Despite costing the state 62 million euros per year in maintenance costs, since 2012 there has been "virtually no progress" in implementing the management policy of state-owned Information and Communication Technology (ICT) infrastructure, the State Audit Office concluded in a report released June 10.
"Each authority optimises the ICT infrastructure according to its own understanding and possibilities. That leads to different situations in various authorities, as there are ministries where ICT management is organised centrally, and there are ministries where is no single management, and it is done by each institution separately," said auditors, who were also highly critical of security measures.
"Protection of physical infrastructure is neglected now," they warned. "Although the ICT infrastructure is an integral part of cyberspace by the Cybersecurity Strategy... Deficiencies in the differentiation of security requirements lead to both inadequate protection and costly solutions where over-protection of insignificant information causes an excessive financial burden on the state budget."
A single person with a grudge could cause havoc, the auditors warn: "The State Audit Office believes that there is an urgent need to improve the mechanism for monitoring the safety of ICT infrastructure, which has no clear requirements for physical and environmental safety and has no survey and monitoring of the situation in the country as a whole. This poses a risk that the authorities will not be able to defend themselves if an individual decides to use disorder of the physical and environmental safety to damage, destroy, or steal essential technical resources and the data contained therein."
"Furthermore, state departments do not perform regular evaluations of what would be cheaper – maintaining the ICT themselves or cooperating with other departments in its maintenance," it added.
The State Audit Office said it had randomly audited four ministries – the Ministry of Culture, the Ministry of Justice, the Ministry of Agriculture and the Ministry of Education and Science, with the Ministry of Justice rated as having "achieved the most significant progress in the centralization of ICT."
However, the optimization of ICT started 8 years ago in the other ministries "remains incomplete" the report said.
Inefficient use of resources appeared to be rife with the four ministries using no fewer than 38 server rooms
"There is no co-operation in the placement of ICT infrastructure between the ministries or even within one ministry, which has no rational justification," auditors concluded.
Even plans to rationalize the system have themselves become inefficient and ineffective, the report said, citing the example of a single electronic communications service center was forecast to save up to 3 million euros over five years.
"The establishment of such a center has been planned since 2011. Although the center should have started operating in January 2019, only two institutions began using the services of the center in reality during this period," the report says, suggesting that it would make sense for institutions to have mandatory requirements and deadlines.