Security slip-up affects PM and Cabinet network

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Government Shared Network encryption certificates expire

By Randal Jackson | Wellington | Wednesday, 11 November, 2009

When the clock ticked midnight on October 30, several government departments became vulnerable to digital attack after the encryption certificates for the Government Shared Network expired.

The departments affected included that of the Prime Minister and Cabinet.

Internal Affairs confirms the outage on November 1 but says there were no actual security breaches.

“In such a situation, traffic will not traverse the network to avoid the potential of a security breach,” DIA says in a written response to Computerworld.

“The department is very concerned that the outage occurred and is working closely with the vendor to ensure that such outages are mitigated as far as possible in the future for the remaining time that agencies will be using the GSN (around four to six weeks).”

The GSN is being replaced by a network known as one.govt, which will be run by Datacraft.

“We inherited the platform from IBM and there was a technical issue that culminated from that,” a Datacraft spokesman says.

It was fortunate that the incident occurred on a Sunday. DIA confirms that only the Department of Labour, which operates at airports seven days a week, was operationally affected.

DIA says the certificates had to be rebuilt.

“It relates to a single point of control for certificates, by deliberate design, rather than an infrastructure single point of failure.

“The GSN is designed to align with government security policy.”

DIA says the cost of providing and rectifying the service will be borne by the service provider.