sharing good practices public information security &...
TRANSCRIPT
Sharing Good Practices
Public Information Security & PPP Project : Perspective Bangladesh
A.N. M. Safiqul Islam
Director( Deputy Secretary)
Bangladesh Hi-Tech Park Authority
ICT Division
29 November, 2011Singapore
Initiatives in Bangladesh
• 1998 Telecom Policy introduced.
• 2001 Telecommunication Act was formulated
and led to formation of BTRC.
• 2001 Formation of Ministry of Science & ICT.
• 2002 ICT Policy was formulated.
• 2008 -Submarine Cable (SEA ME WE-4)
• 2009 - Formulate ICT Policy 2209 with
a specific Vision,
10 objectives,
56 Strategic themes and
306 Action Items
• ICT Road Map and e Government Strategy.
Vision-2021 : Digital Bangladesh
To transform the country as a mid income country within 2021 and High Income country within 2030 by using ICT.
Digital Bangladesh Bangladesh to become a middle income country by 2021
Transparency Efficiency Efficiency
Public Network Public Network Computerization Computerization
To improve
Government efficiency
and promote
interaction between
governments Ministry/
Divisions, Departments,
Districts and Upazillas
by construction of
Government network
infrastructure
Interaction Interaction
To use ICT system within
the public administration to
improve efficiency and
transparency, reduce
wastage of resources,
enhance planning and raise
the quality of services.
To maximize the
computerization of work
processes and resources
through integrated
information management
system enabling real time
administration.
To construct a public network
as a backbone for the
effective implementation of
e-Government
Public Admin. Public Admin. Enhancement Enhancement
Integration Integration
Digital Bangladesh 2021
5/75
Initiatives in e-governance
Bangladesh has adopted different initiatives to ensure effective e-governance
Institutional Arrangement
• Digital Bangladesh Task Force headed by
Hon‟ble Prime Minister.
• Information & Communication Technology
Division
• Bangladesh Computer Council
Gov website
Offers limited,
basic, static
info.
Phase 1
Emerging
Content and
Information
is updated
with greater
regularity
Phase 2
Enhance
Form can be
downloaded;
Applications
submitted
online
Phase 3
Interactive
Users can
actually pay
for services or
conduct
financial
transactions
online
Phase 4
Transactional
Total
integration
of e-functions
and services
across
administrative
/departmental
boundaries
Phase 5
Seamless
Some Important Initiatives
MRP & MR
National ID Card
Information Service Centre in Union Level
Custom House Automation
e-GP
PKI and Digital Signature
Cyber Crime Forensic Lab
Information
'Information is an asset which, like other
important business assets, has value to
an organization and consequently needs
to be suitably protected‟
Information could be:
• Created
• Stored
• Destroyed
• Processed
• Transmitted
• Used
• Corrupted
• Stolen
ISO 27002:2005 defines Information Security as the
preservation of:
Confidentiality Ensuring that information is accessible only to those authorized to have access
Integrity Safeguarding the accuracy and completeness of information and processing methods
Availability Ensuring that authorized users have access to information and associated assets when required
• Whatever form the information takes, or
means by which it is shared or stored, it
should always be appropriately protected‟
(BS ISO 27002:2005)
Security of Information
The architecture where an integrated
combination of appliances, systems
and solutions, software, alarms, and
vulnerability scans working together
Having People, Processes, Technology,
Policies, Procedures
Monitored 24x7
Security breaches leads to…
• Reputation loss
• Financial loss
• Intellectual property loss
• Legislative Breaches leading to legal
actions (Cyber Law)
• Loss of customer confidence
• Business interruption costs
Network and Data Security
Network Security
It must be developed to
prevent many dangerous
things (hacking, illegal
forgery) from data transfer on
the internet.
Identity validation
Confidentiality
Integrity
Non Receive Repudiation
I
It must be developed to
prevent illegal forgery and
validation for stored data.
