User Rating: / 0
PoorBest 

The KZN Treasury has implemented a Biometric Access Control System that is intended to save the government millions of rand by curtailing fraud and corruption within the provincial administration.

 The KwaZulu-Natal (KZN) Finance Ministry controls an annual budget of R50 billion. When just one percent of this budget is lost to fraud, it results in a significant R500 million of taxpayers’ money lost per year. This, coupled with the escalation of computer-related crimes across the public and private sectors, made it necessary for the KZN treasury to take more stringent preventative measures in avoiding fraud.

Together with the State Information Technology Agency (SITA), the KZN provincial treasury has implemented a Biometric Access Control System that is intended to save the government millions of rand by curtailing fraud and corruption within the provincial administration. The project seeks to combat cyber-attacks on the information technology systems that government uses to manage its resources. KZN is the first province in the country to implement this system. There is, however, a business case for the system to be replicated throughout all provinces, national departments and local municipalities.

According to Tubatsana Monareng, senior manager of Information Systems Security at SITA, most of the fraud perpetuated against government is through its legacy accounting systems on Persal, relating to payments of government employees or on the Basic Accounting System (BAS) relating to payments to creditors.

In the past, the security of these systems relied heavily on login passwords that could easily be compromised. “Using just passwords as a security measure meant that fraud happened in collaboration; people could work together to commit fraud and get away with it,” explains Monareng. It became evident that a more stringent security framework needed to be implemented to combat the pandemic of corruption taking place in government departments.

e-Fraud – The Diagnosis

The KZN Treasury approached SITA seeking the ideal solution that would meet its stringent requirements. Monareng and his team set out to design a solution that would work across multiple mainframe and open system applications, and also across all government departments of the KZN Treasury. The solution also needed to be compliant with the South African legislation as well as international good practices and standards.

Given the significant risk of electronic fraud, KZN Treasury wanted to rapidly implement a consistent and pragmatic approach to the proactive management of electronic fraud to over 4 000 of its computer users scattered across the KZN province, and operating from 16 federated government departments. The KZN provincial Treasury prioritised the protection of its core mainframe applications (BAS and PERSAL) for the initial phase of the master plan. Additionally, as part of its zero tolerance approach, KZN Treasury also wanted to visibly deter fraud, educate its personnel about electronic fraud and, most importantly, protect innocent people from being implicated in cases of electronic fraud.

e-DNA Treatment

The SITA team worked closely with KZN Treasury to refine and evaluate KZN Treasury’s business requirements and found that what they needed was an enterprise-class Electronic Fraud Management System (EFMS). The solution had to deliver strong multi-factor Access Control and Identity Management, PKI cryptography, context-sensitive non-repudiation, and forensic reporting capabilities. Additionally the solution had to be capable of working across disparate networks, as well as support mainframe and open system applications. SITA and KZN Treasury collaborated in the evaluation of the available solutions and awarded a tender for the requirements to Datacentrix and their business partners L@Wtrust, to implement the locally developed e-DNA, EFMS solution suite.

In essence, the e-DNA solution behaves like an intelligent surveillance system inside the protected applications. It “records” changes to transactional information and can action business rules when sensitive behaviour is sensed. It effectively yields an alwayson, reliable and impartial witness to sensitive transactional data. It supports Information Integrity in that the Evidence Vault delivers a context-sensitive audit trail, that carries sufficient evidentiary weight of exactly who did what, and when it was done inside the application. When sensitive behaviour is sensed, the system can automatically invoke defensive action based on business rules, or continue to “record” what is happening, in a manner that is transparent to the user.

Going forward SITA plans to collaborate with its technology partners to bring the solution to all government departments in the ongoing fight to eradicate fraud and corruption in the public sector.

Prevention is better than cure e-DNA is an extensible and modular EFMS solution that makes it ideal for enterprise environments with transversal applications. The strong sign-on module, for example, eliminates password theft and abuse through secure multi-factor Access Control & Identity Management. This then integrates with biometric and smartcard technology, which then interacts cryptographically with the e- DNA Evidence Vault.

Monareng explains that a high degree of re-usability of system components makes for good investment protection and yields a cost-effective roadmap to expand the system to also protect other applications such as logistics, procurement and other Line of Business applications.

Simply having these systems set up goes a long way in preventing fraud from happening in the first place, states Monareng. “While it is important to finally be in a position to persecute perpetrators, the success of the implementation also lies in the ability to deter would-be perpetrators from committing the crime in the first place. In so doing we have succeeded in deterring corruption from the onset. The end results of this, is people taking responsibility for their actions,” he concludes.

C O N T A C T

Tubatsana Monareng
Senior Manager: Information Systems Security (ISS), SITA
Office: +27124822821
Fax: +27123674901
Website: www.sita.co.za

PICTURE 1

Tubatsana Monareng, senior manager of Information Systems Security at SITA