The secure email phase of the government’s internal Secure Electronic Environment (See) security project will be implemented first for all staff within Treasury, the State Services Commission and the department of Prime Minister and Cabinet.
It will be available to every staff member in the departments, says Brendan Kelly, a senior adviser in the SSC’s e-government unit, not limited to “higher echelons” or “bosses” as reported elsewhere. This inital implementation may be functioning as early as this week.
After the three-department implementation has “bedded in”, the e-government unit will start “actively marketing” the system to other government agencies, he says. There is no question of compelling all departments to use See.
Asked whether this might create inconsistency in communications between departments that encrypt messages and those that don’t, he says that the system has “enough smarts” to recognise encrypted and unencrypted traffic and manage each appropriately.
Government agencies already deal with a number of organisations that do not use encryption, and it is inevitable that departments will be inconsistent in their use of encryption for a time at least, because implementation is necessarily gradual.
“Even if we did try to introduce it over all departments, we wouldn’t do it all at once,” he says. “‘Big bang’ implementations are out of favour these days."
Use of See may never be universal within government, he acknowledges. “What we can do is to ensure that the vast bulk of material [transmitted among government agencies] is encrypted."
As reported in Computerworld (See project gets flak from RFP respondents), departments will be offered a choice of three applications to use for email encryption, preserving individual accountability of departmental chief executives for the choice of IT solutions. The three chosen solutions are: Mail Marshal, from Baycorp ID – formerly Wellington-based 128i – WorldSecure from CSC and Secretsweeper from Lower Hutt’s Scientific Software and Systems.
The second phase of See – remote use of secure multi-agency applications – is being developed in collaboration with two other government departments. This will involve the issuing of individual digital certificates to each user, whereas email will be encrypted only at the departmental gateway on to the internet, and authenticated with a general departmental signature.
Digital certificates will be created and distributed only when the applications become available; this is likely to be around June next year, Kelly says. Applications will be accessible through a web browser – subject to the protection of the digital signature.
“There is probably a first-tier audience [for secure applications access] of 2000 to 3000 public servants” throughout government, Kelly says. “Our call is that they will need individual identification.”
He declines to reveal the nature of the applications or the other departments involved in development - “I don’t want to steal their thunder,” he says. But SSC itself is working on an application for collaborative development of policy.