Data Security
PKI & Digital Signature
• UNCITRAL Model Law
• Enactment of ICT Act 2006
– Digital signature
– Cyber crime
• … … …
• 2009- ICT Act has been amended
• CCA, the regulatory body of the govt. for PKI
in place- at the end of year 2009
• IT (CA) Rules 2010 for Certifying Authorities
Why PKI
• Straight forward technology to ensure
authentication, integrity, confidentiality and
non-repudiation in-
– E-Governance
– Electronic Commerce and E-transactions
– e-Services
– E-Procurement and so on
• Paperless government offices
• Successful step towards Digital Bangladesh
Progress----
- ICT Act 2006 and IT(CA) Rules 2010
o - CCA has been appointed by the government
• - Necessary guidelines, e.g.
– - Licensing guideline
– - CPS guideline
– - Audit guideline
– - Interoperability guideline
• - CA License – 6 companies
• - Set up of Office of the CCA under ICT Division
• - Audit panel
• - Root CA Infrastructure
• - Tier-III Data center (National certificate repository)
• - Training and workshop on PKI issues
• - Awareness raising program throughout the country
Cyber Crime Forensic Lab
A cyber Crime Forensic Lab is going to be
established by RAB to investigate the
cyber crime and to identify the criminal.
Bangla Govt Net Project
- It is a Public Network to connect all the Government entities throughout the country under a single Network.
• -To ensure a Basic Infrastructure for e-Government.
• -To ensure a Secured Connectivity among all the Government entities.
• -To ensure e-Governance through an integrated common platform.
Bangla GovtNet- con‟t
• 65 Ministries / Division, 114 Department, 64 DC Offices and
64 Upazilla offices will be connected through the Net work.
• Another Project Info-Sarker is launching soon to connect
rest of e Upzilla Level and Upazilla Level Offices.
e-GP
Introducing good governance in public
procurement with the establishment of a
unified national procurement framework
and institutionalizing the procurement
management capacity.
Objectives of e-GP
To ensure economy, efficiency,
transparency, fairness and better
value for money.
PROMIS
The MIS was developed based on criteria
set by the The Government and Dohatec
New Media implemented the same and it
came to known as “PROMIS”
E- GP
In the first phase, e-Tendering will primarily be introduced
on pilot basis in -
- CPTU and
- 16 PEs under Bangladesh Water Development
Board (BWDB), Local Government Engineering
Department (LGED), Roads and Highways Department
(RHD) and Rural Electrification Board (REB)..
Uniqueness of the Project
This has been developed as PPP initiative and has been one of the fist PPP project in this area.
No cash expense from the GoB exchequer
Unique Partnership between Chamber , IFC , C&F agent‟s association and Technology Provider DataSoft
The Project personnel only works with technological facilitation and do not intervene in any decision making process
This project is a Built Own Operate and ( BOOT ) for fixed time period
Current Major Stakeholders
• SITA
• Airline Agent Feeder
• Airline Operator
• Airline Express
• C&F Agents
• Airport Custom
• Custom Intelligence
• Bond Commission
• ICD
• PSI
• EPZ
• NBR
• Sonali Bank
Technology Uniqueness
• Extreme example of Opensource Software usage
in business environment , hence no licensing fees
payable
• Java and PHP based applications development on
a secure computing environment
• Workflow based web environment with more than
10 stakeholders connected
• Dash board driven approach adapted
28 December 2011 DataSoft Management Services Doc ID : CCHA-08-007 40
System Architecture
Security
Interface
SITA
C and F
Custom
Busin
ess
Asycuda +
+
Data
Exchange
Asycuda++
db
CHA
db Shipping Agent
Freight Forwarder
Advantages
• Improve Efficiency of various stakeholders
• Save Time for various task and thus reduces the
cost of doing business
• Improve Productivity
• Better accountability for various stakeholders
• Fosters transparency among the stakeholders
by letting the information flow better
• Ensure better Auditing
• Unique model for govt. services Automation
Challenges
Adjusting PKI in the existing culture.
Inadequate Human Resources.
Preparedness of Local Software Companies.
Legal variance related to PKI
Stable PKI framework for the country
Business case of PKI for its survival
PKI in e-govt. applications
Managing PKI
Cross border acceptability of Bangladesh Digital signature.
Access to ICT by Citizens, Business.
Resoureces