Thailand e-Government Roadmap

1

Thailand e-Government
e-
Roadmap

2

Agenda

• Overall the ICT Thailand status.

• The ICT Master Plan No. 2, ICT 2020.

• Thailand e-government status.

• Development of Thailand e-government.

3

ICT Indicators for Thailand on the world stage.
stage.

Source: The Economist Intelligence Unit

4

e-readiness rankings

Source: The Economist Intelligence Unit

5

Networked-
Networked-Readiness Rankings

Source: WEF

6
ICT Indicators for Thailand on the world stage

 The big problem Thailand's ICT development in all the
indexes. The availability of infrastructure, information
Which are still inadequate and not evenly spread. To
the development and utilization of ICT to the amount
of knowledge. Business development services of
government. Can not be effective.

7

Overview of the Thailand telecommunication

Compare the proportion of people with fixed line phones
Unit: per 100 people

Source : IMD World Competitive Year Book 2007

8

Overview of the Thailand telecommunication

High-speed Internet

Year 2550, Thailand has Penetration Rate 2.1%, while in Malaysia.
Year 2549 , Thailand ha Penetration Rate 4.6% , in 2553 Malaysia the targets go to 7%.

9
Broadband Internet use trends of world, regional, and Thailand

Structure of Broadband Internet in the world

Growth -10.6 %

Growth 73.9 %

Source: Gartner (November 2008)

10

Number of broadband and Narrowband in Thailand

ที่มา: Gartner (November 2008)

11

Structure of Broadband Internet in Asia Pacific

Growth -4.3 %

Growth 31.6 %

source: Gartner (November 2008)

12

Internet Usage Growth (Daily Page view) source: truehits.net
(Daily

13

Thailand ICT Master Plan
2009-2013

14

Vision of the Thailand master plan for ICT.

Thailand is a rich intellectual society.
(Smart Thailand) with ICT

Rich social intelligence "here means. Social development and use of information technology and
communication wise. Using the guidelines of the sufficiency economy philosophy. People have all levels
of intelligence (Smart People) and knowledge of information (Information Literacy) to access and use of
information as a critical moral and ethical literacy. Benefits to themselves and society. The management of
information technology And communication with Governance (Smart Governance) to support the
development to Economic and social base of knowledge and innovation, sustainable and stable

15

Vision - Mission - Objectives
Objectives
Mission
1. To improve the quantity and
1. To develop manpower in capability of manpower.
Vision 2. A Governance and
quality and sufficient .
“SMART” management of ICT
Thailand 2. To Develop ICT Governance in the national
broadband infrastructure. 3. To support the restructuring of
production towards value-
3. To ICT management added products and services.
system with Governance 4. to make strength the
Governance. community and individuals.
5. A business and industrial
potential of ICT.

Targets
16

 At least 50% of people have access to knowledge and use
of ICT is critical, and literacy.

 Enhance the availability of ICT in the Networked Readiness
Index in the Top quartile (25%).

 Proportion of industrial value-added ICT.
The GDP of not less than 15%.

17

Development strategy

SMART
Thailand
Use ICT to support the Governance and Use ICT to enhance the sustainable
governance in the management of public competitiveness. 6
services. 4 (Strategic Sectors, SMEs)
Hardware Software Communication
3
ICT Infrastructure development. Capacity of the ICT industry.
5
2 Management of ICT with good governance
(Institutional arrangement, Rules and Regulation, Financing, …)

1 Manpower Development. People)
(ICT Professionals and “Information-Literate”

18

SMART Thailand 2020
Stronger Economy Social Equality Environmental
Friendly
Smart Environment
Smart Agriculture Smart Health
(ICT for Green &
Smart Services Smart Learning Green ICT)

Smart Government
ICT Human Resources and
ICT Infrastructure ICT Industry
ICT Competent Workforce
ICT 2020 Framework

19

ICT2020: Key Success Factors
ICT2020:

Smart
Thailand
2020

The government must communicate a clear
public. ICT / Broadband as a National agenda.

Must provide the structure of the implementation status and supervise
the ICT Agenda driven a clear and practical to drive must come from
top management.

20

Leadership and Governance Structure
Improve the composition and structure of authority of the NITC and the need
to follow-up meeting at least once a quarter.

The agency of the Ministry of ICT has served as the Executive Office of Public
Information (Government Chief Information Office: GCIO) is a central agency
to coordinate and drive the country's ICT agenda, preparation of policy and
master plan. Evaluation. Should have the flexibility to work

To agencies responsible for the strategic focus following.
– National Cyber Security Agency
– Government Information Technology Services

21

Leadership and Governance Structure

To the mechanism of linkages of the NITC and other national committee.
The responsibilities related to some dimensions of ICT development such as
– Electronic Transaction Committee
– Commission created the National Economic Policy.
– Board of Governor of the National Telecommunications and new series
will follow the law.

