information & cyber defense capabilities in...

Information & Cyber Defense

Capabilities In Georgia

Tbilisi, 17 December 2015

Irakli Lomidze

Overview

Cyber & Information

Security In Georgia

Institution Organization In Georgia

Ministry of Justice

Data Exchange Agency

MoIA Cyber Crime

Division 24/7 International

Contact Point

Ministry of Defense

Cyber Security Bureau

State Security and Crisis

Management Council

been established in January 2014

Under the Direct Subordination of the Prime-Minister

has been established In December 2012 as a

Structural Unit of the Ministry of Internal Affairs

Cybercrime division is the only agency

that has Investigatory functions on all

types of Cyber Incidents;

established in 2014 Under Supervision of

Ministry of Defense of Georgia (MoD)

Public

Sector

+ SCIS

State

Secret

Military

Public

Sector

+ SCIS

State

Secret

Military

Public

Sector

+ SCIS

State

Secret

Military

Has been established in January 2010

Under Supervision on MoJ of Georgia

1) E-Government Development

2) Information Security Development.

3) CERT.GOV.GE Operate.

Legislation

Legislation

Cyber Security Strategy

for 2013–2015

National Security

Concept and Threat

Assessment Document

1. Information Security Law (2012)

2. Personal Data Protection ( 2012)

3. Cyber Crime Chapter on Crime Code. (U 2010)

4. Criminal Procedural Code (August 2014

Amendments)

5. List of Critical Informational Infrastructure

1. Budapest Convention on Cyber Crime All Major

IPR Conventions

2. Processing of Personal Data Conventions (1981)

• CERT.GOV.GE Computer emergency Response Team Charter

• Presidential Decrees Approval List of Critical Information System Subjects.

• Requirements of Information Security Officer working in Critical Information System Subjects.

• Order of Network Sensor Configuration.

• Order of Minimal Security Requirements for Critical Information System Subjects.

• Order of Asset Management Requirements for Critical Information System Subjects.

• Order of Information Security Audit Body Accreditation.

• Order of Information Security Audit Requirements in Critical Information System Subjects

• Order on Computer Emergency Response Team - Legal Entity under Public Law of Cyber Security Bureau

• Order on the Minimal Requirements for Information Security

• Order on the Rules for Information Asset Management.

CYBER SECURITY STRATEGY OF GEORGIA

Strategy for 3 year 2013-2015 with Action plan

Basic Principles – Cyber Security Strategy

• Whole-of-Government Approach.

• Public-private cooperation.

• Active international cooperation.

1. Research and analysis

2. New legislative framework

3. Institutional coordination for ensuring cyber security

4. Public awareness and education

5. International cooperation

Content of Strategy

Information Security Law

a legal entity or state agency whose uninterrupted operation of its information systems is

important for the defense and/or economic security of the state, as well as for normal

functioning of the state and/or society;

Law of Georgia on Information Security

Also: Critical information system subjects in the field of defense

Who is the Critical information system subject ?

Data Exchange AgencyServices/Activities

Data Exchange Agency

Information Security and Policy Division

Information Security policy development, implementation, monitoring, development.

CERT.GOV.GE (Computer Emergency Response Team)

Established In 2010 Under Supervision of Ministry of Justice Georgia

Information Security Team

Team Competence

Information Security Team

All Team Members are BSI Certified Professionals:

BSI/ISO 27001 (Information Security) LI/LA 5 Member of Team

BSI/ISO 22301 (Business Continuity) LI/LA 4 Member of Team

BSI/ISO 9001 (Quality Management) LA 5 Member of Team

ISO 31000 (Risk Management)

4 Member of Team

CGEIT (Certified in the Governance of Enterprise IT)

1 Member of Team

CISM (Certified Information Security Manager)

4 Member of Team

CISA (Certified Information System Auditor)

2 Member of Team

CRISC (Certified in Risk and Information Systems Control)

1 Member of Team

Information Security Services

ISO Management System Consulting Service

ISMS Implementation Service

Service Development Agency;

Public Registry of Georgia2 Organization

Review of Information Security Management documentation: Policy, Plans,

Audit report and etc.39 Organization

Certified Course in Management Systems

( Introduction, Implementation and Internal Audit in Information Security

Management Systems, Certification Exam).

More than 250

Professional

NATO SPS Project Trained Professionals from Moldova, Montenegro,

Azerbaijan, Ukraine, Mongolia

More than 100

Professional

Information Systems Audit Service

JSC Georgian State Electro system (GSE) 1 Organization

Consulting Services

Implementation of Management System

• Information Security ISO 27001

• Business Continuity ISO 22301

• Quality Management ISO 9001

Support on implementation of Legal requirements

• Awareness for Organization's Management

• ISMS Documentation Review

• Recommendation in every stage (Pre, Implementation, Post)

Consulting on establishment Risk management

Audit Services

Audit of Management Systems

• Information Security ISO 27001

• Business Continuity ISO 22301

• Quality Management ISO 9001

Audit of Information System

Training Course

Introduction on Information Security Management System

5 Day Course:

• Introduction on Information Security

Management System.

• Information Security Legislation Review.

• Information Security Standard ISO 27001

Review.

• Implementation of Information Security

Management System.

• Auditing of Information Security

Management System

• DEA Certification Exam

Course Language:

Georgian

English (Short Course)

Totally Up to 250 Georgian Professional

CERT.GOV.GE

We are the member of :

The Cyber security Executing Arm Of The UNITED NATIONS

SPECIALISED AGENCY of The International Telecommunication Union (ITU)

The Trusted Introducer - a.k.a. TI - is the trusted backbone

of the Security and Incident Response Team community in

Europe

FIRST is an international confederation of trusted computer

incident response teams who cooperatively handle computer

security incidents and promote incident prevention programs.

