GEORGIA S SUCCESSFUL JOURNEY TO E-GOVERNMENT E-GOVERNMENT DEVELOPMENT IN GEORGIA Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia
GEORGIA
GEORGIA COUNTRY PROFILE Population: 4.2 million Capital: Tbilisi Area: 69,700 sq. km Highest point is Mkinvartsveri 5047 meter
GEORGIAN ALPHABET
GEORGIAN NATIONAL COSTUME
UN E-GOVERNMENT SURVEY 2014 GEORGIA Rank 2014 Rank 2012 Rank 2010 Rank 2008 E-Government 56 72 100 100 E-Participation 66 73 132 143
GDP PER CAPITA
RELATION BETWEEN EGDI AND NATIONAL INCOME (GNI PER CAPITA), LOVER-MIDDLE INCOME COUNTRIES
WHERE GEORGIA STARTED FROM Business Registry - 2006 Create information systems Digitalize internal information resources Automate information flows Create data centers Establish connection between agencies and regional offices
IT CRUCIAL TO DELIVER REFORM BENEFITS In Georgia, reforms were taking place actively since 2004. M ain attention was paid to business process optimization and transparency in organization processes. Reform Efficiency Transparency Time Cost Availability Accountability INFORMATION TECHNOLOGIES
IMPLEMENTED PROJECTS P roperty registration, e-abstracts, Business Registry Civil Registry e-id and e-signature Biometrical Passport e-filing system in the Ministry of Finance of Georgia- 90 % of taxpayers are actively using this system; Automation of tax and customs systems (the process is ongoing as reforms taking place in this direction require changes in business processes); Case management system of tax dispute resolution; Central data storage and reporting system; Electronic Treasury project. e-treasury Cash register management automation project-planned for next year; Electronic system for writing out VAT invoices; Automation of the Ministry of Internal Affairs; Case management program for Ombudsman; Computerization of schools. Schools are equipped with computers and by the end of the this year all schools (2300) will be connected to internet; Netbooks for all first graders Student Information System-ongoing; National school exam on-line Automated case management system for court system; project is in decisive phase and system is being introduced in offices Centralized criminal case management is being introduced; e-procurement; e-auction of state property; e-auction of real estate of Tbilisi City Hall; Automation project of Enforcement Bureau e-notary project; Electronic directory system for state newspaper and legislative base Official Gazette; Automation project of Social Subsidies Agency Real Time Gross Settlement System of National Bank Investment Management System of National Bank Core Banking System of National Bank Chancellery automation project is being implemented in all large ministries. Criminal case management system
RECURRING PROBLEMS Limited budget No security Shortage of qualified personnel No standards Infrastructure expensive Data incompatibility
GGN GEORGIAN GOVERNMENTAL NETWORK Design and tender procurement - 2006 Contract signed Sept. 1, 2007 100 governmental offices connected by the end of 2007 More than 500 governmental offices connected in 2008 Since 2009, more than 1,000 governmental connections including schools Government connected throughout Georgia with no investment, only paid 25% of commercial prices for internet and telephone.
E-GOVERNMENT COMMISSION E-government development consulting body for government of Georgia Steering committee for GGN project
ARCHITECTURE OF E-GOVERNANCE SERVICES
ORGANIZATION CENTRIC
CITIZEN CENTRIC
CONNECTED GOVERNMENT Receive Information in Real Time Effectively Distribute Resources Health Care and Social Security Monitor Results Proper Planning of State Budget Municipalities Agriculture Data Exchange Agency Georgian Government Gateway Redundancies Eliminated Education
CITIZEN S CENTRIC SYSTEM Unified Automated Statistical Data State E-Governance System Automated Data Processing Medical Service Migration, Registration Education Property Demographic and other Personal Data CITIZEN Economic Activities State Development Planning, Forecast Social Condition Effective Public Policy
DEA DATA EXCHANGE AGENCY Due to the abovementioned problems, the need for establishment of an entity with relevant authority became inevitable, which would support the following activities: Development and coordination of E-Governance Development of legal and regulative framework Ensure information and cyber security Establishment of the integrated data exchange system and ensure access to information resources Parliament of Georgia adopted a law on the establishment of Legal entity of public law under the Ministry of Justice of Georgia - Data Exchange Agency on the basis of which since 1 January 2010, Data Exchange Agency (DEA) started its activities.