22

Development of Thailand
e-government

23

Thailand e-Government Development Beneath the Iceberg
e-

Political will Civil Servant
And support Attitudes
HRD CIO/CEO - CIO Training
- Ministry of ICT National Operation - CIO Forum
- National ICT Committee Program
Center - CIO Conference
- e-Commerce
Computer and
Resource Center
Network e-Commerce
Information - G to C
Infrastructure Infrastructure - G to B
Infrastructure
- Government IT Services - e-Procurement
- Government Information Network Security & Rules & Regulations - e-Tax
- Gov Data Infrastructure - e-Citizen
- SchoolNet Policy Legal Infrastructure
- Gov News Exchange - PKI - e-Marketplaces
- Gov Data Exchange - ThaiCERT
Information - Gov Interoperability Standard - Computer Crime Law - Electronic Transactions Act
- Government CA Service - Data Protection Law
in every
- NII Law, EFT Law
organization

27

Development of Thailand e-government
e-

Ministry of ICT. To plan the direction of development of e-Government
Year 2548-2551 (e-Government Roadmap), which set important plans in
the development of management systems. And services sector of the
country. To a concrete result.
 Infrastructure : Infrastructure development, information technology and communications.
 Services : Development of public services through electronic systems.
 Regulation : To improve law and regulations.

28

E-gov Roadmap
Phase 1 by the year 2553.
C-Government targets or Connected Government that links
Milestones of the between government agencies in providing e-Services.
Ministry of Information and
Communication Technology is Phase 2-3 by the year 2554-55.
The m-Government Mobile Government or the links
committed to transform the
between government agencies through mobile phones and
administrative process. And other mobile computing devices. In providing e-Services.
government services through
modern technology. To facilitate the Phase 4 by the year 2556
A u-Government Ubiquitous Government or the links
public. Efficiently Quickly and between government agencies. Through multiple channels.
thoroughly. In providing e-Services at any time and any time a service
E-Government. is 24x7.
(e-Government) is considered as a Phase 4 by the year 2557
change management system, The T-Government Transformed Government or the
government system and public government or through conversion of the definition of the
United Nations. The government closer to people from all
service. Government policy that
sectors. A link between government agencies. Through
secures the needs of the people at multiple channels. In providing e-Services at any time and
the center (Citizen Centric). any time a service is 24x7.

30

Introduction to PKI
and Trust Model

31

Agenda
 Why Do We Need PKI?
 Cryptography Technology
 Public Key Infrastructure (PKI)
 Certification Authority (CA) & Certificates
 Use of Certificates
 Trust Model
– Hierarchy
– Cross Certification
– Bridge CA
– Cross Recognition
– Certificate Trust List

32

Why Do We Need PKI?
Data Disclose
Hello Alice Hello Alice

Internet

Hello Alice
Sender Receiver
Intruder / Hacker

Confidentiality

33

Why Do We Need PKI? (2)
(2
Data Alteration
I love you I hate you

Internet

I hate you
love
Sender Intruder / Hacker Receiver

Integrity

34

Why Do We Need PKI? (3)
(3
Identity in the Cyber World :
Authenticity Non-Repudiation

from: Bob@hotmail.com

Bob@hotmail.com

Alice@thaimail.com
from: Bob@hotmail.com

John@yahoo.com

35

Why Do We Need PKI?(4)
PKI?(4
4 functions are provided by PKI
 Confidentiality
Ensure that nobody can get knowledge of what you transfer.
 Integrity
Ensure that message has not been modified during transmission.
 Authentication
You can verify the person you think you’re talking to.
 Non-repudiation
Sender cannot be denied being associated with it.

36

Cryptography Technology

Symmetric Key
 Use the same key for encryption and decryption

Encryption Decryption
Buy 500 items + = $%c@!f4)e_&7# $%c@!f4)e_&7# + = Buy 500 items

The same key (Pre-shared secret)

Advantages: Disadvantages:
 Faster than Asymmetric Key  Key Management
 Use for encryption  Difficulty of secure key
distribution

37

Cryptography Technology (2)
(2

Asymmetric Key
 Use different keys for encryption and decryption

Encryption Decryption
Buy 500 items + = $%c@!f4)e_&7# $%c@!f4)e_&7# + = Buy 500 items

Different Keys
(Key Pair : Private Key & Public Key)

Advantages: Disadvantages:
 Systematic Key Management  Slower than Symmetric Key
 Use for encryption,
authenticity, integrity and
non-repudiation

38

(3

Asymmetric Key

Private Key
 Kept secret.
 Know only to the owner.

