-off, get in touch at editorial@governmentnews.com.au.
Sign up to the Government News newsletter