E-GOVERNMENT GOVERNANCE ECO SYSTEM Government of Georgia PM Ministry of Justice E-Government Governmental Commission Data Exchange Agency CIO Council - Consulting Body for Government 1. Implementation Body for Government 2. Administration Body for Commissions
DATA EXCHANGE INFRASTRUCTURE Citizen Ministry of Justice Response Ministry of Finance Bank Data Exchange Agency Request Ministry of Education Business Request Ministry of Health Response Other ministries Ministry of Internal Affairs
G3 GEORGIAN GOVERNMENTAL GATEWAY
G3 FUNCTIONAL DESIGN External Applications Portal e-services Catalog Submission application (not a part of GG delivery) e-forms SOAP API WS Federation Web Interface GovTalk HTTP POST Web Services (SOAP) Submission() Storages SQL Identity provider Registration & Enrolment Audit and Monitoring Audit log Transaction & Messaging Receiving module Priority Services Notification engine Known facts Admin Msgs Submission logging Routing Services Application Integration DIS Audit and Monitoring Audit log Internal Information System Communicationto Receiving module
MY.GOV.GE CITIZEN S PORTAL
CITIZEN S PERSONAL PAGE
PROPERTY
CITIZEN S ADDRESS OF REGISTRATION
ONLINE BUSINESS REGISTRATION
UTILITY PAYMENTS
RECOMMENDATION TO IMPROVE SERVICES
DEA Citizen s portal Joint document exchange system Guaranteed electronic delivery system Trade facilitation System TFS
TRADE FACILITATION SYSTEM TFS See Ports International Traders Shipping Lines Suppliers Trade Facilitation System Forwarder Companies Railway Tax & Custom Banks & Insurance Companies Terminals
E-ID CARD
ID CARD - WHAT IS IT? WHAT IT DOES? Identification Document Travel Document Proximity Card Online Identification Digital Signature
ID CARD - ONE CHIP - TWO INTERFACES Contact Contactless
PUBLIC SERVICE HALL - TBILISI
CONTACTLESS INTERFACE Work ID Card Proximity Card Loyalty Card Student Card Many other uses
CONTACT INTERFACE TWO CERTIFICATES Online Identification Digital Signature
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
PUBLIC SERVICE HALL EVERYTHING IN ONE SPACE
BATUMI
KVARELI
RUSTAVI
KUTAISI
OZURGETI
MESTIA
TBILISI SEPTEMBER 2012
E-GOVERNMENT LEGISLATIVE FRAMEWORK e-document and e-signature law 2007 Law on Creation of Data Exchange Agency 2010 Law on Unified Information Registry 2011 Law on Information Security 2012 Law on Personal Data Protection 2012
LAW OF GEORGIA ON UNIFIED STATE REGISTRY OF INFORMATION Aim of the Law: establishment of a unified state registry of registers, databases, services and information systems within the public sector of Georgia A supplementary act Instruction on standards and procedures of working with the Registry of Registers, as well as manual on the use of web-portal Categories of information to be submitted: Establishment of a registry or service (initial registration) Significant amendment of a registry or service Merger, division, revocation, deletion, transfer or archiving a registry or service Data Exchange Agency as implementer
E-GOVERNMENT STRATEGY
E-GOVERNMENT STRATEGY e-services e-participation and Open Government e-health Public Finance Management System e-business ICT-Hub Georgia Infrastructure e-security Skills and e-inclusion Enabling frameworks and governance Awareness
INFORMATIONAL SECURITY AVAILABILITY INTEGRITY CONFIDENTIALITY false information network jamming intrusions information stealing system paralyzing
CYBER SECURITY ECOSYSTEM Security Council Minister of Justice Data Exchange Agency Ministry of Internal Affair 24/7 Cyber Crime Unit Minister of Defense Military Cyber Defense Unit
AUGUST 2008 Cyber attacks had far less impact on Georgia than they might on a more Internet-dependent county, where vital services like transportation, power and banking are tied to the Internet. Although reasons were also very crucial in terms of war in the country: Misinformation of real facts by Russian Media Aggression and patriotic spirit of Russian supporters. Block and cut off Georgian Internet resources Shut down media, forums, blogs in Georgia. Impact on the Georgia's visibility on the internet and ability to communicate with the world. Make panic and as much damage as possible to the critical infrastructures. 58
Who Attacked? Traffic origin comparison by hits 08/08/08 Before Attack Started 09/08/08 Under Attack Romania Record Holder! Guatemala & Indonesia? Who are these guys?!! 10/08/08 Only Georgian traffic allow ed
Who Attacked? You are loosers and will fail again just like in 90ies