Public Key
 Stored in a location that is accessible by
everyone.
 Don’t keep secret.

39

(4

Asymmetric Key Usage

Encryption
Ensure the data will be kept secret.

Confidentiality

Digital Signing
Authorize sender and ensure Data Integrity.
Integrity
Authentication
Non-repudiation

40

Public Key Infrastructure (PKI)

What is PKI?
 Public Key Infrastructure (PKI) is a system of
digital certificates, Certification Authorities
(CA), and other registration authorities that
verify and authenticate the validity of each
party involved in an internet transaction.

41

Public Key Infrastructure (PKI) (2)
(2
PKI Components

Certification Authority
(CA)

Repository

Registration
Authority (RA)

End Entity
(EE)

42

 Certification Authority (CA): CA issues digital
certificates for proving their identities.

CA

Mr. A
Web Server C

Digital
Mrs. B Digital
Certificate
Certificate
Digital
Certificate

Secure Transaction Secure Transaction

Mr. A Mrs. B Web Server C

43

What is Certificate?
Digital Certificate
 An object used to bind the
identity of end entity to its
- End Entity Information
public key.
- End Entity’s Public key
 Contains attributes about - Certificate Information
the end entity. - CA’s Digital Signature

 Issued and digitally signed
by Certification Authority
(CA).

44

Certificates
Example of Certificate

45

Certificates

Example of Certificate Types
 Personal Certificate
 Organizational Certificate
 VPN Certificate
 SSL Certificate
 Code Signing Certificate
 etc.

46

Certificates
Certificate Life Cycle Management
- key archival
Creation
- key recovery

- link public key to certificate
- used to identify EE

Expiration Registration
- certificate expired - register to RA
- certificate revoked (publish CRL) - verification: information of EE
- certificate issuance: by CA

Distribution

- transmitted by owner
- stored in repository for later retrieval

47

Uses of Certificate
General Uses of Certificate
 Secure e-mail (S/MIME)
 Secure Document
 Secure Socket Layer (SSL)
 Time Stamp service
 etc.

Specific Uses of Certificate
 e-Tax

 e-Procurement
 e-Invoice
 etc.

48

Uses of Certificate (2)
(2

Example of PKI Applications
 S/MIME
 Microsoft Office Outlook
 Mozilla Thunderbird
 SSL
 Microsoft Internet Explorer
 Mozilla Firefox

 Secure Document
 Microsoft Office
 OpenOffice.org

49

Trust Model

 Hierarchy
 Cross-Certification
Cross-
 Bridge CA
 Cross-Recognition
Cross-
 Certificate Trust List

50

Trust Model
Hierarchy
Root CA Root CA
Intermediate CA
End Entity Certificates
CA1 CA2

CA 1.1 CA 1.2 CA 2.1 CA 2.2 The simplest approach to a PKI
framework is to have a single root
CA. Root CA holds all certificates;
all users refer to and trust it for all
transactions. Also intermediate CAs
are trusted because the root CA,
which certifies it, is trusted.

51

Trust Model
Hierarchy (2) - Analysis
(2
Advantages Disadvantages
• Simply validation - Certificates can be traced • If the root CA is compromised, the entire
back through the hierarchy for validation system is affected
• Low costs due to simplicity of system • The system is not well-suited to complex
• Usually high interoperability, if standards deployments such as international trade
are followed • A high degree of consensus is needed at
• Uniformity – the root CA specifies policies design time
which bind all elements of the system – but • Acceptance of single authority by all users is
centralized policies are not well-suited to necessary, and may be difficult to achieve
national or multi-national deployment (particularly in international contexts)
• The technical and administrative workload
of the CA is enormous for large deployment

Reference: Galexia

52

Trust Model
Cross-
Cross-Certification
Cross-Certify Root CA
CA 1 CA 2 Intermediate CA

CA 1.1 CA 1.2

EE2

Cross-Certification (CC) model is
one of the several models, which
EE1.1 EE1.2 a CA issues a cross-certificate for
another CA in order to initiate
trust to each other. So, Users can
verify unknown CA by cross
certify.

53

Trust Model
Cross-
Cross-Certification : Full Mesh
CA
CA CA
CA CA
CA

CA CA
CA CA

CA

CA
CA CA CA

CA CA

Every CAs need to be cross-certified by all other CAs in the network.
Number of cross-certificates = n x (n-1); n = number of CAs

54

Trust Model
Cross-
Cross-Certification : Partial Mesh
CA

CA CA

CA CA

CA
CA

CA

CAs do not need to be cross-certified by all other CAs in the network.

