GEORGIA’S SUCCESSFUL JOURNEY TO E-GOVERNMENT E-GOVERNMENT DEVELOPMENT IN GEORGIA

Irakli GvenetadzeLEPL Data Exchange AgencyMinistry of Justice of Georgia

GEORGIA

GEORGIA – COUNTRY PROFILE

Population: 4.2 million Capital: Tbilisi Area: 69,700 sq. kmHighest point is Mkinvartsveri – 5047 meter

GEORGIAN ALPHABET

GEORGIAN NATIONAL COSTUME

UN E-GOVERNMENT SURVEY 2014

GEORGIA Rank 2014

Rank 2012

Rank 2010

Rank 2008

E-Government 56 72 100 100E-Participation 66 73 132 143

GDP PER CAPITA

RELATION BETWEEN EGDI AND NATIONAL INCOME (GNI PER CAPITA), LOVER-MIDDLE INCOME COUNTRIES

WHERE GEORGIA STARTED FROM • Create information systems

• Digitalize internal information resources

• Automate information flows

• Create data centers

• Establish connection between agencies and regional offices

Business Registry - 2006

IT CRUCIAL TO DELIVER REFORM BENEFITS

In Georgia, reforms were taking place actively since 2004. Main attention was paid to business process optimization and transparency in organization processes. ReformReform

EfficiencyEfficiency

Time CostCost AvailabilityAvailability

TransparencyTransparency

AccountabilityAccountability

INFORMATION TECHNOLOGIES

IMPLEMENTED PROJECTS

• Property registration, e-abstracts,• Business Registry• Civil Registry

• e-ID and e-signature • Biometrical Passport

• e-filing system in the Ministry of Finance of Georgia-90 % of taxpayers are actively using this system;

• Automation of tax and customs systems (the process is ongoing as reforms taking place in this direction require changes in business processes);

• Case management system of tax dispute resolution;

• Central data storage and reporting system;

• Electronic Treasury project. e-treasury• Cash register management automation project-planned for next

year;

• Electronic system for writing out VAT invoices;

• Automation of the Ministry of Internal Affairs;• Case management program for Ombudsman;

• Computerization of schools. Schools are equipped with computers and by the end of the this year all schools (2300) will be connected to internet;

• Netbooks for all first graders• Student Information System-ongoing;

• National school exam on-line• Automated case management system for court system; project is

in decisive phase and system is being introduced in offices• Centralized criminal case management is being introduced;

• e-Procurement;• e-Auction of state property;

• e-Auction of real estate of Tbilisi City Hall;

• Automation project of Enforcement Bureau

• e-notary project;• Electronic directory system for state newspaper and legislative

base – Official Gazette;• Automation project of Social Subsidies Agency• Real Time Gross Settlement System of National Bank• Investment Management System of National Bank• Core Banking System of National Bank

• Chancellery automation project is being implemented in all large ministries.

• Criminal case management system

RECURRING PROBLEMS

Limited budget

Shortage of qualified

personnel

Infrastructure expensive

Data incompatibility

No standards

No security

GGN –GEORGIAN GOVERNMENTAL NETWORK

• Design and tender procurement - 2006

• Contract signed Sept. 1, 2007

• 100 governmental offices connected by the end of 2007

• More than 500 governmental offices connected in 2008

• Since 2009, more than 1,000 governmental connections including schools

Government connected throughout Georgia with no investment, only paid 25% of commercial prices for internet and telephone.

E-GOVERNMENT COMMISSION• E-government development consulting body for

government of Georgia• Steering committee for GGN project

“ARCHITECTURE” OF E-GOVERNANCE SERVICES

ORGANIZATION CENTRIC

CITIZEN CENTRIC

CONNECTED GOVERNMENT

Effectively Distribute Resources

Monitor Results

Health Care and Social Security

Health Care and Social Security

Municipalities AgricultureAgriculture

Education

Receive Information in Real TimeProper Planning of State Budget

Redundancies Eliminated

Data Exchange AgencyGeorgian Government Gateway

CITIZEN’S CENTRIC SYSTEMState E-Governance System

Property

Migration, Registration

Demographic and other Personal Data

Medical Service

Education

Social Condition

Unified Automated Statistical Data

Economic Activities

Automated Data Processing

State Development

Planning, Forecast

CITIZEN

Effective Public Policy

DEA –DATA EXCHANGE AGENCYDue to the abovementioned problems, the need for establishment of an entity with relevant authority became inevitable, which would support the following activities:

