• Who we are. About Data Exchange m Agency, Our Activities and responsibilities.
• Shorty about cyber activities in Georgia, Legislation and Strategies and Actions.
• DEA Security and E-Government Projects.
• Information Security Activities.
By Irakli Lomidze
3. About Agency
Georgian Delegation
Irakli Lomidze
Head of the Information Security and Policy Division.
Vasil Tsvimitidze
Information Security Policy Manager
Zurab Akhvlediani
CERT Leading Specialist
4. Agenda
• INTRODUCTION About Georgia E-Development & Cyber Security
• FROM STRATEGY TO ACTION
• Introduction to information security.
• Building blocks of information security strategy, policies and
standards.
• Actions, roles and responsibilities.
• Our Current Projects & Future Plans
• BUILDING AWARENESS AND AWARENESS PROGRAM
• Common Threats and vulnerabilities
• Principles of awareness
• Planning and building of awareness program
• Awareness program
• GEORGIA CASE STUDIES
• 2008 cyber attacks during Georgian Russian war
• Latest incident (GEORBOT)
5. About Agency
LEPL Data Exchange Agency
Under Supervision on Ministry of Justice of Georgia
Agency has been established in January 2010
Main Directions:
• E-Government Development
• Information Security Improvement and
Development , Operate CERT.GOV.GE
7. http://www.e-government.ge/ 7
Public Registry Notary Chamber
Civil Registry
• Actual Status of Application • Archive of Technical Records • Notary visit online arrangement
• Apostil and Legalization • Business Registry • Registry of False Documents
• Applying for Citizenship • Cadastral Data • Unified Electronic Registry of Notary
• Consular Registration • E-Chancellery
• Electronic Registry of Applications • Lien and Tax Lien/Hypothec Registry
• Georgian Passports • Pledge/Leasing Registry
• Repeated Certificates of Civil Acts • Public Registry: video consultation
• Registry of Applications and Rights
National Bureau of Enforcement Ministry of Internal Affairs Patrol Police
• Debtor Registry • Driver`s License Knowledge Test Examples • Traffic Fines
• E-auction • Reservation of State License Plates
• Electronic Registry of Enforcement • Validity Extension - Internal Transit Plates
8. http://www.e-government.ge/ 8
Civil Ministry of Finance LEPL Financial Analytics Service
• Auto Customs Tariffs • Information Technology Virtual Zone
• E-Auction State Procurement Agency
• E-Budget
• E-declaration • Unified System of State Procurement
• E-Treasury
Ministry of Education and Science of Georgia
• Gambling Business Fees
• Information on Entrepreneurs • Buki - Learn With Joy
• Online Declaration for Public
Employees National Examination Center
• Online Payments • Online Payment: NAEC Service Fees
• Property Tax Rates/Coefficients • Online Registration for College Entrants
• Registry of Active Check Machines • Results: Unified Entry Examinations
• Registry of Charity Organizations
• Shipping Information and Customs Ministry of Labor, Health and Social Affairs of Georgia
Revenue Service • Birth/Death E-certificates
• Office of Revenue: E-Services • Healthcare Management Unified Information System
9. http://www.e-government.ge/ 9
Tbilisi City Hall Property Management Agency
• Confirmation Copy of Plot`s Attest • Electronic Auction
• Constructions: Determination of Permission • Land Parcel Marking/Selection
Necessity
• Determination of Building`s Red Lines Tbilisi Transportation Company
• Determination of Parameters for Urban
Development • Online Payment: Public Transportation Fines
• General Statement from Tbilisi Arch.
• Mark Off a Sketch Project of a Plot
• Online Reply from the Office of Architecture Public Service Bureau
• Preliminary Examination of Project Sketch • Employment in Public Sector
• The First Stage of Construction • Online Asset Declaration
• Search for Asset Declarations
Tbilisi Architecture
Central Election Commission
• Tbilisi Architecture - Online Services • Voters: Check Your Status
10. e–ID Project 10
e-ID Card
Features
• Contact Interface
• Personal Certificate for Authentication
• Personal Certificate for Electronic Signature
• Contactless Interface
• 14 Application Storage
Security
Tbilisi Architecture
11. Current Situation 11
Ministry Of
Ministry of Ministry of
Justice
Education Economy
CRA, NAPR
Se
es
s
S
c r vi c
ce
Service
r vi
er
s
vi
vi
es
Se
er
ce
S
s
ic es
Serv
Ministry of Services
Ministry of
Finacne Internal Affair
Se
r vi c
Services
s
i ce s
Services
ses
s es
ce
es
ce
i ce
vi c
vi c
Servi
Servi
v
r
rv
Se
Ser
r
Se
Se
Ser
vi ce s
Services
Se s
Se
rv Ser es i ce
s ce
i ce vi ic r vi
r
ce s Serv Ser
v
vi c
s
Se
es
Other
Governmental Bussines Bank Citizen
Agencies
12. Current Situation 12
Why is it bad ?
