GEORGIA’S SUCCESSFUL JOURNEY TO E-GOVERNMENT
E-GOVERNMENT DEVELOPMENT IN GEORGIA
Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia GEORGIA GEORGIA – COUNTRY PROFILE
Population: 4.2 million Capital: Tbilisi Area: 69,700 sq. km Highest point is Mkinvartsveri – 5047 meter GEORGIAN ALPHABET GEORGIAN NATIONAL COSTUME UN E-GOVERNMENT SURVEY 2014
Rank Rank Rank Rank GEORGIA 2014 2012 2010 2008 E-Government 56 72 100 100 E-Participation 66 73 132 143 GDP PER CAPITA RELATION BETWEEN EGDI AND NATIONAL INCOME (GNI PER CAPITA), LOVER-MIDDLE INCOME COUNTRIES WHERE GEORGIA
STARTED FROM Business Registry - 2006
• Create information systems • Digitalize internal information resources • Automate information flows • Create data centers • Establish connection between agencies and regional offices IT CRUCIAL TO DELIVER REFORM BENEFITS
In Georgia, reforms were taking place actively since 2004. M ain attention was paid to business process optimization and transparencyReform in organization processes.
Efficiency Transparency
Time Cost Availability Accountability
INFORMATION TECHNOLOGIES IMPLEMENTED PROJECTS
• P roperty registration, e-abstracts, • Netbooks for all first graders • Business Registry • Student Information System-ongoing; • Civil Registry • National school exam on-line • e-ID and e-signature • Automated case management system for court system; project is • Biometrical Passport in decisive phase and system is being introduced in offices • Centralized criminal case management is being introduced; • e-filing system in the Ministry of Finance of Georgia- 90 % of taxpayers are actively using this system; • e-Procurement; • Automation of tax and customs systems (the process is ongoing as reforms taking place in this direction require changes in business • e-Auction of state property; processes); • e-Auction of real estate of Tbilisi City • Case management system of tax dispute Hall; resolution; • Automation project of Enforcement Bureau • Central data storage and reporting system; • e-notary project; • Electronic Treasury project. e-treasury • Electronic directory system for state newspaper and legislative • Cash register management automation project-planned for next base– year; Official Gazette; • Automation project of Social Subsidies Agency • Electronic system for writing out VAT • Real Time Gross Settlement System of National Bank invoices; • Investment Management System of National Bank • Core Banking System of National Bank • Automation of the Ministry of Internal Affairs; • Case management program for Ombudsman; • Chancellery automation project is being implemented in all large ministries. • Computerization of schools. Schools are equipped with computers and by the end of the this year all • Criminal case management system schools (2300) will be connected to internet; RECURRING PROBLEMS
Limited budget
Shortage of No security qualified personnel
Infrastructure No standards expensive
Data incompatibility GGN – GEORGIAN GOVERNMENTAL NETWORK
• Design and tender procurement - 2006
• Contract signed Sept. 1, 2007
• 100 governmental offices connected by the end of 2007
• More than 500 governmental offices connected in 2008
• Since 2009, more than 1,000 governmental connections including schools
Government connected throughout Georgia with no investment, only paid 25% of commercial prices for internet and telephone. E-GOVERNMENT COMMISSION
• E-government development consulting body for government of Georgia • Steering committee for GGN project “ARCHITECTURE” OF E-GOVERNANCE SERVICES ORGANIZATION CENTRIC CITIZEN CENTRIC CONNECTED GOVERNMENT Receive Information in Real Time Proper Planning Effectively Distribute Resources Health Care and of State Budget Social Security Monitor Results
Municipalities Agriculture
Data Exchange Agency Georgian Government Gateway
Education Redundancies Eliminated CITIZEN’S CENTRIC SYSTEM
Unified Automated State E-Governance System Automated Data Statistical Data Processing
Medical Service
Education Migration, Registration
Property
Demographic and other Personal Data CITIZEN Economic Activities
State Social Condition Effective Public Development Policy Planning, Forecast DEA– DATA EXCHANGE AGENCY
Due to the abovementioned problems, the need for establishment of an entity with relevant authority became inevitable, which would support the following activities: • Development and coordination of E-Governance • Development of legal and regulative framework • Ensure information and cyber security • Establishment of the integrated data exchange system and ensure access to information resources
