georgia’s successful journey to...
TRANSCRIPT
GEORGIA’S SUCCESSFUL JOURNEY TO E-GOVERNMENT E-GOVERNMENT DEVELOPMENT IN GEORGIA
Irakli GvenetadzeLEPL Data Exchange AgencyMinistry of Justice of Georgia
GEORGIA
GEORGIA – COUNTRY PROFILE
Population: 4.2 million Capital: Tbilisi Area: 69,700 sq. kmHighest point is Mkinvartsveri – 5047 meter
GEORGIAN ALPHABET
GEORGIAN NATIONAL COSTUME
UN E-GOVERNMENT SURVEY 2014
GEORGIA Rank 2014
Rank 2012
Rank 2010
Rank 2008
E-Government 56 72 100 100E-Participation 66 73 132 143
GDP PER CAPITA
RELATION BETWEEN EGDI AND NATIONAL INCOME (GNI PER CAPITA), LOVER-MIDDLE INCOME COUNTRIES
WHERE GEORGIA STARTED FROM • Create information systems
• Digitalize internal information resources
• Automate information flows
• Create data centers
• Establish connection between agencies and regional offices
Business Registry - 2006
IT CRUCIAL TO DELIVER REFORM BENEFITS
In Georgia, reforms were taking place actively since 2004. Main attention was paid to business process optimization and transparency in organization processes. ReformReform
EfficiencyEfficiency
Time CostCost AvailabilityAvailability
TransparencyTransparency
AccountabilityAccountability
INFORMATION TECHNOLOGIES
IMPLEMENTED PROJECTS
• Property registration, e-abstracts,• Business Registry• Civil Registry
• e-ID and e-signature • Biometrical Passport
• e-filing system in the Ministry of Finance of Georgia-90 % of taxpayers are actively using this system;
• Automation of tax and customs systems (the process is ongoing as reforms taking place in this direction require changes in business processes);
• Case management system of tax dispute resolution;
• Central data storage and reporting system;
• Electronic Treasury project. e-treasury• Cash register management automation project-planned for next
year;
• Electronic system for writing out VAT invoices;
• Automation of the Ministry of Internal Affairs;• Case management program for Ombudsman;
• Computerization of schools. Schools are equipped with computers and by the end of the this year all schools (2300) will be connected to internet;
• Netbooks for all first graders• Student Information System-ongoing;
• National school exam on-line• Automated case management system for court system; project is
in decisive phase and system is being introduced in offices• Centralized criminal case management is being introduced;
• e-Procurement;• e-Auction of state property;
• e-Auction of real estate of Tbilisi City Hall;
• Automation project of Enforcement Bureau
• e-notary project;• Electronic directory system for state newspaper and legislative
base – Official Gazette;• Automation project of Social Subsidies Agency• Real Time Gross Settlement System of National Bank• Investment Management System of National Bank• Core Banking System of National Bank
• Chancellery automation project is being implemented in all large ministries.
• Criminal case management system
RECURRING PROBLEMS
Limited budget
Shortage of qualified
personnel
Infrastructure expensive
Data incompatibility
No standards
No security
GGN –GEORGIAN GOVERNMENTAL NETWORK
• Design and tender procurement - 2006
• Contract signed Sept. 1, 2007
• 100 governmental offices connected by the end of 2007
• More than 500 governmental offices connected in 2008
• Since 2009, more than 1,000 governmental connections including schools
Government connected throughout Georgia with no investment, only paid 25% of commercial prices for internet and telephone.
