Public Security Berry warns: IMPACT platform is not secure

الأمن العامّ يحذّر برّي: منصة IMPACT غير آمنة
A workshop to introduce deputies to the IMPACT platform developed by the Central Inspection was held in parallel with a letter from General Security, which, as marked in the content of the invitation, is considered “one of the most important digital transformation initiatives of the Lebanese government” and marked as “a top secret”. He warns against this platform “hosting Lebanese data on a suspicious foreign server”. The content of the message is not new. The Directorate had earlier written to the Presidency of the Ministry on 15 February 2021, “After following up its activities, it was found that it was creating web pages for several public institutions. After a technical follow-up to the Covid.pcm.gov.lb websites (for motion permit at closing) and covax.moph.gov.lb (vaccine request registration), a server in Germany found that both pages were hosted on this page, so this page Stored. All data on this platform is also found to be hosted on virtual servers in Germany, and it is not known who has the right to access, control and withdraw data from it. ”

The General Security at the time had proposed the formation of a committee headed by the Minister of Communications with the heads of the technical branches of the Security Council to “study the subject from technical and security aspects”. One day after the book, the Prime Minister issued a resolution (No. 11/2021), in which a technical committee headed by the Minister of Communications was formed, requesting the study of the security and cyber aspects of the Impact platform and its sub-pages to submit the necessary recommendations for securing protection data for that platform.
The committee met several times but made no recommendations. George Atia, head of Central Inspection, said renting servers in Germany had previously been considered an urgent option, and due to the need for high capacity to withstand the large flow of data through the platform, continuity should not fall off the network as a result of pressure. But he assured that the rented servers were dedicated servers and highly encrypted.

Public safety requires that the legislature be contacted to determine the legitimacy of the IMPACT platform

However, four months after the government’s presidency received a letter from Public Security, the Directorate still seems concerned about the platform’s activities, especially with NGOs (the British government – funded Siren Organization) here, which “run the platform and manage all the project details. The letter states that the organization is technically overseeing the platform and, therefore, the central inspection staff is technically unable to stay in control of technically all project details.
As a result, the total number of digital accounts registered on the IMPACT platform at the end of last year was 5,818. Members of the House of Representatives are expected to join, from the beginning of the year to the present, to examine the needs of their constituencies at various levels (health, development, agriculture…), creating and viewing electronic accounts for delegates that will allow them to enter the workshop platform.
In a letter to the Speaker of the House of Commons, Public Security confirms that the lack of technical and security guarantees that the platform fears that this data has not been hacked by hostile parties, all of which could be retrieved by hacking or stealing or modifying their data. It is noteworthy that the opposition is from the public safety side. However, informed sources refuse to examine the causes of each device, but they do indicate that the military occasionally obtains a copy of the data on the platform.
In the observations made by General Security, the Central Inspection is a supervisory authority, not an executive authority, and therefore its activity in collecting information on Lebanese and establishing alternative platforms for e-government is considered illegal. Especially since no party can monitor the functioning of the central audit. This is a note to be included in the security notes and the Directorate directs to approach the Legislature and the Consultation Commission to determine their accuracy.

See also  "WhatsApp" answers the most important questions that concern users
Written By
More from Josh Atkinson
Explains problems with Microsoft Email and Office 365, as reported by users around the world
Many users are experiencing technical problems with Microsoft Lotlook services around the...
Read More
Leave a comment

Your email address will not be published. Required fields are marked *