Parliament of Georgia adopted a law on the establishment of “Legal entity of public law under the Ministry of Justice of Georgia - Data Exchange Agency” on the basis of which since 1 January 2010, Data Exchange Agency (DEA) started its activities. E-GOVERNMENT GOVERNANCE ECO SYSTEM
Government of Georgia PM
Ministry of Justice
E-Government Governmental Commission
Data Exchange Agency CIO Council - Consulting Body for Government
1. Implementation Body for Government 2. Administration Body for Commissions DATA EXCHANGE INFRASTRUCTURE
Ministry of Justice Response Ministry of Citizen Finance
Bank Ministry of Education Data Exchange Agency Request
Ministry of Business Health Request Re s ponse
Ministry of Other Internal ministries Affairs G3 – GEORGIAN GOVERNMENTAL GATEWAY G3 – FUNCTIONAL DESIGN
External Applications e-Services Catalog Submission application Portal (not a part of GG delivery) e-Forms
SOAP WS Web GovTalk Web Services (SOAP) API Federation Interface HTTP POST Submission()
g
d Receiving module n n i
SQL Identity provider r a
o t t i i d n Notification engine u
o Priority Services A M Registration Transaction Known facts & & Storages Admin Msgs Messaging Enrolment Audit Submission logging log Routing Services
Application
g d
Integration n n i r a
o t t Audit i i d DIS n log u o A M Internal Information System Communicationto Receiving module MY.GOV.GE – CITIZEN’S PORTAL CITIZEN’S PERSONAL PAGE PROPERTY CITIZEN’S ADDRESS OF REGISTRATION ONLINE BUSINESS REGISTRATION UTILITY PAYMENTS RECOMMENDATION TO IMPROVE SERVICES DEA
Citizen’s portal
Joint document exchange system
Guaranteed electronic delivery system
Trade facilitation System– TFS TRADE FACILITATION SYSTEM – TFS
See Ports
International Shipping Traders Lines
Suppliers Forwarder Trade Companies Facilitation System
Railway Tax & Custom
Banks & Insurance Terminals Companies E-ID CARD ID CARD - WHAT IS IT? WHAT IT DOES?
Identification Travel Proximity Document Document Card
Online Digital Identification Signature ID CARD - ONE CHIP - TWO INTERFACES Contact
Contactless PUBLIC SERVICE HALL - TBILISI CONTACTLESS INTERFACE
Work ID Card
Proximity Card Loyalty Card
Student Card
Many other uses CONTACT INTERFACE – TWO CERTIFICATES
Online Digital Identification Signature PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE BATUMI KVARELI RUSTAVI KUTAISI OZURGETI MESTIA TBILISI – SEPTEMBER 2012 E-GOVERNMENT LEGISLATIVE FRAMEWORK
e-Document and e-Signature law – 2007
Law on Creation of Data Exchange Agency –2010
Law on Unified Information Registry –2011
Law on Information Security – 2012
Law on Personal Data Protection – 2012 LAW OF GEORGIA ON UNIFIED STATE REGISTRY OF INFORMATION
Aim of the Law: establishment of a unified state registry of registers, databases, services and information systems within the public sector of Georgia A supplementary act – Instruction on standards and procedures of working with the Registry of Registers, as well as manual on the use of web-portal
Categories of information to be submitted: • Establishment of a registry or service (initial registration) • Significant amendment of a registry or service • Merger, division, revocation, deletion, transfer or archiving a registry or service Data Exchange Agency as implementer E-GOVERNMENT STRATEGY E-GOVERNMENT STRATEGY
• e-Services • e-Participation and Open Government • e-Health • Public Finance Management System • e-Business • ICT-Hub Georgia • Infrastructure • e-Security • Skills and e-Inclusion • Enabling frameworks and governance • Awareness INFORMATIONAL SECURITY
AVAILABILITY INTEGRITY CONFIDENTIALITY false information network jamming intrusions information stealing system paralyzing CYBER SECURITY ECOSYSTEM
Security Council
Minister of Justice Ministry of Internal Affair Minister of Defense Data Exchange Agency 24/7 Cyber Crime Unit Military Cyber Defense Unit AUGUST 2008
Cyber attacks had far less impact on Georgia than they might on a more Internet-dependent county, where vital services like transportation, power and banking are tied to the Internet. Although reasons were also very crucial in terms of war in the country:
• Misinformation of real facts by Russian Media • Aggression and patriotic spirit of Russian supporters. • Block and cut off Georgian Internet resources • Shut down media , forums, blogs in Georgia. • Impact on the Georgia's visibility on the internet and ability to communicate with the world. • Make panic and as much damage as possible to the critical infrastructures. 8 5 Who Attacked?
