To reduce data leakage risks, the Central Database Hub (Padu) was placed under the purview of civil servants instead of third-party vendors, says Rafizi Ramli.
During a press conference at the Economy Ministry in Putrajaya on Thursday (Jan 4), the Economy Minister said data leakages had previously happened when third-party vendors were contracted to develop government data applications.
Rafizi also said the model of appointing a vendor or private company to develop integrated government applications is no longer appropriate, adding that a third-party vendor’s duties are only limited to the terms of their respective contracts with the government.
Read more at http://tinyurl.com/5b8apvec
WATCH MORE: https://thestartv.com/c/news
SUBSCRIBE: https://cutt.ly/TheStar
LIKE: https://fb.com/TheStarOnline
During a press conference at the Economy Ministry in Putrajaya on Thursday (Jan 4), the Economy Minister said data leakages had previously happened when third-party vendors were contracted to develop government data applications.
Rafizi also said the model of appointing a vendor or private company to develop integrated government applications is no longer appropriate, adding that a third-party vendor’s duties are only limited to the terms of their respective contracts with the government.
Read more at http://tinyurl.com/5b8apvec
WATCH MORE: https://thestartv.com/c/news
SUBSCRIBE: https://cutt.ly/TheStar
LIKE: https://fb.com/TheStarOnline
Category
🗞
NewsTranscript
00:00 So apart from the user familiarity of Pandu, actually the most concerning thing is about
00:04 the cybersecurity.
00:05 Everybody is very concerned whether there might be a data leak in the future because
00:10 there is a history of data leak from the agencies.
00:13 So what is the most direct way that you can convince the public that you can do this with
00:19 our guarantee that we will protect this data in the most direct way?
00:22 Well there are many, many processes that have to be in place.
00:26 I think first is when we design the system, it has taken into account all the standard
00:34 SOPs that takes into account cybersecurity measures.
00:40 But that's not enough as with any system.
00:44 There are also other enablers to tighten cybersecurity accountability and that's why apart from the
00:52 data sharing, apart from the existing acts that regulate the accountability for the data,
00:58 Omnibus Act is coming that will strengthen the cybersecurity further.
01:04 And of course I think now Mampu and Kementrian Digital will focus on more regulatory measures
01:13 to bring up the speed of data protection in this country.
01:20 Even then that's not enough.
01:21 Even if you design the system well based on standard cybersecurity measures, even if you
01:29 have the best of law, even then it's not enough.
01:32 What is as important is the skill, is the expertise of government agencies that manage
01:44 all these systems because cybersecurity is a 24-hour job around the clock and it's not
01:53 a static thing.
01:55 Every day someone will come up with a new way to try to hack, to try to breach security.
02:01 So the previous approach to government system is that you outsource.
02:10 That expertise is not with government, it's not with civil service.
02:14 And then if something happens, we are accountable.
02:19 So that's why it's important to push through GovTank and to drive up the expertise of civil
02:26 service to be able to handle huge systems like this at par or even better with what
02:35 private sector can offer because along the way this process will build and centralise
02:42 the cybersecurity expertise in the government.
02:46 I don't believe that any government in this world can just tell a few words to the media
02:53 and the public will be confident.
02:55 It doesn't work like that.
02:57 It's how you manage the whole project, the whole product, it's how responsive you are,
03:03 it's how open you are, it's how honest you are.
03:08 And I think that's what we are trying to do so far.
03:10 That's why we have this press conference, we have update every 12 hours and eventually
03:17 I think as government moves towards GovTank, governments will operate almost like any other
03:23 software house.
03:24 If we have an application, we will release patches, bugs from time to time.
03:29 And over time I hope when we do that and with the expertise, with a better UI/UX, with better
03:38 features, over time the public will be confident.
03:43 But the other thing is in terms of risk mitigation, that's also the reason why we decided that
03:51 it's best to be done by the civil service because that limits access to third party
03:57 to data.
03:59 And I personally think that if we can do this well, actually we can mitigate the risk of
04:06 security breach.
04:08 Because you know, usually when there is a data breach, people look at the public or
04:14 government.
04:16 People don't know that when a system is developed by third party, so many hands have access
04:22 to it.
04:24 And more often than not, the more access there is to vendors or third parties that
04:29 are not regulated or are not accountable to data security in the end.
04:35 So that's also the reason that I think that's also a measure that over time we can assure
04:44 the public that as more and more GovTank applications are rolled out, when it's handled by civil
04:53 service, it limits unwarranted access to non-government personnel.
04:59 �
05:00 �
05:01 �
05:02 �
05:03 �
05:04 �
05:05 [BLANK_AUDIO]