Types of attacks beside physical 86.105.36.3 Romania, 87.4.147.122 Telecom Italia, Roma 220.215.92.36 FreeBit, Tokyo 194.250.18.253 France Telecom, Toulouse 92.49.146.212 VolgaTelecom, Orenburg, Russia 41.196.241.237 Link Egypt, Dokki-Giza 80.188.107.226 Telefonica O2 Czech Republic, Prague 83.37.61.226 Telefonica de Espana, Madrid 62.150.55.34 Qualitynet Co., Kuwait 80.224.161.231 Techauna AUNA, Barcelona 210.215.124.92 Nexon Asia Pacific, Sydney 75.101.230.118 Amazon Web Services, Seattle 217.209.224.115 Telia Network, Sweden 80.201.63.237 Belgacom ISP SA/NV, Bruxelles 212.92.140.142 Business Communication Agency, Russia 201.216.170.220 Telgua, Guatemala 88.168.106.155 Free SAS / ProXad, France 77.28.79.99 Makedonski Telekom, Skopje 194.29.60.35 Universal Telecom, Kiev, Ukraine Types of attacks: - SYN Flood - Ping Flood - Http Flood - Defacement - SPAM - SQL Injections Protocols: - HTTP - ICMP - FTP - SMTP - DNS - BGP
WHAT WE KNOW ABOUT HOW IT WAS DONE POWER TO THE PEOPLE Russian Hackers web sites (StopGeorgia.ru and Xakep.ru) spreaded all necessary information and tools how to attack Georgian web-sites Target web sites and codes for attacks were posted in comments of hundred forums, blogs, news and entertainment web-sites Interested individuals were asking others to help and to join in by continually sending ICMP traffic via the 'ping' and explaining how to do it. At the same time ready bat files designed to attack Georgian websites detailed list of websites attack Georgian websites were spreader using file exchange programs. Exam ple: Interpressnews.ge (New s agency) detected traffic of about 150 MB. Site was periodically going down or working too slow
WHAT WE KNOW ABOUT HOW IT WAS DONE HACKERS TRICKS Geographically distributed BOTNETS * 300-400 sessions per IP per server SQL INJECTION of more than 100 sites *Exam ples:http://w ww.president.gov.ge/index.php?l=g&m =0&sm=3&id=2693+union+select+1,2,3,4,5,6,7,8,9,0,1,2,3,4,5 http://www.results.cec.gov.ge/ubnebi.php?district=22+and+1=@@version http://junior.eurovision-georgia.ge/index.php?lang=eng&topid=3&id=-1+union+select+1,2,3,4,5 Attempts of BGP hijacking Websites hacking *Maybe hackers knew some passwords Spamming of Email addresses According to many facts, It seems that cyber attacks were planned before the actual war started.
Approximately 90% of all gov.ge domain addresses and significant fraction of.ge domain addresses were affected by DDos attacks.
Government www.president.gov.ge www.mfa.gov.ge www.government.gov.ge www.parliament.ge www.mod.gov.ge www.nbg.gov.ge www.cec.gov.ge www.mof.ge www.abkhazia.gov.ge and so on
News www.rustavi2.com www.interpress.ge www.civil.ge www.presa.ge www.apsny.ge www.day.az and so on.
EVERYTHING ELSE www.internet.ge www.geres.ge www.chca.org.ge www.forum.ge www.museum.ge www.grena.ge and so on
Things to wonder about From Shadowserver, sampling of previous DDoS targets from the same botnets involved in the Georgia attacks: www.in-bank.net carder.biz Divaescort.com payclubs.biz night-fairy.com vodkaescort.net cc-hack.eu igame.ru i-german.net
HOW MEDIA CAN INFLUENCE THE WORLD Attacks of civil.ge after news that Estonia is in business of site hosting 70
WIN32/GEORBOT Malware was found in Georgian Governmental Agencies including ministries, parliament, banks, NGO s. Purpose of the malware was Collecting Sensitive, Confidential Information about Georgian and American Security Documents 71
WIN32/GEORBOT The Win32/Georbot malware has the following functionalities for stealing information from an infected system: Send any file from the local hard drive to the remote server. Steal certificates Search the hard drive for Microsoft Word documents Search the hard drive for remote desktop configuration files Take screenshots Record audio using the microphone Record video using the webcam Scan the local network to identify other hosts on the same network Execute arbitrary commands on the infected system The commands are activated manually and were sent to each host individually rather than being broadcast to all infected hosts. 72
TARGETED AUDIENCE Cyber Attack was designed very smartly. Various Georgian News-Related web-sites were hacked and modified only Specific News pages (eg. NATO delegation Visit in Georgia, US-Georgian Agreements and Meetings, Georgian Military NEWS). www.caucasustimes.com www.cei.ge www.psnews.ge www.opentext.ge www.presa.ge www.presage.tv www.psnews.ge www.psnews.info www.resonancedaily.com Site about the NEWS from Caucasian Region Caucasus Energy and Infrastructure Georgian NEWS Site Georgian NEWS Site Georgian NEWS Site Georgian NEWS Site Georgian NEWS Site Georgian NEWS Site Georgian NEWS Site 73