Traffic origin comparison by hits Romania – “Record” Holder! 08/08/08 Before Attack Started 09/08/08 Under Attack
Guatemala & Indonesia? Who are these guys?!!
10/08/08 Only Georgian traffic allow ed Who Attacked?
You are loosers and will fail again just like in 90ies Types of attacks beside physical
86.105.36.3 Romania, Types of attacks: 87.4.147.122 Telecom Italia, Roma 220.215.92.36 FreeBit, Tokyo - SYN Flood 194.250.18.253 France Telecom, Toulouse - Ping Flood 92.49.146.212 VolgaTelecom, Orenburg, Russia - Http Flood 41.196.241.237 Link Egypt, Dokki-Giza - Defacement 80.188.107.226 Telefonica O2 Czech Republic, Prague - SPAM 83.37.61.226 Telefonica de Espana, Madrid - SQL 62.150.55.34 Qualitynet Co., Kuwait 80.224.161.231 Techauna AUNA, Barcelona Injections 210.215.124.92 Nexon Asia Pacific, Sydney … 75.101.230.118 Amazon Web Services, Seattle Protocols: 217.209.224.115 Telia Network, Sweden 80.201.63.237 Belgacom ISP SA/NV, Bruxelles - HTTP 212.92.140.142 Business Communication Agency, Russia - ICMP 201.216.170.220 Telgua, Guatemala - FTP 88.168.106.155 Free SAS / ProXad, France - SMTP 77.28.79.99 Makedonski Telekom, Skopje 194.29.60.35 Universal Telecom, Kiev, Ukraine - DNS - BGP … WHAT WE KNOW ABOUT HOW IT WAS DONE “POWER TO THE PEOPLE”
Russian Hackers web sites (StopGeorgia.ru and Xakep.ru) spreaded all necessary information and tools how to attack Georgian web-sites
Target web sites and codes for attacks were posted in comments of hundred forums, blogs, news and entertainment web-sites
Interested individuals were asking others to help and to join in by continually sending ICMP traffic via the 'ping' and explaining how to do it.
At the same time ready bat files designed to attack Georgian websites detailed list of websites attack Georgian websites were spreader using file exchange programs.
Example: Interpressnews.ge (New s agency) – detected traffic of about 150 MB. Site was periodically going down or working too slow WHAT WE KNOW ABOUT HOW IT WAS DONE “HACKERS TRICKS”
Geographically distributed BOTNETS
* 300-400 sessions per IP per server
SQL INJECTION of more than 100 sites
*Examples:http://w ww.president.gov.ge/index.php?l=G&m =0&sm=3&id=2693+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5 http://www.results.cec.gov.ge/ubnebi.php?district=22+and+1=@@version http://junior.eurovision-georgia.ge/index.php?lang=eng&topid=3&id=-1+union+select+1,2,3,4,5
Attempts of BGP hijacking
Websites hacking
*Maybe hackers knew some passwords
Spamming of Email addresses
According to many facts, It seems that cyber attacks were planned before the actual war started. Approximately 90% of all gov.ge domain addresses and significant fraction of .ge domain addresses were affected by DDos attacks.
