Reliability versus commercial pressure

Abstract

This week (w/c 5 September 2011) we experienced here in the Netherlands a quite peculiar event. As in many countries in this part of the world (and many others), the government is strongly promoting digital interaction between the government and end-users in many different fields. Filing your tax forms, requesting a new passport or drivers license are just a few examples where important information is exchanged between the government and normal citizens via the internet. The benefits, both for the government and for the end-users, are obvious. For the government it means a considerable (cost-) saving since lot of actions where earlier government employees were required are now performed by the end-users themselves. For the end-users it may result in faster throughput and the convenience of doing things from home. Of course the government realized already long ago that the exchange of sensitive and confidential information via the internet requires a high degree of security. On one hand sensitive information could get in the hands of the wrong people and, on the other hand, end-users may lose confidence in this form of digital interaction and may revert to traditional methods of interaction. Therefore, generally speaking, these transactions are performed via secure connections of which the integrity is validated via proven and well-established security certificates. From a technical perspective this system is definitely secure; the likelihood that ‘via the front door’ people with criminal intention are able to intercept confidential data can be ignored. Nevertheless, this week in the Netherlands this system proved to be highly vulnerable in spite of the highly reliable and secure structure mentioned. The problem was not so much with the product (or system) reliability but with the lesser known and often ignored process reliability. Before a secure transaction can take place a process must be initiated. This process is a sequence of actions and reactions where often a wide range of different parties are involved. Especially in times of economic pressure many of these parties strive for ‘maximum throughput against minimum costs’. This aim for economic efficiency is often already initiated in the procurement phase where contracts very often are awarded to the cheapest bid. Whether this was also the situation in this case is currently still unclear but it became obvious, thanks to investigations initiated by the press, that some links in this process turned out to be highly unreliable. The company, generating the security certificates that formed the basis for the entire chain, had very outdated virus scanners, no firewalls and very sloppy operating procedures. The result was that, on one hand, certificates were generated with the contractual required security and reliability but that, on the other hand, people with criminal intentions could easily modify these certificates for their own purposes by hacking into the system of this company. In the Netherlands this event has generated considerable press coverage; especially because, although for a short while, people were uncertain of the security and integrity of, for example, their tax documents and, in other fields, had to revert to traditional methods for obtaining travel documents. The question often raised is: could this have been prevented. Personally I think this can be done and it can be done relatively easy. Not only products (or systems) can be analyzed on aspects like reliability, safety or vulnerability, this can also be done on the level of organizations and their business processes. Requesting on a structural basis information on business processes, especially when highly complex and critical business processes are involved, should become as normal part of specifications as more common aspects such as costs or delivery dates. If I look to the recent events in the Netherlands (and many other, similar, events also in other countries) this is, unfortunately, not yet the case.