The MSD computer breach
Stuff reports:
Social Development Minister Paula Bennett says security of computer systems is an operational matter despite giving earlier assurances she would monitor it.
Few people who are not partisan would expect the Minister to somehow be over the details of computer systems in a massive ministry. The job of the Minister, like a Director, is to ask questions such as have you had a firm test your security etc. Bennett did not say (as no Minister would) that she would monitor computer security. She said:
“Whilst the ministry has a strong focus on reducing its national office numbers there are also substantial plans to automate frontline services for clients through the use of online and other IT solutions,” she wrote.
However there is no doubt the Govt gets damaged when ministries fail, and they are held ultimately accountable if they are not seen to respond strongly enough and give reassurance it won’t happen again.
Consultancy firm Deloitte has been appointed to conduct an independent investigation after blogger Keith Ng revealed he was able to access Ministry of Social Development servers through public kiosks in a Work and Income office.
MSD chief executive Brendan Boyle yesterday admitted they had not have acted on earlier warnings about the system.
That is hugely concerning, and someone should be held accountable for that. Also as I had previously blogged, the investigation should not just be into the security breach, but also into why the kiosks were even connected to the main corporate network.