• Development and coordination of E-Governance

• Development of legal and regulative framework• Ensure information and cyber security

• Establishment of the integrated data exchange system and ensure access to information resources

Parliament of Georgia adopted a law on the establishment of “Legal entity of public law under the Ministry of Justice of Georgia - Data Exchange Agency” on the basis of which since 1 January 2010, Data Exchange Agency (DEA) started its activities.

E-GOVERNMENT GOVERNANCE ECO SYSTEM

Government of GeorgiaPM

Ministry of Justice

Data Exchange Agency

E-Government Governmental Commission

1. Implementation Body for Government2. Administration Body for Commissions

CIO Council - Consulting Body for Government

DATA EXCHANGE INFRASTRUCTURE

Data Exchange Agency

Ministry of Justice

Ministry of Finance

Ministry of Education

Ministry of Health

Ministry of Internal Affairs

Other ministries

Business

Bank

Citizen

Request

Response

Request

Response

G3 – GEORGIAN GOVERNMENTAL GATEWAY

G3 – FUNCTIONAL DESIGN

Portal

Application Integration

Registration&

Enrolment

Transaction&

Messaging

Communication to Receiving module

SOAP Web Serv ices (SOAP)Gov Talk

Auditlog

Receiving module

Submission()

Storages

Internal InformationSystem

DIS

Submission application (not a part of GG deliv ery)

Priority Services Notification engine

Aud

it an

d M

onito

ring

Auditlog

Aud

it an

d M

onito

ring

HTTP POST

Known facts

API

Web Interface

Admin Msgs

Submission logging

External Applications

WSFederation

SQL Identity provider

e-Forms

Routing Services

e-Services Catalog

MY.GOV.GE –CITIZEN’S PORTAL

CITIZEN’S PERSONAL PAGE

PROPERTY

CITIZEN’S ADDRESS OF REGISTRATION

ONLINE BUSINESS REGISTRATION

UTILITY PAYMENTS

RECOMMENDATION TO IMPROVE SERVICES

DEACitizen’s portal

Joint document exchange system

Guaranteed electronic delivery system

Trade facilitation System– TFS

TRADE FACILITATION SYSTEM – TFS

Trade Facilitation

System

Trade Facilitation

System

See PortsSee Ports

Shipping Lines

Shipping Lines

Forwarder CompaniesForwarder

Companies

Tax & CustomTax &

Custom

TerminalsTerminalsBanks &

Insurance Companies

Banks & Insurance

Companies

RailwayRailway

SuppliersSuppliers

International Traders

International Traders

E-ID CARD

ID CARD - WHAT IS IT? WHAT IT DOES?

Identification Document

Travel Document

Proximity Card

Online Identification

Digital Signature

ID CARD - ONE CHIP -TWO INTERFACES

Contact

Contactless

PUBLIC SERVICE HALL - TBILISI

CONTACTLESS INTERFACE

Proximity Card

Work ID Card

Loyalty Card

Student Card

Many other uses

CONTACT INTERFACE – TWO CERTIFICATES

Online Identification

Digital Signature

PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE

PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE

PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE

PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE

PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE

BATUMI

KVARELI

RUSTAVI

KUTAISI

OZURGETI

MESTIA

TBILISI – SEPTEMBER 2012

E-GOVERNMENT LEGISLATIVE FRAMEWORK

e-Document and e-Signature law – 2007e-Document and e-Signature law – 2007

Law on Creation of Data Exchange Agency –2010Law on Creation of Data Exchange Agency –2010

Law on Unified Information Registry –2011Law on Unified Information Registry –2011

Law on Information Security – 2012Law on Information Security – 2012

Law on Personal Data Protection – 2012Law on Personal Data Protection – 2012

LAW OF GEORGIA ON UNIFIED STATE REGISTRY OF INFORMATIONAim of the Law: establishment of a unified state registry of registers,databases, services and information systems within the public sector ofGeorgia

