Many government agencies are struggling to keep up with technology rollouts, with the COVID-19 pandemic only compounding existing issues. Counter to the proactive approach taken by many businesses in the private sector to rapidly implement digital transformation initiatives, agencies such as Australia’s Centrelink and the Australian Taxation Office (ATO) have struggled to keep up with increased demand.
From Australia’s MyGov website crashing at the outset of the pandemic as thousands of recently unemployed Australians rushed to gain access, to the ATO website being targeted by criminals seeking to defraud citizens taking part in the COVID-19 early superannuation access scheme, the legacy systems supporting government offices across the country pose a myriad of problems.
As we begin a new work year and look to the future of online government services, there are three steps that agencies should take to prevent such problems from taking place and promote a better user experience now and into the future.
Overhaul system security
The federal government’s June 2020 report revealed that the Australian Cyber Crime Security Centre (ACSC) responded to 2266 cybersecurity incidents in just one year, receiving an average of one cybercrime report every 10 minutes. Which two sectors reported the most incidents? The Commonwealth and state governments.
ACSC provides guidance to organisations on how to avoid issues with system security, and while it does caution that there is no single strategy which can prevent cybersecurity incidents from taking place, it does provide suggested mitigation strategies for adoption.
The main strategies for overhauling system security that have been outlined by the ACSC — and which can be adopted by government leaders — include application control to prevent the execution of unapproved or malicious programs, and web and email filtering that only allows for approved types of web content from websites that hold strong reputation ratings.
Additionally, the Centre recommends categorising and only allowing approved attachment types, as well as the implementation of multi-factor authentication for any virtual private network users.
Implement real-time observability
Implementing continuous incident detection and automated responses to issues is crucial, and this can be done with automated, real-time analysis. If a website suddenly gets thousands more hits than normal, immediate alerts can be sent to the IT team to investigate such a spike.
The problem with modern technology systems is that they have become so complex that oftentimes there’s a critically long delay between detecting an issue, pinpointing its location and resolving an incident. In days gone by, an organisation typically had a set number of desktop computers running programs from their hard drive and using local file servers to store and share files. Everything was on-premise and it was relatively easy to troubleshoot an issue. Today, there are a myriad of different devices connecting to corporate networks, with a mix of local and cloud-based apps and software, and everyone is heavily reliant on the internet and remote services.
To immediately detect suspicious activity, organisations need to know what exactly is taking place across their technology stack. This can be done by deploying an observability platform that monitors each part of the system, creates user-friendly dashboards to visualise the technology landscape, and displays alerts that indicate where problems are occurring. By implementing this real-time technology, government agencies will gain insight into how their technology is being used and pinpoint issues long before they become problematic.
Leverage data to plan for the future
By taking the time to debrief after large spikes in website traffic or a website crash, teams can better understand what they must improve on for the future. Such peaks and troughs in website traffic and demand are bound to continue in the coming years, but by being able pinpoint what has worked in the past to address such spikes — and looking at what could be improved on for future technology iterations — data can be used to plan ahead.
Over time, using machine learning and other technology tools can also help spot unusual patterns as soon as they begin. If an Australian government website suddenly starts getting tens of thousands of hits from IP addresses outside of Australia, at a time of day when it usually gets only a few thousand hits from Australian users, this could indicate that a cyber attack is taking place. By comparing historic web traffic patterns, AI can immediately detect such an irregularity, and isolate potentially infected devices, quarantining them before malware spreads across an entire network.
By failing to stay in lock step with modern tech environments, Australian government agencies are providing a poor user experience to its citizens. The online consumer experience is nothing new — we’ve been using the internet to do practically everything for over 25 years. Yet despite this, black swan events are still causing websites to crash, and data to be exposed.
By overhauling security, implementing real-time observability and using data to drive decision-making, government agencies will be prepared for future challenges, while delivering a stellar user experience. Australians need access to online services and communication more than ever, yet government websites have continued to fail them. The tools and technology to prevent such issues are out there, and it’s time that they are deployed.
Sharryn Napier is the Regional Vice President for Australia and New Zealand at New Relic. With over 20 years of experience in the IT industry, she has worked in senior leadership roles at Qlik, Serena Software and CA Technologies.
This article was first published by GovTech Review