55

Trust Model
Cross-
Cross-Certification (3)
(3

CA1 CA2

Subject: CA2 Subject: CA1
Issuer: CA1 Issuer: CA2

Certification Path: Certification Path:
- CA1’s user receives a message from - CA2’s user receives a message from
CA2’s user. CA1’s user.

cross-certificate CA2 cross-certificate
CA1
CA2 by CA1 CA1 by CA2
EE2 CA 1.1
EE1.1

56

Trust Model
Cross-
Cross-Certification (4)
(4
• No central authority means no critical point • In case of many CAs are in domain, cross-
of failure certification can be expensive, and must be
• No need for universal consensus; only performed multiple times by each CA
between CAs as needed to form trust • Poor scalability in a Full Mesh – each new
relationships CA must be compatible with CAs already in
• High interoperability – but only if this the network
already exist at the time of cross-certifying • Multiple points for validation process to fail
(in a Partial Mesh)

Reference: Galexia

57

Trust Model
Bridge CA
Bridge CA
Bridge CA Root CA
Intermediate CA
Cross-Certify Cross-Certify End Entity Certificates

CA 1 CA 2

This model are combines
CA 1.1 CA 1.2 aspects of both the hierarchy
model and the cross-
EE2
certification model. It reduces
number of cross-certificates
by requiring only one pair of
EE1.1 EE1.2 cross-certifications for each
CA.

58

Trust Model
Bridge CA (2)
(2

Cross-Certify Cross-Certify
Root CA Bridge CA Root CA

CA CA CA CA
Cross-Certify

Root CA

CA CA

number of cross-certificates = n x 2; n = number of CAs

59

Trust Model
Bridge CA (3)
(3
CA1 Bridge CA CA2

Subject: CA1
Issuer: Bridge CA
Subject: Bridge CA Subject: Bridge CA
Subject: CA2
Issuer: CA1 Issuer: CA2
Issuer: Bridge CA


CA1 CA2

Bridge CA by CA1 Bridge CA by CA2 cross-
cross-
certificate CA 1 by Bridge CA certificate
CA 2 by Bridge CA
EE2 CA 1.1
EE 1.1

60

Trust Model
Bridge CA (4)
• Scalability – new CAs need only cross-certify • The validation fails if the bridge CA is
with the bridging CA compromised (although individual CAs can
• Interoperability – CAs cross-certify continue to operate on their own)
individually with bridging CA • All parties involved must recognize the
validity of the bridging CA
• High workload on the bridging CA as system
grows

Reference: Galexia

61

Trust Model
Cross-
Cross-Recognition
Root CA
CA 1 CA 2 Intermediate CA

CA 1.1 CA 1.2

EE2 Cross-recognition model (CR) is
Cross-recognize
different from cross-certification
models because it is recognition
between users and CAs instead of
EE1.1 EE1.2 recognition between CAs. So, the
decision whether or not to trust a CA
ultimately falls to the user.

62

Trust Model
Cross-
Cross-Recognition (2)
(2

CA1 CA2

Install CA2’s Certificate Install CA1’s Certificate

EE1.1 EE2


CA2 CA1
EE2 CA 1.1
EE 1.1

63

Trust Model
Cross-
Cross-Recognition (3)
• Only the certificates of the breached CA are • the decision whether or not to trust a CA
affected ultimately falls to the user
• Largely remove the need for technical • users must be better-informed than in other
compatibility between CAs, only at the models because the decision to trust the
application level (e.g. a user’s software must certificate rests with them and not their CA
be able to process the information in a
given certificate)
• Allows entirely distinct CAs into
interoperation easier

Reference: Galexia

64

Trust Model
Certificate Trust List
Publishing Authority Root CA
Intermediate CA

CTL Signing Entity Certificates

Digitally sign

CA1
CA2
CA3
The Certificate Trust List (CTL) is a list of
… CAs’ certificates from a trusted authority.
The list itself is digitally signed to ensure
its integrity and accuracy.
CA 1.1 CA 1.2

EE1.1 EE1.2 EE2

65

Trust Model

Certificate Trust List (2)
CA1 Publishing Authority CA2

Install Certificate Trust List Install Certificate Trust List
EE1.1 EE2

Publishing Authority Publishing Authority
CTL Signing Entity CTL Signing Entity
Certificate Trust List Certificate Trust List
CA1 CA2
CA1.1 EE2
EE1.1

66

Trust Model
Certificate Trust List (3)
• High scalability • The single publisher of the trust list must be
• Generally low costs (but this can increase, recognized by all parties
depending on the implementation) • Potential difficulties in distributing up-to-
date versions of the trust list
• Single point of failure (the trust list and/or
trust list authority) although individual CAs
would continue to function

Reference: Galexia

69

Mission
The Office of U.S. Foreign Disaster Assistance (OFDA) is
the office within USAID responsible for facilitating and coordinating
U.S. Government emergency assistance overseas. As part of
USAID's Bureau for Democracy, Conflict, and Humanitarian
Assistance (DCHA), OFDA provides humanitarian assistance to save
lives, alleviate human suffering, and reduce the social and
economic impact of humanitarian emergencies worldwide.

