Thursday, May 31, 2007

eNatis

It is pretty rare for the general public to know about the I.T. workings of a government department. For example - when you go to pay your water and lights account or get your passport all you want is the transaction to go through - you don't care if they are using "PTS.4" or "QUSI-XGT" to process the transaction.

You only really are aware of it when something goes wrong. Which it did at the Department of Transport who are the guys who register new cars, licenses etc. They ripped out the old "Natis" system and to great fanfare implemented the "eNatis" system. Which has been in the papers (Google News turns up 295 articles) because it didn't work.

The staff had no idea how to get it working. The capacity was overwhelming and the IT guys ran around trying to plug the holes and put up new servers to make sure everything worked. This , after it was live, with no way to go back to the old system.

It even led to the Minister flying down from the clouds above and doing something never done in the history of the ANC... apologizing. He hasn't admitted he is wrong - but he apologized none the less, which is a start. In fact, in typical government style the problem remains unsolved but there is a task team in place to investigate whose fault the mess is.

There are many lessons to be learned from this whole ordeal on how not to perform an upgrade including having a backout plan, educating users, having a test case, testing with worst case load expectations (not best case), doing proper governance before hiring IT developers, etc.

But now, a public newspaper has received an audit report of the system that was published before it went live and the have won a court case to be able to publish details in their paper. Apparently the system has no security controls in it which means that any person who uses the system has "root" access.

The government has tried to block the newspaper publishing the details in an effort to have "security through obscurity".

A TV show recently showed that there is little to no physical access control in the Department of Transport's public interfacing offices which means that for a bit of cash one can get access to the terminals.

I'm just relating what I've read. I don't know the extent of the security on the terminals or exactly how the eNatis system works but I am interested in this saga and will publish more when it becomes available to me.

No comments: