The official version of this document can be found via the PDF button.
The below content has been automatically generated from the original PDF and some formatting may have been lost, therefore it should not be relied upon to extract citations or propose amendments.
1240/5(1979)
QUESTIONS TO BE ASKED OF THE PRESIDENT OF THE POLICY AND RESOURCES COMMITTEE ON TUESDAY, 4th NOVEMBER 2003 BY THE DEPUTY OF ST. JOHN
Question
Would the President inform members –
- h o w many different computer systems are believed tobeoperatedby the States?
- w h ether the Committee hasany plans to centralise allthesesystemsunderthecontrolofonedepartment and Chief Officer?
- o f thenumberofoccasionsonwhich the States I.T.systems and websites have been infected by computer viruses and state what action, if any, is being undertaken by the Committee to prevent this from happeningin the future?
Answer
- I n total, the States operatesapproximately250computer systems comprising a mixture of corporate applications usedbymany departments (financial management,word-processing,e-mail, etc.) andline- of-business applications operatedby departments to carry out specialist functions (e.g. clinical systems used by the departmentof Health). Servicedeliveryto end customers is provided by a mixture of these.
W h il st a very limited number of the line-of-business applications have automated links with others, the
vast majority were developed as stand alone systems, not intended to share information or make use of other information sources. This presents a considerable challenge as the States works towards becoming a customer focussed organisation. The technology building blocks, for which funds were agreed in 2002, will provide the infrastructure to improve this position in the future, but the underlying problem of discrete systems remains and will need to be dealt with over time.
- T h e Committee has been awareofthe need to take a morecorporateapproach to the provision of IT across the States. The IT Directorhas proposed a structure for the organisationof IT across the States based upon a hybrid model in which some functions are centralised and some remain departmental responsibilities. This distributed approach is proposed within a wider structure that identifies an IT Head of Profession' to whom all States of Jersey ITstaff will report (either directlyorindirectly) for various matters, such asjob descriptions, job families, policy andstandards,compliance, succession planning,use of resources, etc.
T h e p roposal is intended to find an efficient mix of centralised and departmental IT activity, to minimise
duplication, maximise user support, and ensure that specialist requirements of the business are met by those most able to do so. The proposal has been circulated to members of the Corporate Management Board for their consideration before wider distribution.
- T h e States' network is constantly assaulted by viruses and network attacks. DuringSeptember 2003, the main corporate Internet gateway stopped 760 e-mail borne viruses and 5,600 unsolicited (SPAM) messages - typically these figures increase month by month. In the past three years, of the many thousandsof attacks, only three viruses have penetrated thenetwork and resultedindowntimeforStates' systems, preventing some staff from being able tocarryoutworkas desired. Noneofthe attacks affected core data orsystemsor resulted in anylong-termproblems with theStates' IT infrastructure.
T h e m ost recent attack (the Blaster' worm) affected many businesses both locally and globally, and many were very severely affected. Only some 20 per cent of States of Jersey desktop computers were affected
(no servers), caused, it is believed, by a failure of an unknown individual within the States network to comply with States security policy. This attack highlighted the need for a change in security procedures,
and as a result, the Computer Services Department has reviewed and tightened virus protection and software
update procedures, and has followed an industry trend towards securing not only the corporate internet gateways, but also the core network itself.
A s re liance upon IT to deliver key services increases the risk and impact of virus attack will increase.
Furthermore, the States of Jersey needs to ensure that it is not the source or unwitting carrier of viruses to others and so, in common with all other organisations who use IT, the States has no choice but to maintain robust defences.