GEORGIA’S SUCCESSFUL JOURNEY TO E-GOVERNMENT

E-GOVERNMENT DEVELOPMENT IN GEORGIA

Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia GEORGIA GEORGIA – COUNTRY PROFILE

Population: 4.2 million Capital: Tbilisi Area: 69,700 sq. km Highest point is Mkinvartsveri – 5047 meter GEORGIAN ALPHABET GEORGIAN NATIONAL COSTUME UN E-GOVERNMENT SURVEY 2014

Rank Rank Rank Rank GEORGIA 2014 2012 2010 2008 E-Government 56 72 100 100 E-Participation 66 73 132 143 GDP PER CAPITA RELATION BETWEEN EGDI AND NATIONAL INCOME (GNI PER CAPITA), LOVER-MIDDLE INCOME COUNTRIES WHERE GEORGIA

STARTED FROM Business Registry - 2006

• Create information systems • Digitalize internal information resources • Automate information flows • Create data centers • Establish connection between agencies and regional offices IT CRUCIAL TO DELIVER REFORM BENEFITS

In Georgia, reforms were taking place actively since 2004. M ain attention was paid to business process optimization and transparencyReform in organization processes.

Efficiency Transparency

Time Cost Availability Accountability

INFORMATION TECHNOLOGIES IMPLEMENTED PROJECTS

• P roperty registration, e-abstracts, • Netbooks for all first graders • Business Registry • Student Information System-ongoing; • Civil Registry • National school exam on-line • e-ID and e-signature • Automated case management system for court system; project is • Biometrical Passport in decisive phase and system is being introduced in offices • Centralized criminal case management is being introduced; • e-filing system in the Ministry of Finance of Georgia- 90 % of taxpayers are actively using this system; • e-Procurement; • Automation of tax and customs systems (the process is ongoing as reforms taking place in this direction require changes in business • e-Auction of state property; processes); • e-Auction of real estate of Tbilisi City • Case management system of tax dispute Hall; resolution; • Automation project of Enforcement Bureau • Central data storage and reporting system; • e-notary project; • Electronic Treasury project. e-treasury • Electronic directory system for state newspaper and legislative • Cash register management automation project-planned for next base– year; Official Gazette; • Automation project of Social Subsidies Agency • Electronic system for writing out VAT • Real Time Gross Settlement System of National Bank invoices; • Investment Management System of National Bank • Core Banking System of National Bank • Automation of the Ministry of Internal Affairs; • Case management program for Ombudsman; • Chancellery automation project is being implemented in all large ministries. • Computerization of schools. Schools are equipped with computers and by the end of the this year all • Criminal case management system schools (2300) will be connected to internet; RECURRING PROBLEMS

Limited budget

Shortage of No security qualified personnel

Infrastructure No standards expensive

Data incompatibility GGN – GEORGIAN GOVERNMENTAL NETWORK

• Design and tender procurement - 2006

• Contract signed Sept. 1, 2007

• 100 governmental offices connected by the end of 2007

• More than 500 governmental offices connected in 2008

• Since 2009, more than 1,000 governmental connections including schools

Government connected throughout Georgia with no investment, only paid 25% of commercial prices for internet and telephone. E-GOVERNMENT COMMISSION

• E-government development consulting body for government of Georgia • Steering committee for GGN project “ARCHITECTURE” OF E-GOVERNANCE SERVICES ORGANIZATION CENTRIC CITIZEN CENTRIC CONNECTED GOVERNMENT Receive Information in Real Time Proper Planning Effectively Distribute Resources Health Care and of State Budget Social Security Monitor Results

Municipalities Agriculture

Data Exchange Agency Georgian Government Gateway

Education Redundancies Eliminated CITIZEN’S CENTRIC SYSTEM

Unified Automated State E-Governance System Automated Data Statistical Data Processing

Medical Service

Education Migration, Registration

Property

Demographic and other Personal Data CITIZEN Economic Activities

State Social Condition Effective Public Development Policy Planning, Forecast DEA– DATA EXCHANGE AGENCY

