Baltimore Technologies Jack Nagle
E-Government! Relationship between E-Business & E- Government growth! Government as a Leader for Change! Security Requirements! An Irish Example Revenue On-Line
E-Security! Real E-Business! Needs real E- Security! Conducted with Integrity! In an Infosphere involving multiple stakeholders including Government! Without which!real progress will be retarded! Islands of T rust will persist
Next-Generation Boundaries! A foundation assumption: economic transition The world is in transition from the industrial economy of the past to the digital economy of the future The network is no longer just a tool for doing business; it s the medium in which we do business Organizations resist this change at their peril The shift is self-perpetuating: The emerging capabilities of the network are driving dramatic change in business models The dramatic change in business models is having a substantial effect on enterprise network infrastructure
Next-Generation Boundaries! The business web The twentieth century enterprise is giving way to the business-web, driven by the disaggregation and reaggregation of the firm. Don Tapscott David Ticoll Alex Lowy Digital Capital, citing Ronald Coase
E-Busines s Drivers Leverage the Internet to. Deliver better customer service Enable customer self-service Improve operational efficiency Increase productivity Automate processes Create customer loyalty Service customers Create new sales channels Develop new business partners Develop new markets and business models Lower costs Improve business agility Respond to competitive challenges Increase revenues Create new products and services Integrate supply chains
Next-Generation Boundaries! The Virtual Enterprise Network Suppliers Partners Employees Internal Systems & Data Virtual enterprise? Virtual network? It s both. Employees Partners Customers
The Integrated Enterprise Database Mainframe Packages Enterprise Application Integration Custom Applications Web Application Integration emarket Integration XML Integrated Organization B2B Services Infrastructure Physical Delivery B2C Services Infrastructure Secure Collaboration Space Specialist Networks Internet Dynamic Trading Partners Corporate Firewall Client
E-Government! What it it G2B: corporation TAX, VAT returns.. G2C: Personal TAX, housing benefits, Motor TAX G2E: Government to Employee! What are the Drivers behind this External effectiveness Increased accessibility to the authorities through e- services One stop shop: single point of entry EU directives Internal effectiveness Increase efficiencies of work flow process Cost reduction is the main driver
E -Governmentreflects E - Business Growth Moving from! Information Searching/Providing -Websites, D/B s, Forms! Interaction - Transaction engines, Secure Communications! Interoperability Front and Back Office Integration, Workflow, XML joined up government needs joined up information systems
Waves ofe -Government Value of Service Information WebBased Guide to Services Electronic Leaflets Transaction Primarily one-way Single Agency Little backend integration Interaction 2 way transactions Multiple Agencies Single point of entry Backend integration Interoperability On-line transparent Government e-voting Cross boarder Electronic Passports Complexity
Barriersto fulldeployment ofe- Business/Government! Organisational Change process / budgetary! Legal Framework Digital Signature Data Protection On-line transactions! Security Confidentiality Strong Authentication of Citizen / Organization Strong Authentication to ensure accurate provisioning! Acceptance by users non-intrusive security measures acceptance of technology
Government Leadership! Legislation Development of e-commerce and e-government services relies on clear legal frameworks which also help in building public confidence in electronic transactions.(hong Kong experience) Governments must ensure that the protection of fundamental rights meets the needs of the digital age (Netherlands experience)! Provide Infrastructure E-commerce in Australia will be simplified by allowing businesses to use one digital certificate to carry out online transactions with banks, trading partners and government agencies. (Australian experience) Government can play an important role in driving the development of the Public Key Infrastructure. (Hong
E-Government Leadership contd..! Promotion Promotion of on-line transactions, standards, interoperability (governments.)..don t underestimate the effort required to develop and grow user contacts, promote awareness of standards, attend relevant user groups and to manage business requirements. (UK experience)! By Example