Ministry of
Education
Ministry Of
Justice
CRA, NAPR
Ministry of
Economy Systems Integration
• Needs deeper integration
• They are builds on different Platforms
s Se
es
Se
ce Service r vi
vi
vi c
r
s ce
vi c
r
Se
r
s
Se
es
ic es
Serv
• Difficult to add new organization
• Difficult to add or change service
Ministry of Services
Ministry of
Finacne Internal Affair
Se
rv i ce
Services
s
ices
Services
s
s
e
s
es
s e
i ce
i ce
Servic
Servic
vi c
• …
v
r
rv
rv
Ser
Se
Se
Se
Se
Ser
vic es
s
Services
Communication
Se
Ser es s ce
rv vic ic i ce vi
r
i ce es Serv rv
vi c
s Se r
Se
• High cost of Communication Lines
es
• Difficult to maintenance
• No effective Security
Other
Governmental Bussines Bank Citizen
Agencies
• …
13. Evolution 13
So what’s Next ??
Ministry Of
Ministry of Ministry of Mystery of
Justice Justice
Education Economy
CRA, NAPR
Ministry of
Citizen
Finance
Se
es
es
Se
ic Service r vi
vi c
r
rv s ce
vi c
Se
r
s
Se
es
ices
Serv
Ministry of Ministry of Bank Ministry of
Services
Finacne Internal Affair Education
Se
rv i ce
Services
s
ices
Services
s
s
e
s
es
s e
i ce
i ce
Servic
Servic
vi c Data Exchange Agency
v
r
rv
rv
Ser
Se
Se
Se
Ser
vic es
Se s Services
Se
Ser es s ce
rv vic ic i ce vi
r
i ce es Serv rv
vi c
s Se r
Se
es
Ministry of
Business
health
Other Ministry of
Other
Governmental Bussines Bank Citizen Internal
Ministries
Agencies Affair
14. Data Exchange Infrastructure 14
G3 Georgian Governmental Gateway
G3
• Integration
– Systems written in different platforms integrated.
– Information exchange between systems are unified and standardized.
– Single Place to connect to all governmental services.
– Open API & Developer Portal for th-3rd Party Developers or Companies.
• Sustainability
– Garlanded message delivery.
– Information does loose even when you are offline.
– Mitigate problems when have high loads on systems.
• Security
– Communication Lines are Secured. (VPN, SSL, Lawyer 2)
– Data Exchange Messages are Secured (Encryption, Signature, Times tamp)
– Services are Secured (Access Management on Services)
15. Data Exchange Infrastructure 15
G3 Georgian Governmental Gateway
Benefits
• Better Information Management
– Project RoR Unified Registry of Registries.
– No Proprietary Data Traffic.
– No Data Duplication .
– More Effective budgeting on information system.
• Transparency
– Who is requiring information about you
16. Citizen Portal 16
G3 Georgian Governmental Gateway
• Citizen Portal (www.my.gov.ge)
– Single Point for Citizens get all governmental e-Services.
– Getting information about your self.
– Communal Payment.
– Granted Mail Delivery.
– News about projects in government.
17. Trade Netowrk 17
G3 Georgian Governmental Gateway
• TradeNET
Single Point for creating/exchange all necessary document for traders.
– Reduce of price per container.
– Reduce time of serving.
– No paper works and document physical delivery needed.
20. Information Security & Policy Division 20
Information Security
CERT Team
Team Computer Emergency Response Team
Development & Implementation of Handling Cyber Security Incidents
Information Security
Standards, Policies and Guidelines
Legislation Works: Strategies, Laws, Normative Acts
Awareness raising Activities
21. Data Exchange Agency 21
Our Responsibility Segment
Information security policy
development, implementation, monitoring, development.
Public Sector +
Critical
CERT.GOV.GE (Computer Emergency Response Team) Creation Military Infrastructure
Georgian Governmental Network GGN Monitoring
Secret
CA (Certificate Authority) –Monitoring
22. Cyber Space in a space that needs to be defended 22
Earth Water
Air Cyber
25. Information Security Team 25
We are members of:
The Cyber security Executing Arm Of The UNITED NATIONS
SPECIALISED AGENCY of The International Telecommunication Union (ITU)
All our Team members are BSI/ISO trained
Professionals. They have multiple year experience
working on Information Security Field.
All our Team members are BSI/ISO trained
Professionals In ITIL.
In our Team we have Professionals in MOF.