Due to the abovementioned problems, the need for establishment of an entity with relevant authority became inevitable, which would support the following activities: • Development and coordination of E-Governance • Development of legal and regulative framework • Ensure information and cyber security • Establishment of the integrated data exchange system and ensure access to information resources

Parliament of Georgia adopted a law on the establishment of “Legal entity of public law under the Ministry of Justice of Georgia - Data Exchange Agency” on the basis of which since 1 January 2010, Data Exchange Agency (DEA) started its activities. E-GOVERNMENT GOVERNANCE ECO SYSTEM

Government of Georgia PM

Ministry of Justice

E-Government Governmental Commission

Data Exchange Agency CIO Council - Consulting Body for Government

1. Implementation Body for Government 2. Administration Body for Commissions DATA EXCHANGE INFRASTRUCTURE

Ministry of Justice Response Ministry of Citizen Finance

Bank Ministry of Education Data Exchange Agency Request

Ministry of Business Health Request Re s ponse

Ministry of Other Internal ministries Affairs G3 – GEORGIAN GOVERNMENTAL GATEWAY G3 – FUNCTIONAL DESIGN

External Applications e-Services Catalog Submission application Portal (not a part of GG delivery) e-Forms

SOAP WS Web GovTalk Web Services (SOAP) API Federation Interface HTTP POST Submission()

g

d Receiving module n n i

SQL Identity provider r a

o t t i i d n Notification engine u

o Priority Services A M Registration Transaction Known facts & & Storages Admin Msgs Messaging Enrolment Audit Submission logging log Routing Services

Application

g d

Integration n n i r a

o t t Audit i i d DIS n log u o A M Internal Information System Communicationto Receiving module MY.GOV.GE – CITIZEN’S PORTAL CITIZEN’S PERSONAL PAGE PROPERTY CITIZEN’S ADDRESS OF REGISTRATION ONLINE BUSINESS REGISTRATION UTILITY PAYMENTS RECOMMENDATION TO IMPROVE SERVICES DEA

Citizen’s portal

Joint document exchange system

Guaranteed electronic delivery system

Trade facilitation System– TFS TRADE FACILITATION SYSTEM – TFS

See Ports

International Shipping Traders Lines

Suppliers Forwarder Trade Companies Facilitation System

Railway Tax & Custom

Banks & Insurance Terminals Companies E-ID CARD ID CARD - WHAT IS IT? WHAT IT DOES?

Identification Travel Proximity Document Document Card

Online Digital Identification Signature ID CARD - ONE CHIP - TWO INTERFACES Contact

Contactless PUBLIC SERVICE HALL - TBILISI CONTACTLESS INTERFACE

Work ID Card

Proximity Card Loyalty Card

Student Card

Many other uses CONTACT INTERFACE – TWO CERTIFICATES

Online Digital Identification Signature PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE BATUMI KVARELI RUSTAVI KUTAISI OZURGETI MESTIA TBILISI – SEPTEMBER 2012 E-GOVERNMENT LEGISLATIVE FRAMEWORK

e-Document and e-Signature law – 2007

Law on Creation of Data Exchange Agency –2010

Law on Unified Information Registry –2011

Law on Information Security – 2012

Law on Personal Data Protection – 2012 LAW OF GEORGIA ON UNIFIED STATE REGISTRY OF INFORMATION

Aim of the Law: establishment of a unified state registry of registers, databases, services and information systems within the public sector of Georgia A supplementary act – Instruction on standards and procedures of working with the Registry of Registers, as well as manual on the use of web-portal

Categories of information to be submitted: • Establishment of a registry or service (initial registration) • Significant amendment of a registry or service • Merger, division, revocation, deletion, transfer or archiving a registry or service Data Exchange Agency as implementer E-GOVERNMENT STRATEGY E-GOVERNMENT STRATEGY

• e-Services • e-Participation and Open Government • e-Health • Public Finance Management System • e-Business • ICT-Hub Georgia • Infrastructure • e-Security • Skills and e-Inclusion • Enabling frameworks and governance • Awareness INFORMATIONAL SECURITY