Security Challenges! Establishing identity! Providing access to the right resources! Conducting e-busines s with integrity! Making security; Easy to deploy Readily available Simple to use Authentication Authorization Digital Signatures Receipts Timestamps E-payments Delivering real business benefit
How Much Authentication? Sensitivity of Data Treasury etrading Military Passwords Closed User Group CRM Access Supply Chain Intranet Corporate Mail Social Site Instant Messaging epharma Pension ebanking Tax Returns Web Mail Micropayments Web surfing CD Retail Open User Group Easily broken Easily forgotten Must be protected by SSL Suitable for low value applications Scales to large numbers of users Low cost Not suitable for high value applications No audit trail
How Much Authentication? Sensitivity of Data Closed User Group CRM Access Supply Chain Intranet Corporate Mail Treasury Military etrading Social Site Instant Messaging epharma Pension ebanking Tax Returns CD Retail Web Mail Web surfing Open User Group Dynamic Passwords Too expensive for low value apps Only suitable for closed user groups No signed audit trail Proprietary Difficult to recover from lost token Good security
How Much Authentication? Sensitivity of Data Closed User Group CRM Access Supply Chain Intranet Corporate Mail Treasury Military etrading Social Site Instant Messaging epharma Pension ebanking Tax Returns CD Retail Web Mail Web surfing Open User Group Biometrics Can never be forgotten! Adds extra security factor of something you are to broad authentication mechanisms like PKI Uptake hindered by immaturity of technology and cost & availability of devices now changing Suitable for closed user groups Socially difficult
How Much Authentication? Sensitivity of Data Closed User Group CRM Access Supply Chain Intranet Corporate Mail Treasury Military etrading Social Site Instant Messaging epharma Pension ebanking Tax Returns CD Retail Web Mail Web surfing Open User Group PKI Worldwide standard system for digital certificates (like passports) and digital signatures Bedrock of Internet security; easily combined with other mechanisms like smartcards & biometrics Signed Audit Trail for dispute resolution/nonrepudiation Legacy integration can be expensive; web services making it easier
SecurityFramework Employees Partners Suppliers Customers Identity Proved Authorization Granted Transaction Signed Portals Applications Systems Any Device, any Platform, any Network Provisioning Identity and Entitlements Managing Identity and Entitlements Enforcing Identity and Entitlements Security Services Platform
Irish E-Government! Legislation Data Protection Act: registration of use of data has implications for e-government 1988 Electronic Signature Directive 2000 E-Commerce Act 2000: recognition of on-line transactions Electronic Commerce Directive einvoicing Directive! Leadership REACH initiative ROS : E-Government in action
National IT & E-SecuritySum mit 21 March 2002 Revenue On-Line Service
Revenue On-Line Service " Introduction " Colm Bermingham, ROS Project Manager " Today s Presentation RFT to Reality " Background to ROS " Business considerations for the Service " Revenue s security solution (PKI) " Sample Functionality " Conclusions
ROS -Background! Revenue one of the largest processors of information in Ireland! Bulk of processing paper based! Resource intensive! Revenue also provides information to taxpayers and agents! Paper mountain contributes to costs, delays, frustration
R O S Drivers DRIVERS! Revenue Board Statement of Strategy 1997-1999 50% of all business returns filed electronically by 2005 Position ROS as the preferred method by which customers interact with Revenue egovernment Initiative Information Society Commission National ebroker projects for Corporations & Citizens European Union Benchmarking
Government Achievements! Electronic Commerce Act 2000! Investment - Broadband Infrastructure! International Connectivity Project! Action Plan for the Information Society
What is ROS?! A facility to file returns over the Internet! Access over the Internet to specified tax information! A facility to send information and correspondence to RO S users over the Internet! Enhancement of payment options available to customers