26. Developing, Implementing Information Security Policy 26
Legislation
• Cyber Crime chapter on Crime Code. Updated in 2010
• Protecting Personal Information Law. 2012
• Drafting Information Security Law. 2012
• Cyber Security Strategy. 2012
• Normative regulations … on Going Process
These legislation acts do not cover state secret of military sectors
27. Developing, Implementing Information Security Policy 27
Information Security Implementation
• Information Security Policy for Ministry of Justice 2010
• Info Sec Policy Ministry of Economy and Ministry of Health 2011/2012
• Standards and procedures for Information Security. 2010-2012
• Operation management standards and guidelines. 2012
• Localize and adaptation ISO 27000 Series Standards. 2011
• Trainings Course for Information Security Implementation. 2012
28. Developing, Implementing Information Security Policy 28
Awareness
• Creating Web Site with Cyber Security Articles 2011-2012
• Creating Calendar with Cyber Security Threads. 2012
• Presentations on Information Security & Risk. 2010-2012
• Project with IMPACT Planning in 2012
• Annual GITI Georgian IT Innovation Conference 2008-2012
30. CERT.GOV.GE (Computer Emergency Response Team) 30
Founded in 2011
We are members of:
The Cyber security Executing Arm Of The UNITED NATIONS
SPECIALISED AGENCY of The International Telecommunication Union (ITU)
The Trusted Introducer - a.k.a. TI - is the trusted backbone of the
Security and Incident Response Team community in Europe
Certifications:
All Our Team members are Certified by SANS GIAC
32. CERT.GOV.GE (Computer Emergency Response Team) 32
Incident Responding
• Helping solve Cyber Incidents for our customers. 2011
• Incident Reporting Portal with ticking systems. 2011
• National Incident Database. 2012 on going.
• Analyzing cyber resources for the vulnerabilities. 2011
• Partnership with other CERTs over the world 2011-2012
33. CERT.GOV.GE (Computer Emergency Response Team) 33
CERT Services
• Penetration Test Service. Since 2011
• IP Monitoring Services. Since 2012
• Source Code Analyze Service. Since 2012
• Tannings for Incident Handling 2012 on going Project.
34. CERT.GOV.GE (Computer Emergency Response Team) 34
Other Plans for 2012.
• Creating local volunteer groups for better Defense of cyber space of Georgia.
• An Intrusion Detection System (IDS) and Network Monitoring Sensors
36. Next Presentations for Today 36
From strategy to action
• Introduction to information security.
What is information security, threat, risks, vulnerabilities, basic terms and definition?
• Building blocks of information security strategy, policies and standards.
Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of
different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information
security management system depending on international information security standard (ISO 2700x).
• Actions, roles and responsibilities.
What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security
professionals.
• Our Current Projects & Future Plans
About IP Monitoring Services, About Network Sensors, About Penetration Services, About Source Code Analyzes, Information
security policy implementation, Information security audit, Information security trainings.
By Vasil Tsvimitidze
37. Next Presentations for Today 37
Building awareness and awareness program
• Common Threats and vulnerabilities
Types and examples of information security threats: Unauthorized Access, Cyber Espionage, Malware, Data Leakage, Mobile
Device Attack, Social Engineering, Insiders, Phishing, System Compromise, Spam, Denial of Service, Identity Theft.
• Principles of awareness
Main principles tool and techniques for awareness rising.
• Planning and building of awareness program
How to plan information security awareness program taking to note cultural differences, available resources and objectives
• Awareness program
Hands on development specific awareness program, depending on Georgian practice. Defining awareness program and identify
priorities. Identification of success assessment metrics. Development or localization materials for government
organizations, business companies and citizens.
By Vasil Tsvimitidze
38. Next Presentations for Today 38
Georgia case studies
• 2008 CYBER ATTACKS DURING GEORGIAN RUSSIAN WAR
Facts Of The Case, Methods Of Cyber Attacks, Defacement Of Websites, Dos And DDOS Attacks, Distribution Of Instructions And
Malicious Software, Cyber Blockade, Sites Providing DDOS Attack Tools, Part Of The Information War, Origin Of The Attacks,
Russian Business Network, Countermeasures
• LATEST INCIDENT (GEORBOT)
Introduction, Identification, Attack Vectors, Malware Analysis, Bot Panel Analysis, Decrypting Communication, Cooperation with
CERT/ MS /ESET, Countermeasures, Incident Responding Chronology, Methods, Origin of the Attack, Unmasking, Bot master/
Attackers
By Zurab Akhvlediani
39. Lab for Second Day. 39
Basic incident handling
• PART1 PCAP TRACE ANALYSIS – SERVER SIDE ATTACK
Task 1: Introductory scenario, fake web server vulnerability exploitation step-by-step
Task 2: Dabber scenario
• PART 2 PCAP TRACE ANALYSIS – CLIENT SIDE ATTACK
Task 1: Drive-by download without fast flux
Task 2: Drive-by download with fast flux
By Zurab Akhvlediani
40. Q/A 40
Contact Information:
The Ministry of Justice
Data Exchange Agency
Tbilisi, Georgia 0102
Tsminda Nikolozis/Nino Chxeizis St. N2
Phone: +995 (32) 2 91 51 40
E-mail: info@dea.gov.ge
Ilomidze@dea.gov.ge
Hallo, everyone, My Name is Irakli Lomidze, I’m represent Georgian delegation to this event. I want tell many hanks for our Turkish colleges to organize this nice event.