AVAILABILITY INTEGRITY CONFIDENTIALITY false information network jamming intrusions information stealing system paralyzing CYBER SECURITY ECOSYSTEM

Security Council

Minister of Justice Ministry of Internal Affair Minister of Defense Data Exchange Agency 24/7 Cyber Crime Unit Military Cyber Defense Unit AUGUST 2008

Cyber attacks had far less impact on Georgia than they might on a more Internet-dependent county, where vital services like transportation, power and banking are tied to the Internet. Although reasons were also very crucial in terms of war in the country:

• Misinformation of real facts by Russian Media • Aggression and patriotic spirit of Russian supporters. • Block and cut off Georgian Internet resources • Shut down media , forums, blogs in Georgia. • Impact on the Georgia's visibility on the internet and ability to communicate with the world. • Make panic and as much damage as possible to the critical infrastructures. 8 5 Who Attacked?

Traffic origin comparison by hits Romania – “Record” Holder! 08/08/08 Before Attack Started 09/08/08 Under Attack

Guatemala & Indonesia? Who are these guys?!!

10/08/08 Only Georgian traffic allow ed Who Attacked?

You are loosers and will fail again just like in 90ies Types of attacks beside physical

86.105.36.3 Romania, Types of attacks: 87.4.147.122 Telecom Italia, Roma 220.215.92.36 FreeBit, Tokyo - SYN Flood 194.250.18.253 France Telecom, Toulouse - Ping Flood 92.49.146.212 VolgaTelecom, Orenburg, Russia - Http Flood 41.196.241.237 Link Egypt, Dokki-Giza - Defacement 80.188.107.226 Telefonica O2 Czech Republic, Prague - SPAM 83.37.61.226 Telefonica de Espana, Madrid - SQL 62.150.55.34 Qualitynet Co., Kuwait 80.224.161.231 Techauna AUNA, Barcelona Injections 210.215.124.92 Nexon Asia Pacific, Sydney … 75.101.230.118 Amazon Web Services, Seattle Protocols: 217.209.224.115 Telia Network, Sweden 80.201.63.237 Belgacom ISP SA/NV, Bruxelles - HTTP 212.92.140.142 Business Communication Agency, Russia - ICMP 201.216.170.220 Telgua, Guatemala - FTP 88.168.106.155 Free SAS / ProXad, France - SMTP 77.28.79.99 Makedonski Telekom, Skopje 194.29.60.35 Universal Telecom, Kiev, Ukraine - DNS - BGP … WHAT WE KNOW ABOUT HOW IT WAS DONE “POWER TO THE PEOPLE”

‰ Russian Hackers web sites (StopGeorgia.ru and Xakep.ru) spreaded all necessary information and tools how to attack Georgian web-sites

‰ Target web sites and codes for attacks were posted in comments of hundred forums, blogs, news and entertainment web-sites

‰ Interested individuals were asking others to help and to join in by continually sending ICMP traffic via the 'ping' and explaining how to do it.

‰ At the same time ready bat files designed to attack Georgian websites detailed list of websites attack Georgian websites were spreader using file exchange programs.

Example: Interpressnews.ge (New s agency) – detected traffic of about 150 MB. Site was periodically going down or working too slow WHAT WE KNOW ABOUT HOW IT WAS DONE “HACKERS TRICKS”

‰ Geographically distributed BOTNETS

* 300-400 sessions per IP per server

‰ SQL INJECTION of more than 100 sites

*Examples:http://w ww.president.gov.ge/index.php?l=G&m =0&sm=3&id=2693+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5 http://www.results.cec.gov.ge/ubnebi.php?district=22+and+1=@@version http://junior.eurovision-georgia.ge/index.php?lang=eng&topid=3&id=-1+union+select+1,2,3,4,5

‰ Attempts of BGP hijacking

‰ Websites hacking

*Maybe hackers knew some passwords

‰ Spamming of Email addresses

According to many facts, It seems that cyber attacks were planned before the actual war started. Approximately 90% of all gov.ge domain addresses and significant fraction of .ge domain addresses were affected by DDos attacks.