Strategic Objectives of ROS! Increase voluntary compliance by making it easier and cheaper to comply! Improve Revenue s Customer service! Address our obligations under the Government s Information Society Strategy! Eliminate routine processing and paper handling to create a more effective and efficient organisation
ROS Facilities " Filing Tax Returns Employer s Tax, VAT Income Tax & Corporation Tax " Making Payments ROS Debit Instruction Laser Card " Access to Tax Information Own Revenue data " Access Control System Agents and Companies
R O S - Develop ment History! Business team - September 1998! Vision documented - November 1998! Corporate commitment - March 1999! Procurement process completed - Dec. 1999! Contractors appointed Accenture, January 2000 Baltimore, April 2000! ROS Live 29 th September 2000
R OS Procurement - Application! Detailed RF T is sued July 99 - to cover design, build and possibly support of ROS! Eighteen responses to RF T! Rigorous analysis and selection process! Nine contractors selected for in depth evaluation! Accenture selected! ROS implementation commenced January 5
R OS Procurement- Security! Detailed RF T issued Feb 2000 - to cover PKI, product integration, Certification Authority! Eight responses to RFT! Rigorous analysis and selection process! Baltimore Technologies selected! ROS implementation commenced April 2000 Hosting facility commissioned August 2000
ROS -Approach! Senior management support and sponsorship! Short snappy phases! Committed team! Funding & Resources
R OS - Approach Effective and ongoing consultation is key to success Internal Consultation! New Partnership Structure! Management! Staff! Unions External Consultation! Accounting/Professional Representative Groups! Tax Agents! Software/Payroll Companies! Customer Panels! Individual Customers
ROS -Security " Business considerations " Confidentiality " Authentication " Integrity " Non-Repudiation " Other factors " Public Key Infrastructure " Customer Service vs Technology " Security
ROS -Security " Foreign Experience " Certification Authority " Customer Focus " Digital Certificate link to Revenue Records " Documentation
ROS -Security " Policy Approval Authority (PAA) " Certificate Policy Statement (CPS) " Certificate Policy (CP) " Terms and Conditions " Independent PKI audit
ROS -Security! Confidentiality 128 bit SSL Verisign Global certification Single session key generation! Easy to implement once the U S strong Encryption export restrictions lifted! ROS infrastructure security
ROS -Security Strong authentication digital certificates Web Server Security Application Security Application Server and Database encrypted data Internet Web Server Firewall " Taxpayer " Agent Cryptographic Services Multiple Firewalls Firewalls Certification Authority
R OS - Technical! Open systems approach! Front end developed using mixture of standard HTML, JAVA applets, JAVA servlets! Interface DTD specifications are for XML! Compatible and tested with Screen Reader technology
R OS Registration Process " Step 1 " Application for a ROS Acces s Number (RAN) " Step 2 " Application for a Digital Certificate " Step 3 " Retrieve the Digital Certificate
ROS Registration Process
ROS Sign & Submit
ROS Usage to Date! 5,960 Digital Certificates issued! 57,256 on-line access requests to customer details! 56,344 Returns filed! 2.59 Bn collected in Business Taxes! 170m repayments
What s Next for ROS?! Enhanced Services for Customers! Returns from Financial Institutions! Environmental Levy! Vehicle Registration Tax! Capital Acquisitions Tax Returns! Payments using On-line Banking! More seamles s integration with 3 rd party software
ROS PKI -Summary " PKI " Satisfies Revenue business requirements " Revenue is own CA Baltimore hosting " Documentation overhead " Still needs security infrastructure " Can be customer friendly
Ho w did we get here? Su m mary! Board and Top Management Commitment! Planning! Consultation! Legislation! Outsourced the Development! Outsourced the Security! Flexible and Nimble approach to Project Management! Funding
Conclusions! ROS is a success elabel award Nov 2001! ROS is having a dramatic impact! ebroker will streamline Public Service delivery! egovernment not edepartment! The public are trusting secure Internet sites
ROS Contactinfo Colm Bermingham cberming@revenue.ie Revenue - ROS www.revenue.ie - www.ros.ie
Conclusion! There is a close relationship between adoption of E- Government and of E-Business! Governments play a strong role in the growth the E- Economy! Ireland is positioned well for this growth! ROS provides an excelent example of how E- Government can be implemented
!Jack Nagle! jnagle@baltimore.com