Poorly managed computer systems a risk in Govt institutions
 

by Gamini Warushamana

Organisations can improve their efficiency by using computer technology. Government institutions handling especially a large volume of data can use technology effectively to make things easy for people. However, bureaucracy, inefficiency and corruption coupled with lack of IT skilled top officials make things worse and the institutions lose valuable data within a few seconds creating serious issues in government service.

The Department of Motor Traffic (DMT) faced a similar crisis recently and the computer system in the department was paralysed for nearly one week bringing all work in the department to a standstill. Fortunately the data in the database had not been deleted as reported by some media, sources said.

After the crisis officers accused one another in the media and this demonstrated the lack of coordination and bureaucracy that prevailed in the department. According to media reports the IT personnel in the department attempted to blame the Commissioner and the Assistant Commissioner (IT) for it. The Sunday Observer learns that this was a result of many issues by various officials including IT personnel.

The DMT case is an example how poorly the government institutions use computer technology and the associated risk therein. The DMT is one of the main institutions that brings a large amount of revenue to the government and its data base is very important in many aspects including national security.

After the computer system failed, the DMT called for assistance from the Sri Lanka Computer Emergency Response Team (SLCERT) of the ICTA. The SLCERT report said that the DMT was very fortunate to survive a major catastrophe, due to the early detection of the problem.

The report highlighted key issues in the DMT computer system. The report said that the system doesn't have a firewall system or up-to-date anti virus protection between the client and the server. The anti virus application was last updated in December 2004. There are no policies with regard to information security such as password policy, shared access policy, backup policy and disaster recovery policy in the system.

The client machines can access the shared folders in the application server without any authentication. The report also highlighted the bureaucracy in the administration and said that there is a distinct lack of cooperation between the IT team and the management, making coordination of recovery activities difficult. There is resistance to change within the team, which impedes the introduction of a solution, the report said.

The report said that the viability of Windows NT use in the system needs to be re-examined by the DMT. Windows NT is an outdated platform and it has limited security features. Currently the vendor Microsoft does not support the Windows NT platform, it said.

The SLCERT team detected that the victim machine was infected by a Worm (CME-24). It attacks security applications and attempts to disable antivirus applications. CME-24 activates and overwrites files with the extensions on the third of every month at a time scheduled via a command.

Since the worm contains a backdoor to the infected system it may not be removed by an antivirus application or a removal tool. It spreads through file sharing over the network. It utilises aliases to confuse victims about its identity. It writes system registry keys so that any deleted files will be reactivated when the system is restarted, the report said.

Though the IT personnel of the department said that the virus infection came from the internet, the report said that the network is isolated and has no internet or email connection. The possible infection media could be USB drive, floppy disk or a CD.

The SLCERT has made the following recommendations to be implemented immediately.

* Remove all machines from the network, including the server. Install and run up-to-date antivirus software on the server and clients before connecting them to the network. Since the worm has built-in backdoors and other components that will not be detected by antivirus applications and highly recommended total system backup of the application server is necessary.

* Long and medium term recommendations of the SLCERT are important for all government institutions handling a similar network. It recommends to replace the Windows NT server with a current server platform such as Windows 2003 server. The report also recommends the installation of firewall and limits access between the clients and the server.

It also recommends obtaining genuine, licensed versions of Microsoft Windows for client machines and to formulate and enforce regular update policy. It is learnt that all machines used by DMT are assembled machines with no brand and the software running on them are copies.

* For virus protection, it recommended to formulate a software update policy and keep virus definition files up to date.

The DMT is a key government agency and if it maintains the computer system in this manner we wonder how other institutions fare.

The government is planning e-governance that computerises all departments and connects them to one network. The DMT case shows how poorly these already computerised institutions maintain their systems.

The DMT lapse also stresses the need for close monitoring by independent government institutions such as the ICTA.

[email protected]