Government

ƒ www.president.gov.ge ƒ www.mfa.gov.ge ƒ www.government.gov.ge ƒ www.parliament.ge ƒ www.mod.gov.ge ƒ www.nbg.gov.ge ƒ www.cec.gov.ge ƒ www.mof.ge ƒ www.abkhazia.gov.ge and so on… News

ƒ www.rustavi2.com ƒ www.interpress.ge ƒ www.civil.ge ƒ www.presa.ge ƒ www.apsny.ge ƒ www.day.az and so on…. EVERYTHING ELSE

ƒ www.internet.ge ƒ www.geres.ge ƒ www.chca.org.ge ƒ www.forum.ge ƒ www.museum.ge ƒ www.grena.ge and so on… Things to wonder about

From Shadowserver, sampling of previous DDoS targets from the same botnets involved in the Georgia attacks:

www.in-bank.net carder.biz Divaescort.com payclubs.biz night-fairy.com vodkaescort.net cc-hack.eu igame.ru i-german.net HOW MEDIA CAN INFLUENCE THE WORLD

Attacks of civil.ge after news that Estonia is in business of site hosting 0 7 WIN32/GEORBOT

Malware was found in Georgian Governmental Agencies including ministries, parliament, banks, NGO’s. Purpose of the malware was Collecting Sensitive, Confidential Information about Georgian and American Security Documents 1 7 WIN32/GEORBOT

The Win32/Georbot malware has the following functionalities for stealing information from an infected system:

• Send any file from the local hard drive to the remote server. • Steal certificates • Search the hard drive for Microsoft Word documents • Search the hard drive for remote desktop configuration files • Take screenshots • Record audio using the microphone • Record video using the webcam • Scan the local network to identify other hosts on the same network • Execute arbitrary commands on the infected system

The commands are activated manually and were sent to each host individually rather than being broadcast to all infected hosts. 2 7 TARGETED AUDIENCE

Cyber Attack was designed very smartly. Various Georgian News-Related web-sites were hacked and modified only Specific News pages (eg. NATO delegation Visit in Georgia, US-Georgian Agreements and Meetings, Georgian Military NEWS). www.caucasustimes.com Site about the NEWS from Caucasian Region www.cei.ge Caucasus Energy and Infrastructure www.psnews.ge Georgian NEWS Site www.opentext.ge Georgian NEWS Site www.presa.ge Georgian NEWS Site www.presage.tv Georgian NEWS Site www.psnews.ge Georgian NEWS Site www.psnews.info Georgian NEWS Site www.resonancedaily.com Georgian NEWS Site 3 7 EXAMPLE OF INJECTED SCRIPT INTO THE HACKED NEWS WEBSITE 4 7 WIN32/GEORBOT COMMAND & CONTROL SERVERS

September, 2010 – georgiaonline.xp3.biz (United States) FreeWebHostingArea.com March, 2011 – ema.gov.ge (Georgia) (hacked webserver) April, 2011 - 178.32.91.70 (France) OVH Hosting June, 2011 - 88.198.240.123 / 88.198.238.55 (Germany) DME Hosting October, 2011 - 94.199.48.104 (Hungary) Net23.hu November, 2011 - 173.212.192.83 (United States) December, 2011 - 31.31.75.63 (Czech Republic) January, 2012 - 31.214.140.214 (Germany) DME Hosting March, 2012 – 78.46.145.24 (Germany) DME Hosting 5 7 GEORBOT

• Not detected with Major Antivirus Product, Bypasses Windows 7 sp1 patched, with Firewall enabled. • After Executing calc.exe itself does 3 major things: • Before installing bot checks if the computer is located in UTC+3, UTC+4 Time-zone. • injecting into iexplorer.exe and communicating to defaced sites, for C&C address retrieval • creating usbserv.exe bot file in Application Data directory, and writing it to autorun in Windows Registry. 6 7 LEGAL FRAMEWORK