Obtaining the trademark “CERT” Officially.

CERT.GOV.GEEstablished in 2011

Partners:

CERT-EE

Team Competence

CERT.GOV.GE Team

All Team Members are SANS Certified Professionals:

Systems and Network Auditor (GSNA)

SANS GIAC Certified Professionals

Trained by Terena (TI)

CERT.GOV.GE (Computer Emergency Response Team)

Services and Activities

Monitoring Service

• IP Monitoring Services.

• Network Monitoring System

Proactive Services: (Free)

• Incident Handling Support and Consulting

• National Incident Database

• Detection of Infected Web Sites

• Safe DNS (Safe Internet)

• Check My IP Service

Special Services:

• Source Code Analyze Service.

• Malware Analyze Service.

• Vulnerability Annalise Service

Course in Cyber Security and Incident Handling

Special Activities & Awareness

• Cyber Security Forum

• Annual GITI Regional Conference

• Website (dea.gov.ge),

• Facebook (certgovge)

• Media Campaign (TV, Internet)

• Wall Calendar

Basic Incident Handling

NATO SPS Project Trained Professionals from Afghan, Macedonia, Montenegro, Moldova, Montenegro,

Azerbaijan, Ukraine

CERT.GOV.GE Services

Incident Handling

Contact: incidents@dea.gov.ge

IP Monitoring Services

Information Provided Daily About Infected IP Addressee : > 25000 record per day

Check My IP Service:

www.dea.gov.ge

www.checknet.ge

CheckNET Service

Sensors Type 1 (Netflow )

Sensors Type 2 (Deep Packet Analyzes)

Network Monitoring Services

Website Intrusion Detection Services

We Monitor All .Gov.ge Web Sites and Top.ge 100 Sites

Connected 10 Governmental Organization

CERT.GOV.GE Services

Vulnerability Analyzes

Source Code Static Analyzes

Malware Analyze

Safe Internet

Awareness (Adverts, Calendar, Social Media, …)

HP Web Inspect

IBM App Scan Standard

Nesus Professional

Cuckoo SandBox

ShadowServer Malware Analyzation Service

Safe DNS Georgia:

Integrated with Collective Intelligence Framework.

Blocks malware domains and redirecting to warning page.

First DNSSEC Enabled Resolver In Georgia.

5.159.16.16; 5.159.20.20

Blacklist Service:

IP and Domain blacklist.

Different formats for different software.

Available for Organization's.

http://blacklists.cert.gov.ge

Trainings (Local, International)

Training Course

Basic Cyber Incident Handling

3 Day Course:

• CSIRT introduction

• Incident Handling

• Basic Malware Analysis

• Sysinternal Tools

• Forensics with Linux

• Forensics with Windows

• Linux Intrusion Detection

• Case Studies

Course Language:

Georgian

English (Short Course)

Totally Up to 50 Georgian Professional

Awareness

Awareness

Wall Calendar

TV Social Adverts

www.facebook.com/certgovge

Daily Updates, > 1500 Subscribers

Georgian Information Security Forum (Abuse Forum)

> 50 Active professionals from governmental and commercial

organizations

5 Annual meetings

Started formalization Process

Security Events

CYBER-EXE GEORGIA 2014

16 Organization (Commercial and government Sector)

Red Team• CERT-GOV-GE

• COMCERT.pl

Blue Team• Education Management Information System

• National Public Registry

• Ministry of Labour Health and Social Affairs of Georgia

• MagtiCom

• Bank of Georgia

• Georgian Research and Educational Network Association Grena

• Ministry of Internal Affairs

• National Bank of Georgia

• Cyber Security Bureau

• Smart Logic

• state chancelary

• Geocell

• VTB Bank

• Ministry of Finance of Georgia

• Public Service Development Agency

• Free University of Tbilisi

CYBER-EXE GEORGIA 2015

19 Organization (Commercial and government Sector)

Red Team• CERT-GOV-GE

• COMCERT.pl

19 Blue Team• Education Management Information System

• Public Registry

• Ministry of Labour Health and Social Affairs of Georgia

• MagtiCom

• Bank of Georgia

• Georgian Research and Educational Network Association Grena

• Ministry of Internal Affairs

• Ministry of Defence

• Cyber Security Bureau

• Smart Logic

• Ministry of Finance of Georgia

• Public Service Development Agency

• TBC Bank

• Liberty Bank

• UGT

• Georgian Railway

• Delta Com

2014 FIRST Regional Symposium

Tbilisi, Georgia October 14-16, 2014

GITI 2011-2015

8th Regional Conference GITI 2015 (>400 Delegates)

Already 5 year we have dedicated Cyber Security Day

Regional Activities

Regional Cooperation

Moldova CERT

We Support them in various activities

Azerbaijan

Sponsor them became Trusted Introducer List member,

Support To FIRTS Membership

Turkey

Joined Training for developing countries

Poland

Sponsor COMcert.pl became Trusted Introducer List member

Contribution in NATO SPS Trainings

• Afghanistan

• Moldova

• Macedonia

• Montenegro

• Azerbaijan

• Ukraine

• -> Mongolia

Cyber Defense Training for IT Professionals

Totally Up to 150 Professional

2-3 Day Cyber and Information Security Sessions:

Q/A

Thank you for your attention

Contact Information for Data Exchange Agency:Phone: +995 (32) 2 91 51 40

E-mail: info@dea.gov.ge; ilomidze@dea.gov.ge

Web: www.dea.gov.ge