A supplementary act – Instruction on standards and procedures ofworking with the Registry of Registers, as well as manual on the use ofweb-portal

Categories of information to be submitted:

• Establishment of a registry or service (initial registration)• Significant amendment of a registry or service• Merger, division, revocation, deletion, transfer or archiving a

registry or serviceData Exchange Agency as implementer

E-GOVERNMENT STRATEGY

E-GOVERNMENT STRATEGY• e-Services• e-Participation and Open Government• e-Health• Public Finance Management System• e-Business• ICT-Hub Georgia• Infrastructure• e-Security• Skills and e-Inclusion• Enabling frameworks and governance• Awareness

INFORMATIONAL SECURITY

AVAILABILITY INTEGRITY CONFIDENTIALITY

false information

network jamming

intrusions

information stealing

system paralyzing

CYBER SECURITY ECOSYSTEM

Minister of JusticeData Exchange Agency

Ministry of Internal Affair24/7 Cyber Crime Unit

Minister of DefenseMilitary Cyber Defense Unit

Security Council

AUGUST 2008Cyber attacks had far less impact on Georgia than they might on a more Internet-dependent county, where vital services like transportation, power and banking are tied to the Internet. Although reasons were also very crucial in terms of war in the country:

• Misinformation of real facts by Russian Media• Aggression and patriotic spirit of Russian supporters.• Block and cut off Georgian Internet resources• Shut down media , forums, blogs in Georgia. • Impact on the Georgia's visibility on the internet and ability to

communicate with the world.• Make panic and as much damage as possible to the critical

infrastructures.

58

Traffic origin comparison by hits08/08/08 Before Attack Started 09/08/08 Under Attack

10/08/08 Only Georgian traff ic allow ed

Guatemala & Indonesia?Who are these guys?!!

Romania – “Record” Holder!

Who Attacked?

You are loosers and will fail again just like in 90ies

Who Attacked?

86.105.36.3 Romania, 87.4.147.122 Telecom Italia, Roma220.215.92.36 FreeBit, Tokyo194.250.18.253 France Telecom, Toulouse92.49.146.212 VolgaTelecom, Orenburg, Russia41.196.241.237 Link Egypt, Dokki-Giza80.188.107.226 Telefonica O2 Czech Republic, Prague83.37.61.226 Telefonica de Espana, Madrid62.150.55.34 Qualitynet Co., Kuwait80.224.161.231 Techauna AUNA, Barcelona210.215.124.92 Nexon Asia Pacific, Sydney75.101.230.118 Amazon Web Services, Seattle217.209.224.115 Telia Network, Sweden80.201.63.237 Belgacom ISP SA/NV, Bruxelles212.92.140.142 Business Communication Agency, Russia201.216.170.220 Telgua, Guatemala88.168.106.155 Free SAS / ProXad, France77.28.79.99 Makedonski Telekom, Skopje194.29.60.35 Universal Telecom, Kiev, Ukraine

Types of attacks:

- SYN Flood- Ping Flood- Http Flood- Defacement- SPAM- SQL

Injections…

Protocols:

- HTTP- ICMP- FTP- SMTP- DNS- BGP…

Types of attacks beside physical

WHAT WE KNOW ABOUT HOW IT WAS DONE“POWER TO THE PEOPLE”

Russian Hackers web sites (StopGeorgia.ru and Xakep.ru) spreaded all necessary information and tools how to attack Georgian web-sites

Target web sites and codes for attacks were posted in comments of hundred forums, blogs, news and entertainment web-sites

Interested individuals were asking others to help and to join in bycontinually sending ICMP traffic via the 'ping' and explaining how to do it.

At the same time ready bat files designed to attack Georgian websitesdetailed list of websites attack Georgian websites were spreader using fileexchange programs.