E-GOVERNMENT COMMISSION• E-government development consulting body for
government of Georgia• Steering committee for GGN project
“ARCHITECTURE” OF E-GOVERNANCE SERVICES
ORGANIZATION CENTRIC
CITIZEN CENTRIC
CONNECTED GOVERNMENT
Effectively Distribute Resources
Monitor Results
Health Care and Social Security
Health Care and Social Security
Municipalities AgricultureAgriculture
Education
Receive Information in Real TimeProper Planning of State Budget
Redundancies Eliminated
Data Exchange AgencyGeorgian Government Gateway
CITIZEN’S CENTRIC SYSTEMState E-Governance System
Property
Migration, Registration
Demographic and other Personal Data
Medical Service
Education
Social Condition
Unified Automated Statistical Data
Economic Activities
Automated Data Processing
State Development
Planning, Forecast
CITIZEN
Effective Public Policy
DEA –DATA EXCHANGE AGENCYDue to the abovementioned problems, the need for establishment of an entity with relevant authority became inevitable, which would support the following activities:
• Development and coordination of E-Governance
• Development of legal and regulative framework• Ensure information and cyber security
• Establishment of the integrated data exchange system and ensure access to information resources
Parliament of Georgia adopted a law on the establishment of “Legal entity of public law under the Ministry of Justice of Georgia - Data Exchange Agency” on the basis of which since 1 January 2010, Data Exchange Agency (DEA) started its activities.
E-GOVERNMENT GOVERNANCE ECO SYSTEM
Government of GeorgiaPM
Ministry of Justice
Data Exchange Agency
E-Government Governmental Commission
1. Implementation Body for Government2. Administration Body for Commissions
CIO Council - Consulting Body for Government
DATA EXCHANGE INFRASTRUCTURE
Data Exchange Agency
Ministry of Justice
Ministry of Finance
Ministry of Education
Ministry of Health
Ministry of Internal Affairs
Other ministries
Business
Bank
Citizen
Request
Response
Request
Response
G3 – GEORGIAN GOVERNMENTAL GATEWAY
G3 – FUNCTIONAL DESIGN
Portal
Application Integration
Registration&
Enrolment
Transaction&
Messaging
Communication to Receiving module
SOAP Web Serv ices (SOAP)Gov Talk
Auditlog
Receiving module
Submission()
Storages
Internal InformationSystem
DIS
Submission application (not a part of GG deliv ery)
Priority Services Notification engine
Aud
it an
d M
onito
ring
Auditlog
Aud
it an
d M
onito
ring
HTTP POST
Known facts
API
Web Interface
Admin Msgs
Submission logging
External Applications
WSFederation
SQL Identity provider
e-Forms
Routing Services
e-Services Catalog
MY.GOV.GE –CITIZEN’S PORTAL
CITIZEN’S PERSONAL PAGE
PROPERTY
CITIZEN’S ADDRESS OF REGISTRATION
ONLINE BUSINESS REGISTRATION
UTILITY PAYMENTS
RECOMMENDATION TO IMPROVE SERVICES
DEACitizen’s portal
Joint document exchange system
Guaranteed electronic delivery system
Trade facilitation System– TFS
TRADE FACILITATION SYSTEM – TFS
Trade Facilitation
System
Trade Facilitation
System
See PortsSee Ports
Shipping Lines
Shipping Lines
Forwarder CompaniesForwarder
Companies
Tax & CustomTax &
Custom
TerminalsTerminalsBanks &
Insurance Companies
Banks & Insurance
Companies
RailwayRailway
SuppliersSuppliers
International Traders
International Traders
E-ID CARD
ID CARD - WHAT IS IT? WHAT IT DOES?