Cyber Security Strategy E-Government Strategy Other Strategic for 2013–2015 for 2014–2019 Documents

1. Information Security Law (2012) 1. Cyber Crime Convention 24/7 2. Personal Data Protection ( 2012) 2. All Major IPR Conventions 3. Cyber Crime Chapter on Crime Code. (U 3. Processing of Personal Data Conventions (1981) 2010)

• CERT.GOV.GE Computer emergency Response Team Charter • Presidential Decrees Approval List of Critical Information System Subjects. • Requirements of Information Security Officer working in Critical Information System Subjects. • Decrees of Network Sensor Configuration. • Decrees of Minimal Security Requirements for Critical Information System Subjects. • Decrees of Asset Management Requirements for Critical Information System Subjects. • Decrees of Information Security Audit Body Accreditation. • Decrees of Information Security Audit Requirements in Critical Information System Subjects CYBER SECURITY STRATEGY OF GEORGIA 2013-2015

Basic Principles – Cyber Security Strategy • Whole-of-Government Approach. • Public-private Cooperation. • Active International Cooperation.

Cyber Security Strategy – Main Domains • Research and analysis • New legislative framework • Institutional coordination for ensuring cyber security • Public awareness and education • International cooperation INFORMATION AND CYBER SECURITY

Information Security policy development, implementation, monitoring.

CERT.GOV.GE (Computer Emergency Response Team)

Public Sector + Subject of Critical Infrastructure Military Systems

State Secret INFORMATION SECURITY & POLICY DIVISION Information Security CERT.GOV.GE Team Team

All Team Members are All CERT Team members are SANS BSI Certified Professionals: Certified Professionals:

BSI/ISO 27001 (Information Security) SANS GIAC Certified LI/LA Professionals BSI/ISO 22301 (Business Continuity) LI/LA BSI/ISO 9001 (Quality Management) LA

ISO 31000 (Risk Management) 4 Member of the team are:

CISM (Certified Information Security Manager)

2 Member of the team are:

CISA (Certified Information System Auditor) INFORMATION SECURITY

Management Services Consulting Service

Review of Information Security documentation: Policy, Plans, Audit reportand etc. 36

ISMS Implementation Service

Current Projects: Service Development Agency; Public Registry of Georgia 2

Certified Course in Management Systems

( Introduction, Implementation and Internal Auditin Information Security Management Systems, Certification Exam). 105 NATO SPS Project Trained Professionals from Moldova and Montenegro 40

Information Systems Audit Service CERT.GOV.GE

CERT.GOV.GE

FIRST is an international The Cyber security Executing confederation of trusted computer Arm Of The UNITED NATIONS The Trusted Introducer - a.k.a. TI - is the trusted backbone of incident response teams who SPECIALISED AGENCY of The the Security and Incident cooperatively handle computer International Telecommunication Response Team community in security incidents and promote Union (ITU) Europe incident prevention programs. Partners:

CERT-EE CERT.GOV.GE

Services and Activities

Proactive Services: Other Services: • Incident Handling • Source and Binary Code Analyze Service. • IncidentSupport System • Malware Analyze Service. • Detection of Infected Web Sites • Penetration Test Service • Safe DNS

Monitoring Service • IP Monitoring Services. • Network Monitoring System

Special Activities & Awareness • Cyber Security Forum • Website (dea.gov.ge), • Annual GITI Regional Conference • Facebook (certgovge) • Media Campaign (TV, Internet) • Wall Calendar Course in Cyber Security and Incident Handling

Basic Incident Handling 20

NATO SPS Project Trained Professionals from Afghan, Macedonia, Moldova and Montenegro 90

83 INFORMATION SECURITY AWARENESS GITI – GEORGIAN IT INNOVATION EVENT 2008 THANK YOU FOR YOUR ATTENTION!

Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia [email protected] www.dea.gov.ge; www.my.gov.ge; www.cert.gov.ge;