Example: Interpressnews.ge (News agency) –detected traffic of about 150 MB. Site was periodically going down or working too slow

WHAT WE KNOW ABOUT HOW IT WAS DONE“HACKERS TRICKS”

Geographically distributed BOTNETS* 300-400 sessions per IP per server

SQL INJECTION of more than 100 sites*Examples:http://www.president.gov.ge/index.php?l=G&m=0&sm=3&id=2693+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5

http://www.results.cec.gov.ge/ubnebi.php?district=22+and+1=@@versionhttp://junior.eurovision-georgia.ge/index.php?lang=eng&topid=3&id=-1+union+select+1,2,3,4,5

Attempts of BGP hijacking

Websites hacking*Maybe hackers knew some passwords

Spamming of Email addresses

According to many facts, It seems that cyber attacks were planned before the actual war started.

Approximately 90% of all gov.ge

domain addresses and

significant fraction of .ge

domain addresses were affected by DDos

attacks.

www.president.gov.gewww.mfa.gov.ge www.government.gov.ge www.parliament.gewww.mod.gov.ge www.nbg.gov.ge www.cec.gov.gewww.mof.ge www.abkhazia.gov.ge

and so on…

Government

www.rustavi2.com

www.interpress.ge

www.civil.ge

www.presa.ge

www.apsny.ge

www.day.az

and so on….

News

EVERYTHING ELSEwww.internet.ge

www.geres.ge

www.chca.org.ge

www.forum.ge

www.museum.ge

www.grena.ge

and so on…

From Shadowserver, sampling of previous DDoS targets from the same botnets involved in the Georgia attacks:

www.in-bank.netcarder.bizDivaescort.compayclubs.biznight-fairy.comvodkaescort.netcc-hack.euigame.rui-german.net

Things to wonder about

HOW MEDIA CAN INFLUENCE THE WORLD

Attacks of civil.ge after news that Estonia is in business of site hosting

70

WIN32/GEORBOT

Malware was found in Georgian Governmental Agencies including ministries, parliament, banks, NGO’s.

Purpose of the malware was Collecting Sensitive, Confidential Information about Georgian and American Security Documents

71

WIN32/GEORBOTThe Win32/Georbot malware has the following functionalities for stealing information from an infected system:

• Send any file from the local hard drive to the remote server.• Steal certificates• Search the hard drive for Microsoft Word documents • Search the hard drive for remote desktop configuration files • Take screenshots• Record audio using the microphone• Record video using the webcam• Scan the local network to identify other hosts on the same network• Execute arbitrary commands on the infected system

The commands are activated manually and were sent to each host individually rather than being broadcast to all infected hosts.

72

TARGETED AUDIENCECyber Attack was designed very smartly. Various Georgian News-Related web-sites were hacked and modified only Specific News pages (eg. NATO delegation Visit in Georgia, US-Georgian Agreements and Meetings, Georgian Military NEWS). www.caucasustimes.com Site about the NEWS from Caucasian Regionwww.cei.ge Caucasus Energy and Infrastructurewww.psnews.ge Georgian NEWS Sitewww.opentext.ge Georgian NEWS Sitewww.presa.ge Georgian NEWS Sitewww.presage.tv Georgian NEWS Sitewww.psnews.ge Georgian NEWS Sitewww.psnews.info Georgian NEWS Sitewww.resonancedaily.com Georgian NEWS Site

73

EXAMPLE OF INJECTED SCRIPT INTO THE HACKED NEWS WEBSITE

74

WIN32/GEORBOTCOMMAND & CONTROL SERVERS September, 2010 – georgiaonline.xp3.biz (United States) FreeWebHostingArea.com

March, 2011 – ema.gov.ge (Georgia) (hacked webserver)

April, 2011 - 178.32.91.70 (France) OVH Hosting

June, 2011 - 88.198.240.123 / 88.198.238.55 (Germany) DME Hosting

October, 2011 - 94.199.48.104 (Hungary) Net23.hu

November, 2011 - 173.212.192.83 (United States)

December, 2011 - 31.31.75.63 (Czech Republic)

January, 2012 - 31.214.140.214 (Germany) DME Hosting March, 2012 – 78.46.145.24 (Germany) DME Hosting

75

GEORBOT

• Not detected with Major Antivirus Product, Bypasses Windows 7 sp1 patched, with Firewall enabled.