70

Role and Responsibility

 OFDA responds to all types of natural disasters, including earthquakes,
volcanic eruptions, cyclones, floods, droughts, fires, pest infestations, and
disease outbreaks. OFDA also provides assistance when lives or livelihoods
are threatened by catastrophes such as civil conflict, acts of terrorism, or
industrial accidents. In addition to emergency assistance.

 OFDA funds mitigation activities to reduce the impact of recurrent natural
hazards and provides training to build local capacity for disaster
management and response.

72

Early warning System

1. Establishment of Standard Operating Procedure (SOP)

2. Receiving data from inter-and international agencies

3. Data Analysis

4. Dissemination of warning message

5. Planning, coordinating, monitoring and evaluating the warning,
response and mitigation process with provincial governments
and Department of Disaster Prevention and Mitigation in
emergency response and mitigation, and evacuation drills
Reference:
National Disaster Warning Center Thailand

73

Sea Level Change Meansurement

Proposed

 Deploy at 9’N 89’E in late 2006
 Deploy at 4’N 90’E in early 2006

Reference:
National Disaster Warning Center Thailand

74

Tsunaneter Mooring System

76

Challenges

 There are many actors in disaster management system in Thailand.
It is a big challenge to give an equal or suitable role to all

 As Thailand is “not much” a disaster prone country, to make the
disaster risk reduction on top of the National Agenda is not an easy
job

 The challenge will be on the shoulder of DDPM, as the National
Focal Point in Disaster Management, to start the process of linking
national mechanism with the AADMER

Reference:
ASEAN DEFENCE ESTABLISHMENTS AND CIVIL SOCIETY ORGANISATIONS (CSOs)
COOPERATION ON NON-TRADITIONAL SECURITY ( Disaster Management )

77

The Road Ahead

 Establishment of a national committee (or sub-committee under the
National DPM Committee, that would be directly responsible for the
Implementation of the Agreement

 Formulation of National SOPs (Request and Offer Assistance)

 Establishment of SAR team, ERAT relief teams that has the
international capacity

 Make the AADMER more widely known to other agencies/organizations
and have more engagements from them

Reference:
 Others ASEAN DEFENCE ESTABLISHMENTS AND CIVIL SOCIETY ORGANISATIONS (CSOs)
COOPERATION ON NON-TRADITIONAL SECURITY ( Disaster Management )

78

UN role

 Define the proper scale of the problem and solution.

 The system must be:
– Fully owned by the Indian Ocean Rim countries
– Based on international multilateral cooperation
– Based on the open and free exchange of data
– Protect all countries in the Indian Ocean Basin
– Transparent and accountable to all members

Reference:
Patricio A. Bernal, Executive Secretary IOC ,The Indian Ocean Tsunami Warning System: A Progress Report.

78

79

How does it function?

 Is based on the joint operation of international networks of
detection connected with national tsunami warning centres

 UN governance provided under the IOC

 Each nation is responsible for issuing warnings in their
territory and protect its own population.

 National centres must have strong links with emergency
preparedness authorities (national, provincial and local)

Reference:

79

80

Where are we now?

 A single system being planned

 All countries of the Indian Ocean participate

 Tsunami advisory information provided from centres in Hawaii and Tokyo.

 National focal points designated in 14 nations

 Governance of UN/IOC accepted in Paris

 Full scope of the task recognized: multi-nation (27), multi-year (>3)

 Beyond the emergency: transition to reconstruction and development phase.

 Joint UN implementation: IOC,WMO,ISDR,UNDP
Reference:
80

81

Thank you for your attention

82

Presented by

NANTAWAN
WONGKACHONKITTI

83

Supported by

Onion Head
Siriporn Pongvinyoo
mrkokung@hotmail.com

Thailand e-Government Roadmap

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie Thailand e-Government Roadmap

Ähnlich wie Thailand e-Government Roadmap (20)

Mehr von siriporn pongvinyoo

Mehr von siriporn pongvinyoo (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Thailand e-Government Roadmap