Identification Document
Travel Document
Proximity Card
Online Identification
Digital Signature
ID CARD - ONE CHIP -TWO INTERFACES
Contact
Contactless
PUBLIC SERVICE HALL - TBILISI
CONTACTLESS INTERFACE
Proximity Card
Work ID Card
Loyalty Card
Student Card
Many other uses
CONTACT INTERFACE – TWO CERTIFICATES
Online Identification
Digital Signature
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
BATUMI
KVARELI
RUSTAVI
KUTAISI
OZURGETI
MESTIA
TBILISI – SEPTEMBER 2012
E-GOVERNMENT LEGISLATIVE FRAMEWORK
e-Document and e-Signature law – 2007e-Document and e-Signature law – 2007
Law on Creation of Data Exchange Agency –2010Law on Creation of Data Exchange Agency –2010
Law on Unified Information Registry –2011Law on Unified Information Registry –2011
Law on Information Security – 2012Law on Information Security – 2012
Law on Personal Data Protection – 2012Law on Personal Data Protection – 2012
LAW OF GEORGIA ON UNIFIED STATE REGISTRY OF INFORMATIONAim of the Law: establishment of a unified state registry of registers,databases, services and information systems within the public sector ofGeorgia
A supplementary act – Instruction on standards and procedures ofworking with the Registry of Registers, as well as manual on the use ofweb-portal
Categories of information to be submitted:
• Establishment of a registry or service (initial registration)• Significant amendment of a registry or service• Merger, division, revocation, deletion, transfer or archiving a
registry or serviceData Exchange Agency as implementer
E-GOVERNMENT STRATEGY
E-GOVERNMENT STRATEGY• e-Services• e-Participation and Open Government• e-Health• Public Finance Management System• e-Business• ICT-Hub Georgia• Infrastructure• e-Security• Skills and e-Inclusion• Enabling frameworks and governance• Awareness
INFORMATIONAL SECURITY
AVAILABILITY INTEGRITY CONFIDENTIALITY
false information
network jamming
intrusions
information stealing
system paralyzing
CYBER SECURITY ECOSYSTEM
Minister of JusticeData Exchange Agency
Ministry of Internal Affair24/7 Cyber Crime Unit
Minister of DefenseMilitary Cyber Defense Unit
Security Council
AUGUST 2008Cyber attacks had far less impact on Georgia than they might on a more Internet-dependent county, where vital services like transportation, power and banking are tied to the Internet. Although reasons were also very crucial in terms of war in the country:
• Misinformation of real facts by Russian Media• Aggression and patriotic spirit of Russian supporters.• Block and cut off Georgian Internet resources• Shut down media , forums, blogs in Georgia. • Impact on the Georgia's visibility on the internet and ability to
communicate with the world.• Make panic and as much damage as possible to the critical
infrastructures.
58
Traffic origin comparison by hits08/08/08 Before Attack Started 09/08/08 Under Attack
10/08/08 Only Georgian traff ic allow ed
Guatemala & Indonesia?Who are these guys?!!
Romania – “Record” Holder!
Who Attacked?
You are loosers and will fail again just like in 90ies
Who Attacked?
86.105.36.3 Romania, 87.4.147.122 Telecom Italia, Roma220.215.92.36 FreeBit, Tokyo194.250.18.253 France Telecom, Toulouse92.49.146.212 VolgaTelecom, Orenburg, Russia41.196.241.237 Link Egypt, Dokki-Giza80.188.107.226 Telefonica O2 Czech Republic, Prague83.37.61.226 Telefonica de Espana, Madrid62.150.55.34 Qualitynet Co., Kuwait80.224.161.231 Techauna AUNA, Barcelona210.215.124.92 Nexon Asia Pacific, Sydney75.101.230.118 Amazon Web Services, Seattle217.209.224.115 Telia Network, Sweden80.201.63.237 Belgacom ISP SA/NV, Bruxelles212.92.140.142 Business Communication Agency, Russia201.216.170.220 Telgua, Guatemala88.168.106.155 Free SAS / ProXad, France77.28.79.99 Makedonski Telekom, Skopje194.29.60.35 Universal Telecom, Kiev, Ukraine
Types of attacks:
- SYN Flood- Ping Flood- Http Flood- Defacement- SPAM- SQL
Injections…
Protocols:
- HTTP- ICMP- FTP- SMTP- DNS- BGP…
Types of attacks beside physical
WHAT WE KNOW ABOUT HOW IT WAS DONE“POWER TO THE PEOPLE”
Russian Hackers web sites (StopGeorgia.ru and Xakep.ru) spreaded all necessary information and tools how to attack Georgian web-sites
Target web sites and codes for attacks were posted in comments of hundred forums, blogs, news and entertainment web-sites
Interested individuals were asking others to help and to join in bycontinually sending ICMP traffic via the 'ping' and explaining how to do it.
At the same time ready bat files designed to attack Georgian websitesdetailed list of websites attack Georgian websites were spreader using fileexchange programs.