EXAMPLE OF INJECTED SCRIPT INTO THE HACKED NEWS WEBSITE 74
WIN32/GEORBOT COMMAND & CONTROL SERVERS September, 2010 georgiaonline.xp3.biz (United States) FreeWebHostingArea.com March, 2011 ema.gov.ge (Georgia) (hacked webserver) April, 2011-178.32.91.70 (France) OVH Hosting June, 2011-88.198.240.123 / 88.198.238.55 (Germany) DME Hosting October, 2011-94.199.48.104 (Hungary) Net23.hu November, 2011-173.212.192.83 (United States) December, 2011-31.31.75.63 (Czech Republic) January, 2012-31.214.140.214 (Germany) DME Hosting March, 2012 78.46.145.24 (Germany) DME Hosting 75
GEORBOT Not detected with Major Antivirus Product, Bypasses Windows 7 sp1 patched, with Firewall enabled. After Executing calc.exe itself does 3 major things: Before installing bot checks if the computer is located in UTC+3, UTC+4 Time-zone. injecting into iexplorer.exe and communicating to defaced sites, for C&C address retrieval creating usbserv.exe bot file in Application Data directory, and writing it to autorun in Windows Registry. 76
LEGAL FRAMEWORK Cyber Security Strategy for 2013 2015 E-Government Strategy for 2014 2019 Other Strategic Documents 1. Information Security Law (2012) 2. Personal Data Protection ( 2012) 3. Cyber Crime Chapter on Crime Code. (U 2010) 1. Cyber Crime Convention 24/7 2. All Major IPR Conventions 3. Processing of Personal Data Conventions (1981) CERT.GOV.GE Computer emergency Response Team Charter Presidential Decrees Approval List of Critical Information System Subjects. Requirements of Information Security Officer working in Critical Information System Subjects. Decrees of Network Sensor Configuration. Decrees of Minimal Security Requirements for Critical Information System Subjects. Decrees of Asset Management Requirements for Critical Information System Subjects. Decrees of Information Security Audit Body Accreditation. Decrees of Information Security Audit Requirements in Critical Information System Subjects
CYBER SECURITY STRATEGY OF GEORGIA 2013-2015 Basic Principles Cyber Security Strategy Whole-of-Government Approach. Public-private Cooperation. Active International Cooperation. Cyber Security Strategy Main Domains Research and analysis New legislative framework Institutional coordination for ensuring cyber security Public awareness and education International cooperation
INFORMATION AND CYBER SECURITY Information Security policy development, implementation, monitoring. CERT.GOV.GE (Computer Emergency Response Team) Military Public Sector + Subject of Critical Infrastructure Systems State Secret
INFORMATION SECURITY & POLICY DIVISION Information Security Team CERT.GOV.GE Team All Team Members are BSI Certified Professionals: BSI/ISO 27001 (Information Security) LI/LA BSI/ISO 22301 (Business Continuity) LI/LA BSI/ISO 9001 (Quality Management) LA All CERT Team members are SANS Certified Professionals: SANS GIAC Certified Professionals ISO 31000 (Risk Management) 4 Member of the team are: CISM (Certified Information Security Manager) 2 Member of the team are: CISA (Certified Information System Auditor)
INFORMATION SECURITY Management Services Consulting Service Review of Information Securitydocumentation: Policy, Plans, Audit reportand etc. 36 ISMS Implementation Service Current Projects: Service Development Agency; Public Registry of Georgia 2 Certified Course in Management Systems ( Introduction, Implementation and Internal Auditin Information Security Management Systems, Certification Exam). 105 NATO SPS Project Trained Professionals from Moldova and Montenegro 40 Information Systems Audit Service
CERT.GOV.GE CERT.GOV.GE The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) Partners: The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs. CERT-EE
CERT.GOV.GE Services and Activities Proactive Services: Incident Handling IncidentSupport System Detection of Infected Web Sites Safe DNS Other Services: Source and Binary Code Analyze Service. Malware Analyze Service. Penetration Test Service Monitoring Service IP Monitoring Services. Network Monitoring System Special Activities & Awareness Cyber Security Forum Annual GITI Regional Conference Website (dea.gov.ge), Facebook (certgovge) Media Campaign (TV, Internet) Wall Calendar 83 Course in Cyber Security and Incident Handling Basic Incident Handling 20 NATO SPS Project Trained Professionals from Afghan, Macedonia, Moldova and Montenegro 90
INFORMATION SECURITY AWARENESS
GITI GEORGIAN IT INNOVATION EVENT 2008
THANK YOU FOR YOUR ATTENTION! Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia igvenetadze@dea.gov.ge www.dea.gov.ge; www.my.gov.ge; www.cert.gov.ge;