Government
www.president.gov.ge www.mfa.gov.ge www.government.gov.ge www.parliament.ge www.mod.gov.ge www.nbg.gov.ge www.cec.gov.ge www.mof.ge www.abkhazia.gov.ge and so on… News
www.rustavi2.com www.interpress.ge www.civil.ge www.presa.ge www.apsny.ge www.day.az and so on…. EVERYTHING ELSE
www.internet.ge www.geres.ge www.chca.org.ge www.forum.ge www.museum.ge www.grena.ge and so on… Things to wonder about
From Shadowserver, sampling of previous DDoS targets from the same botnets involved in the Georgia attacks:
www.in-bank.net carder.biz Divaescort.com payclubs.biz night-fairy.com vodkaescort.net cc-hack.eu igame.ru i-german.net HOW MEDIA CAN INFLUENCE THE WORLD
Attacks of civil.ge after news that Estonia is in business of site hosting 0 7 WIN32/GEORBOT
Malware was found in Georgian Governmental Agencies including ministries, parliament, banks, NGO’s. Purpose of the malware was Collecting Sensitive, Confidential Information about Georgian and American Security Documents 1 7 WIN32/GEORBOT
The Win32/Georbot malware has the following functionalities for stealing information from an infected system:
• Send any file from the local hard drive to the remote server. • Steal certificates • Search the hard drive for Microsoft Word documents • Search the hard drive for remote desktop configuration files • Take screenshots • Record audio using the microphone • Record video using the webcam • Scan the local network to identify other hosts on the same network • Execute arbitrary commands on the infected system
The commands are activated manually and were sent to each host individually rather than being broadcast to all infected hosts. 2 7 TARGETED AUDIENCE
Cyber Attack was designed very smartly. Various Georgian News-Related web-sites were hacked and modified only Specific News pages (eg. NATO delegation Visit in Georgia, US-Georgian Agreements and Meetings, Georgian Military NEWS). www.caucasustimes.com Site about the NEWS from Caucasian Region www.cei.ge Caucasus Energy and Infrastructure www.psnews.ge Georgian NEWS Site www.opentext.ge Georgian NEWS Site www.presa.ge Georgian NEWS Site www.presage.tv Georgian NEWS Site www.psnews.ge Georgian NEWS Site www.psnews.info Georgian NEWS Site www.resonancedaily.com Georgian NEWS Site 3 7 EXAMPLE OF INJECTED SCRIPT INTO THE HACKED NEWS WEBSITE 4 7 WIN32/GEORBOT COMMAND & CONTROL SERVERS
September, 2010 – georgiaonline.xp3.biz (United States) FreeWebHostingArea.com March, 2011 – ema.gov.ge (Georgia) (hacked webserver) April, 2011 - 178.32.91.70 (France) OVH Hosting June, 2011 - 88.198.240.123 / 88.198.238.55 (Germany) DME Hosting October, 2011 - 94.199.48.104 (Hungary) Net23.hu November, 2011 - 173.212.192.83 (United States) December, 2011 - 31.31.75.63 (Czech Republic) January, 2012 - 31.214.140.214 (Germany) DME Hosting March, 2012 – 78.46.145.24 (Germany) DME Hosting 5 7 GEORBOT
• Not detected with Major Antivirus Product, Bypasses Windows 7 sp1 patched, with Firewall enabled. • After Executing calc.exe itself does 3 major things: • Before installing bot checks if the computer is located in UTC+3, UTC+4 Time-zone. • injecting into iexplorer.exe and communicating to defaced sites, for C&C address retrieval • creating usbserv.exe bot file in Application Data directory, and writing it to autorun in Windows Registry. 6 7 LEGAL FRAMEWORK
Cyber Security Strategy E-Government Strategy Other Strategic for 2013–2015 for 2014–2019 Documents
1. Information Security Law (2012) 1. Cyber Crime Convention 24/7 2. Personal Data Protection ( 2012) 2. All Major IPR Conventions 3. Cyber Crime Chapter on Crime Code. (U 3. Processing of Personal Data Conventions (1981) 2010)
• CERT.GOV.GE Computer emergency Response Team Charter • Presidential Decrees Approval List of Critical Information System Subjects. • Requirements of Information Security Officer working in Critical Information System Subjects. • Decrees of Network Sensor Configuration. • Decrees of Minimal Security Requirements for Critical Information System Subjects. • Decrees of Asset Management Requirements for Critical Information System Subjects. • Decrees of Information Security Audit Body Accreditation. • Decrees of Information Security Audit Requirements in Critical Information System Subjects CYBER SECURITY STRATEGY OF GEORGIA 2013-2015
Basic Principles – Cyber Security Strategy • Whole-of-Government Approach. • Public-private Cooperation. • Active International Cooperation.