Example: Interpressnews.ge (News agency) –detected traffic of about 150 MB. Site was periodically going down or working too slow
WHAT WE KNOW ABOUT HOW IT WAS DONE“HACKERS TRICKS”
Geographically distributed BOTNETS* 300-400 sessions per IP per server
SQL INJECTION of more than 100 sites*Examples:http://www.president.gov.ge/index.php?l=G&m=0&sm=3&id=2693+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5
http://www.results.cec.gov.ge/ubnebi.php?district=22+and+1=@@versionhttp://junior.eurovision-georgia.ge/index.php?lang=eng&topid=3&id=-1+union+select+1,2,3,4,5
Attempts of BGP hijacking
Websites hacking*Maybe hackers knew some passwords
Spamming of Email addresses
According to many facts, It seems that cyber attacks were planned before the actual war started.
Approximately 90% of all gov.ge
domain addresses and
significant fraction of .ge
domain addresses were affected by DDos
attacks.
www.president.gov.gewww.mfa.gov.ge www.government.gov.ge www.parliament.gewww.mod.gov.ge www.nbg.gov.ge www.cec.gov.gewww.mof.ge www.abkhazia.gov.ge
and so on…
Government
www.rustavi2.com
www.interpress.ge
www.civil.ge
www.presa.ge
www.apsny.ge
www.day.az
and so on….
News
EVERYTHING ELSEwww.internet.ge
www.geres.ge
www.chca.org.ge
www.forum.ge
www.museum.ge
www.grena.ge
and so on…
From Shadowserver, sampling of previous DDoS targets from the same botnets involved in the Georgia attacks:
www.in-bank.netcarder.bizDivaescort.compayclubs.biznight-fairy.comvodkaescort.netcc-hack.euigame.rui-german.net
Things to wonder about
HOW MEDIA CAN INFLUENCE THE WORLD
Attacks of civil.ge after news that Estonia is in business of site hosting
70
WIN32/GEORBOT
Malware was found in Georgian Governmental Agencies including ministries, parliament, banks, NGO’s.
Purpose of the malware was Collecting Sensitive, Confidential Information about Georgian and American Security Documents
71
WIN32/GEORBOTThe Win32/Georbot malware has the following functionalities for stealing information from an infected system:
• Send any file from the local hard drive to the remote server.• Steal certificates• Search the hard drive for Microsoft Word documents • Search the hard drive for remote desktop configuration files • Take screenshots• Record audio using the microphone• Record video using the webcam• Scan the local network to identify other hosts on the same network• Execute arbitrary commands on the infected system
The commands are activated manually and were sent to each host individually rather than being broadcast to all infected hosts.
72
TARGETED AUDIENCECyber Attack was designed very smartly. Various Georgian News-Related web-sites were hacked and modified only Specific News pages (eg. NATO delegation Visit in Georgia, US-Georgian Agreements and Meetings, Georgian Military NEWS). www.caucasustimes.com Site about the NEWS from Caucasian Regionwww.cei.ge Caucasus Energy and Infrastructurewww.psnews.ge Georgian NEWS Sitewww.opentext.ge Georgian NEWS Sitewww.presa.ge Georgian NEWS Sitewww.presage.tv Georgian NEWS Sitewww.psnews.ge Georgian NEWS Sitewww.psnews.info Georgian NEWS Sitewww.resonancedaily.com Georgian NEWS Site
73
EXAMPLE OF INJECTED SCRIPT INTO THE HACKED NEWS WEBSITE
74
WIN32/GEORBOTCOMMAND & CONTROL SERVERS September, 2010 – georgiaonline.xp3.biz (United States) FreeWebHostingArea.com
March, 2011 – ema.gov.ge (Georgia) (hacked webserver)
April, 2011 - 178.32.91.70 (France) OVH Hosting
June, 2011 - 88.198.240.123 / 88.198.238.55 (Germany) DME Hosting
October, 2011 - 94.199.48.104 (Hungary) Net23.hu
November, 2011 - 173.212.192.83 (United States)
December, 2011 - 31.31.75.63 (Czech Republic)
January, 2012 - 31.214.140.214 (Germany) DME Hosting March, 2012 – 78.46.145.24 (Germany) DME Hosting
75
GEORBOT
• Not detected with Major Antivirus Product, Bypasses Windows 7 sp1 patched, with Firewall enabled.
