"It's not good timing to promote e-procurement without encouraging awareness and knowledge of security. It's very dangerous and opens possibilities of being hacked," he said.
A blueprint is needed of the steps to eliminate security gaps so that government agencies know how they should prepare their network systems and how they can protect their information and services from unwanted penetration, he said.
The government as a user should require application service-providers offering e-procurement services to check their applications and systems for protection from hacking, he urged. E-procurement application samples should not be put online; they should be encrypted, he said.
The authentication process during a procurement session must have at least 128-bit encryption using Secure Socket Layer technology, he added.
"At the moment many websites, both private and public, provide authentication services without encryption technology, which means when users log in to the service they're vulnerable to being hacked and having their passwords easily sniffed out," Prinya said.
There are many types of hacked patterns over the network included intrusion (attacks from outside the organization), destruction, denial-of-service, destruction, spam, mail-boom, forgery, harassment (person use internet to abuse or to attack the others), virus, and hack threat.
Denial-of-service and hack threat are two key types of hacking that have potential to grow as much as in this year in Thailand. Websites of large organizations are the main target of attacking.
"Last year, there were about 36 websites of government agencies and more than 50 website of private sectors had been attacked, this figure shows that we are unawareness on network security as much as enough. Most of attacked source is from north Asia (25%), especially mainland China, USA (19%), and Singapore (19%)," added Prinya.
Komain Pibulyarojana, director of Thai Computer Emergency Response Team (ThaiCERT), as an organization under National Electronic and Computer Technology Centre (Nectec), which focusing on security, said that during 2001 to 2001 there were about 580 serious cases. They are included spam mail 288 cases, port scan and probe 140 cases, virus, worm, and trojan 97 cases, and others (hack, attack,..) 55 cases.
Currently, Thailand has expertise with security certification about 10 persons while Hong Kong has the most number of security human resources in Asia region about 732 persons, following with Korea with 249 persons. The total number of expertise with security certification in Asia region is about 1,594 persons, while it is about 10,000 persons in worldwide.
However, there are screen virus service, called GITS Mail Cleaner, for government websites that provided by Government Information Technology Services (GITS). Government agencies who apply for service will be protected virus from outside. In last year, GITS Mail Cleaner service reported that there were 60,000 to 70,000 times that 23 websites of government agencies attacked by virus.
"If government starts e-procurement without establishing the network security and without concerning on educating the network security knowledge, e-service might be worst for people," concluded Prinya.
There are many hacking patterns over the Internet, including intrusion (attacks from outside the organisation), destruction, denial of service, spam, mail-bombing, forgery, harassment (using the Internet to abuse or attack someone), viruses and hacking threats.
Denial of service and hacking threats are two key types with the potential to grow this year in Thailand. Websites of large organisations are the main targets.
"Last year 36 websites of government agencies and more than 50 of private companies were attacked, and this figure shows that we are careless of network security. Most attacks emanate from north Asia (25 per cent) - especially mainland China - the US (19 per cent) and Singapore (19 per cent)," Prinya added.
Komain Pibulyarojana, director of the Thai Computer Emergency Response Team (ThaiCERT), a security organisation under the National Electronic and Computer Technology Centre (Nectec), said that in 2001 and 2002 there had been 580 serious cases: 288 involving spam, 140 port scans and probes, 97 viruses, worms and trojans and another 55.
Thailand has 10 security experts; Hong Kong has the most in Asia with 732, followed by South Korea with 249. Asia as a whole has 1,594, among some 10,000 worldwide.
We have, however, the GITS Mail Cleaner virus-screening service for government websites, provided by the Government Information Technology Services. It reported 60,000 to 70,000 attacks on 23 government websites in the last year.
"If government starts e-procurement without establishing network security and teaching people about it, e-service could be the worst thing that ever happened," Prinya said.
Quelle: The Nation