Cyber Security Strategy – Main Domains • Research and analysis • New legislative framework • Institutional coordination for ensuring cyber security • Public awareness and education • International cooperation INFORMATION AND CYBER SECURITY
Information Security policy development, implementation, monitoring.
CERT.GOV.GE (Computer Emergency Response Team)
Public Sector + Subject of Critical Infrastructure Military Systems
State Secret INFORMATION SECURITY & POLICY DIVISION Information Security CERT.GOV.GE Team Team
All Team Members are All CERT Team members are SANS BSI Certified Professionals: Certified Professionals:
BSI/ISO 27001 (Information Security) SANS GIAC Certified LI/LA Professionals BSI/ISO 22301 (Business Continuity) LI/LA BSI/ISO 9001 (Quality Management) LA
ISO 31000 (Risk Management) 4 Member of the team are:
CISM (Certified Information Security Manager)
2 Member of the team are:
CISA (Certified Information System Auditor) INFORMATION SECURITY
Management Services Consulting Service
Review of Information Security documentation: Policy, Plans, Audit reportand etc. 36
ISMS Implementation Service
Current Projects: Service Development Agency; Public Registry of Georgia 2
Certified Course in Management Systems
( Introduction, Implementation and Internal Auditin Information Security Management Systems, Certification Exam). 105 NATO SPS Project Trained Professionals from Moldova and Montenegro 40
Information Systems Audit Service CERT.GOV.GE
CERT.GOV.GE
FIRST is an international The Cyber security Executing confederation of trusted computer Arm Of The UNITED NATIONS The Trusted Introducer - a.k.a. TI - is the trusted backbone of incident response teams who SPECIALISED AGENCY of The the Security and Incident cooperatively handle computer International Telecommunication Response Team community in security incidents and promote Union (ITU) Europe incident prevention programs. Partners:
CERT-EE CERT.GOV.GE
Services and Activities
Proactive Services: Other Services: • Incident Handling • Source and Binary Code Analyze Service. • IncidentSupport System • Malware Analyze Service. • Detection of Infected Web Sites • Penetration Test Service • Safe DNS
Monitoring Service • IP Monitoring Services. • Network Monitoring System
Special Activities & Awareness • Cyber Security Forum • Website (dea.gov.ge), • Annual GITI Regional Conference • Facebook (certgovge) • Media Campaign (TV, Internet) • Wall Calendar Course in Cyber Security and Incident Handling
Basic Incident Handling 20
NATO SPS Project Trained Professionals from Afghan, Macedonia, Moldova and Montenegro 90
83 INFORMATION SECURITY AWARENESS GITI – GEORGIAN IT INNOVATION EVENT 2008 THANK YOU FOR YOUR ATTENTION!
Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia [email protected] www.dea.gov.ge; www.my.gov.ge; www.cert.gov.ge;