• After Executing calc.exe itself does 3 major things:

• Before installing bot checks if the computer is located in UTC+3, UTC+4 Time-zone.

• injecting into iexplorer.exe and communicating to defaced sites, for C&C address retrieval

• creating usbserv.exe bot file in Application Data directory, and writing it to autorun in Windows Registry.

76

LEGAL FRAMEWORKCyber Security Strategy

for 2013–2015E-Government Strategy

for 2014–2019Other Strategic

Documents

1. Information Security Law (2012)2. Personal Data Protection ( 2012)3. Cyber Crime Chapter on Crime Code. (U

2010)

1. Cyber Crime Convention 24/72. All Major IPR Conventions3. Processing of Personal Data Conventions (1981)

• CERT.GOV.GE Computer emergency Response Team Charter• Presidential Decrees Approval List of Critical Information System Subjects.• Requirements of Information Security Officer working in Critical Information System Subjects.• Decrees of Network Sensor Configuration.• Decrees of Minimal Security Requirements for Critical Information System Subjects.• Decrees of Asset Management Requirements for Critical Information System Subjects.• Decrees of Information Security Audit Body Accreditation.• Decrees of Information Security Audit Requirements in Critical Information System Subjects

CYBER SECURITY STRATEGY OF GEORGIA 2013-2015Basic Principles – Cyber Security Strategy

• Whole-of-Government Approach.• Public-private Cooperation.• Active International Cooperation.

Cyber Security Strategy – Main Domains

• Research and analysis• New legislative framework• Institutional coordination for ensuring cyber security• Public awareness and education• International cooperation

INFORMATION AND CYBER SECURITY

Information Security policy development, implementation, monitoring.

CERT.GOV.GE (Computer Emergency Response Team)

Public Sector + Subject of Critical Infrastructure Systems

State Secret

Military

INFORMATION SECURITY & POLICY DIVISION

Information Security Team

CERT.GOV.GE Team

All Team Members are BSI Certified Professionals:

BSI/ISO 27001 (Information Security) LI/LABSI/ISO 22301 (Business Continuity) LI/LABSI/ISO 9001 (Quality Management) LA

ISO 31000 (Risk Management)4 Member of the team are:

CISM (Certified Information Security Manager)

All CERT Team members are SANS Certified Professionals:

SANS GIAC Certified Professionals

2 Member of the team are:

CISA (Certified Information System Auditor)

INFORMATION SECURITY

Management Services Consulting Service

ISMS Implementation Service

Current Projects : Service Development Agency; Public Registry of Georgia 2

Review of Information Security documentation: Policy, Plans , Audit report and etc. 36

Certified Course in Management Systems

( Introduction, Implementation and Internal Audit in Information Security Management Systems , Certification Exam). 105NATO SPS Project Trained Professionals from Moldova and Montenegro 40

Information Systems Audit Service

CERT.GOV.GE

CERT.GOV.GE

The Cyber security Executing Arm Of The UNITED NATIONSSPECIALISED AGENCY of The International Telecommunication Union (ITU)

The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe

Partners:

FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

CERT-EE

CERT.GOV.GEServices and Activities

Monitoring Service• IP Monitoring Services.• Network Monitoring System

Proactive Services:• Incident Handling • IncidentSupport System• Detection of Infected Web Sites• Safe DNS

Other Services:• Source and Binary Code Analyze Service.• Malware Analyze Service. • Penetration Test Service

Course in Cyber Security and Incident Handling

Special Activities & Awareness• Cyber Security Forum• Annual GITI Regional Conference

• Website (dea.gov.ge), • Facebook (certgovge)• Media Campaign (TV, Internet)• Wall Calendar

Basic Incident Handling 20

NATO SPS Project Trained Professionals from Afghan, Macedonia, Moldova and Montenegro 90

83

INFORMATION SECURITY AWARENESS

GITI – GEORGIAN IT INNOVATION EVENT 2008

THANK YOU FOR YOUR ATTENTION!

Irakli GvenetadzeLEPL Data Exchange AgencyMinistry of Justice of Georgiaigvenetadze@dea.gov.gewww.dea.gov.ge; www.my.gov.ge; www.cert.gov.ge;