Few Word About Country, that we represent here. We are from Georgia. Georgia is located between Black and Caspian see. Our Nabors are Turkey, Azerbaijan, Armenia and Russia. Total Population is about 4.6 Million. Official Language is Georgian and Also Abkhazian. Area is about 70 000 km sq. Capital is Tbilisi, this is very nice city I surges to visit it.We get Independence after Russian 200 year occupation in 1991. After 1991 we had 3 war with Russian federation.Last one was in 2008, in this war first time was used Cyber attach with armed attack, we have special presentation for them.
I would like introduce our team.
Our Sessions will continue during 2 days. And there is a our Agenda.Introduction: Who we are. Our Activities and responsibilities, Shorty about cyber activities in Georgia Legislation and Strategies.DEA Security and E-government Projects, Information Security Activities.Basic Introduction on Information Security: What is information security is, Overview Information Security Standouts, Overview Series ISO 2700x Standards,Introduction on ISO 27001. Cyber Attacks During Georgian Russian War. Facts Of The Case, Methods Of Cyber Attacks, Defacement Of Websites, Dos And DDOS Attacks, Distribution Of Instructions And Malicious Software, Cyber Blockade, Sites Providing DDOS Attack Tools, Part Of The Information War, Origin Of The Attacks, Russian Business Network,CountermeasuresLATEST INCIDENT (GEORBOT): War is not over !. Introduction, Identification, Attack Vectors, Malware Analysis, Bot Panel Analysis, Decrypting Communication, Cooperation with CERT/ MS /ESET, Countermeasures, Incident Responding Chronology, Methods, Origin of the Attack, Unmasking, Bot master/ Attackers ABOUT INCIDENTS Handling & CERT: What are cyber incidents?Incidents Types. Virus, DDOS, Exploit …Incidents Categorization (ENISA Standards, NIST Standards, ISO Standards).Identify required resources. What staff, equipment, and infrastructure are needed to operate the CERT?Determine your CERT funding. How is the CERT funded for its initial startup and its long-term maintenance and growth?BASIC INCIDENT HANDLING: This exercise provides students with experience of real-life incident reports, their ambiguity and complexity. With exercises.MALWARE: General Introduction, Types of malware, what is a virus.Examples of malware activities.Malware Types, Evolution of Malware, Malware Behavior Analyzing Techniques, Monitoring OS Changes Monitoring Malware Generated Network Traffic. Tools and Distributions for Analyzing Malware. Online Services, For Malware Analyze.NETFLOW ANALYSISThe objective of the exercise is to familiarize students with standard network monitoring tools, analysis of network security events. With exercises.FORENSIC ANALYSISLog file AnalysisBrowser History InspectionInternet Activity InvestigationRestoring Deleted FilesSecurely Wipe DataCapturing Evidence (Live CD) Using ToolsOUR CURRENT PROJECTS & FUTURE PLANSIP Monitoring Services, Network Sensors, Penetration Services, Source Code Analyzes.
Name of our Agency is “Data Exchange Agency”LEPL Means, Legal Entity of Public low, I don’t know if same types of governmental structure exists in your country.But in few words this is governmental organization witch allowed to have self income. For example sell Governmental Electronic Services.This Organizations is working under supervision of Ministries, our Agency is under the Ministry of Justice of Georgia.
Since 2003 year, situation on Georgia radically changed. Georgian Government Started developing E Services for Citizens and for Business. It makes life easier. All Major Governmental Structures started developing its IT infrastructures. In 2010 our agency has been lunched web site http://www.e-government.ge/ on this site there is a list of e services that Georgian governmental structures is providing.All structures is rapidly developing and this list might be not full. New e-services is coming every week.
You can visit this site and see e-services that is already developed and working.
You can visit this site and see e-services that is already developed and working.
You can visit this site and see e-services that is already developed and working.
You can visit this site and see e-services that is already developed and working.