• After Executing calc.exe itself does 3 major things:
• Before installing bot checks if the computer is located in UTC+3, UTC+4 Time-zone.
• injecting into iexplorer.exe and communicating to defaced sites, for C&C address retrieval
• creating usbserv.exe bot file in Application Data directory, and writing it to autorun in Windows Registry.
76
LEGAL FRAMEWORKCyber Security Strategy
for 2013–2015E-Government Strategy
for 2014–2019Other Strategic
Documents
1. Information Security Law (2012)2. Personal Data Protection ( 2012)3. Cyber Crime Chapter on Crime Code. (U
2010)
1. Cyber Crime Convention 24/72. All Major IPR Conventions3. Processing of Personal Data Conventions (1981)
• CERT.GOV.GE Computer emergency Response Team Charter• Presidential Decrees Approval List of Critical Information System Subjects.• Requirements of Information Security Officer working in Critical Information System Subjects.• Decrees of Network Sensor Configuration.• Decrees of Minimal Security Requirements for Critical Information System Subjects.• Decrees of Asset Management Requirements for Critical Information System Subjects.• Decrees of Information Security Audit Body Accreditation.• Decrees of Information Security Audit Requirements in Critical Information System Subjects
CYBER SECURITY STRATEGY OF GEORGIA 2013-2015Basic Principles – Cyber Security Strategy
• Whole-of-Government Approach.• Public-private Cooperation.• Active International Cooperation.
Cyber Security Strategy – Main Domains
• Research and analysis• New legislative framework• Institutional coordination for ensuring cyber security• Public awareness and education• International cooperation
INFORMATION AND CYBER SECURITY
Information Security policy development, implementation, monitoring.
CERT.GOV.GE (Computer Emergency Response Team)
Public Sector + Subject of Critical Infrastructure Systems
State Secret
Military
INFORMATION SECURITY & POLICY DIVISION
Information Security Team
CERT.GOV.GE Team
All Team Members are BSI Certified Professionals:
BSI/ISO 27001 (Information Security) LI/LABSI/ISO 22301 (Business Continuity) LI/LABSI/ISO 9001 (Quality Management) LA
ISO 31000 (Risk Management)4 Member of the team are:
CISM (Certified Information Security Manager)
All CERT Team members are SANS Certified Professionals:
SANS GIAC Certified Professionals
2 Member of the team are:
CISA (Certified Information System Auditor)
INFORMATION SECURITY
Management Services Consulting Service
ISMS Implementation Service
Current Projects : Service Development Agency; Public Registry of Georgia 2
Review of Information Security documentation: Policy, Plans , Audit report and etc. 36
Certified Course in Management Systems
( Introduction, Implementation and Internal Audit in Information Security Management Systems , Certification Exam). 105NATO SPS Project Trained Professionals from Moldova and Montenegro 40
Information Systems Audit Service
CERT.GOV.GE
CERT.GOV.GE
The Cyber security Executing Arm Of The UNITED NATIONSSPECIALISED AGENCY of The International Telecommunication Union (ITU)
The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe
Partners:
FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.
CERT-EE
CERT.GOV.GEServices and Activities
Monitoring Service• IP Monitoring Services.• Network Monitoring System
Proactive Services:• Incident Handling • IncidentSupport System• Detection of Infected Web Sites• Safe DNS
Other Services:• Source and Binary Code Analyze Service.• Malware Analyze Service. • Penetration Test Service
Course in Cyber Security and Incident Handling
Special Activities & Awareness• Cyber Security Forum• Annual GITI Regional Conference
• Website (dea.gov.ge), • Facebook (certgovge)• Media Campaign (TV, Internet)• Wall Calendar
Basic Incident Handling 20
NATO SPS Project Trained Professionals from Afghan, Macedonia, Moldova and Montenegro 90
83
INFORMATION SECURITY AWARENESS
GITI – GEORGIAN IT INNOVATION EVENT 2008
THANK YOU FOR YOUR ATTENTION!
Irakli GvenetadzeLEPL Data Exchange AgencyMinistry of Justice of [email protected]; www.my.gov.ge; www.cert.gov.ge;