Tackling security: Lac Carling Congress calls for action plan

Delegates at this year’s Lac Carling Congress voted overwhelmingly in favour of action on sensitive security issues surrounding e-government.

They were less certain, however, on how quickly they wished to move.

In a series of votes at the annual conference, the congress effectively set the agenda for the next year in information technology and information management circles.

Delegates voted 90 per cent in favour of a proposal to create a working group on a core security issue – identification, authorization and authentication – to report to the Public Sector CIO Council (PSCIOC) and the Public Sector Service Delivery Council (PSSDC).

Significantly, the group was also 85 per cent in favour of a proposal to have the working group consider “enabling service delivery across jurisdictions, including the re-use of tombstone information.” (Re-use was specifically taken to mean passing data on to other jurisdictions rather than re-entering it).

The top three priorities for the working group are:

• Developing principles, guidelines, criteria or standards,

• Confirming a “chain of trust” framework, and

• Developing an action plan on a short-term framework.

As Ontario CCIO Greg Georgeff noted, each of the three priorities reflected a spirit of “getting on with it – let’s do something.”

On another issue, however, delegates were less decisive, voting only 59 per cent for including authorization – as defined in Ontario’s model of a security chain of trust – in the mandate for the working group.

They were also equivocal on the question of whether businesses or individuals should be the focus of a test of a cross-jurisdictional working model, with 48 per cent opting for individuals and 51 per cent for businesses. There was more agreement on whether such a test should deal with known clients or new clients, with 76 per cent choosing known users and 23 per cent new participants.

A final question on procurement issues also drew an inconclusive response. Asked whether a joint public-private sector committee should review procurement rules for large service transformation projects, delegates were 51 per cent against and 48 per cent in favour.

Michelle d’Auray, CIO for the federal government, told delegates they had identified a need for definitions and a common understanding of the vocabulary around identification, authentication and authorization. They had also highlighted the need for a coherent and consistent client “experience” and called for open, universal standards that leveraged existing processes and infrastructures as much as possible.

In closing remarks to the congress, Manitoba CIO David Primmer said the event had advanced e-government in “practical and tactical” ways, bringing people from diverse sectors and jurisdictions together in a common cause.

“I see the emergence of the vendor community as key,” Primmer said. “We’re talking about how to do business and how to move the agenda ahead jointly.”

Richard Bray ( writer@canada.com) is an Ottawa-based writer specializing in technology and e-government issues. Robert Parkins ( rparkins@itworldcanada.com) is managing editor of CIO Governments’ Review.