shuky peleg e_gov_cyber_presentation_information_sharing
DESCRIPTION
TRANSCRIPT
Information Sharing
A requirement for Cyber Defense
Shuky Peleg, CISA, CISSP
Head of Information Security, eGov
October 2012 | Ministry of Finance - eGovernment
What is eGov?
Providing citizens and businesses with better access to government information. eGov simplifies and shortens bureaucratic processes, offers online services and implements advanced government technologies in order to benefit citizens and businesses.
Managing platform for
inter-ministries processes
24/7 service
Providing better,
efficient online service
Better service for
citizens
Improving service
for businesses
Saving money
Increasing efficiency
Vision
and Goals
Reducing bureaucracy
New online
services
Technological advancements
Raising
government
production
Increasing
transparency
Raising productivity
Improving government’s
image
eGov
The Internet Frontier of the Israeli Government
eGov Services for Citizens and Businesses
Secure ISP/ASP/ESB/Connectivity providers for the Ministries
IT & Cyber Security Service Providers for Ministries
Knowledge Center and coordination body for IT & Cyber Security (CERT, SIEM, Threat and Malware Research)
eGov
Number of employees : ~250, all technology experts.
The E-Government unit is built entirely from Hi-tech professionals, employed by government tenders for technology services.
Part of E-Government projects are carried out using full outsourcing.
E-Government is regulated by NISA.
All e-Government employees have required level of security clearance
Government Network
Internet
e-Gov
Citizen Citizen Business Business
Government Offices
eGov Topology
2011/2 2010 2009 2008 2004/5 2002/3 2000/1 1997/8 2007 2006 2011 1997/8
ISP
Online services
Government information
Standards
Doing Business
Media and transparency
Personalization
Multi-channels
Information security
Payment service
Forms service
BCP/DRP
Gov.il Search engine
kids MASE project
Gov Servie bus
eGov report
Gov X
Customer service
My Gov |
Smart ID
Cellular | IVR
Gov 2.0 |
data gov
Social media | government
contact
Shituf
Service stations
MASLOL
Web
Web hosting
and Email
Building permits
Property or business
registration
7
eGov Security Group
An inherent part of eGov core activity
A technology leader A knowledge center and a public sector focal point for all ICT
security issues Promoting Israeli Information Security technologies
Defacement of Government Sites Bank of Israel - 2008
Denial of Service attacks “Cast Lead” in Gaza - 2009
Theft/Corruption of Government Data Corruption / disturbance to National Critical Infrastructure
Theft of services or money from the Government (E-Commerce)
Identity fraud / theft (E-Forms, PKI Infrastructure) Information Leakage Using Government Infrastructure as enabler / facilitator of
Cyber conflict Using Public Infrastructure as enabler / facilitator of Cyber
conflict
Main Threats
Main Protection Principles
Separation of duties
Segregation of Networks
Log Everything
Pass only what we can monitor
No remote administration
No single point of failure - “2 mistakes”
Secure Development Lifecycle
Identifying Cross-application and cross-domain influences
Organizational Chart
Head of
Information Security
Technology and Incident Response
Team
CERT and Analysis
2nd Level Monitoring and Forensics
Cyber, Methodology and
Application Security Team
Pen. Testing
Security Research
Information Security
Officer
Head of IT Infrastructure
Operation Centre (Network and
Security)
1st Level Security Monitoring and
response
Hosting Services
Platforms and Systems
Hardening
Systems Administration
Security Implementation (AV, FW, Mail…)
NISA
Critical
Infrastructure
Industry
Standards
and
Regulations:
ISO 27001, PCI
Privacy
ILITA
Self
Regulation and Best
Practices…
National Cyber Bureau
Regulatory Environment
Government CIO
National and
Internationals
Laws and Regulations
Standards
institution
of Israel
Industry Peers
Government
enterprises Universities and research intuitions
Israeli technology companies
Cooperation efforts
Israeli and
foreign CERT
organizations
Cyber Defense
Community Peers
National Cyber Bureau
Focus on the CERT Organization
Member in a Global CERT Org.
Creation of a Nation-Wide View
National CERT
Government (CERT.Gov.il)
e-Go
v
Go
vernm
ent
Offices
Pu
blic Secto
r
Academy (CERT.ac.il)
Un
iversities
Co
lleges
Private Sector
Telecom
m
ISPs
SMB
s
Financial Sector
Ban
king
Insu
rance
Critical Infrastructure
Energy
Water
Transp
ortatio
n
Defense
Military
Defen
se In
du
stries
Alerts
Procedures, Guidelines and Immediate Actions
Procedures, Guidelines and Immediate Actions
Our Legacy Protecting Government Internet Gateway and Servers
Our Routine Participate in designing secured systems and preventing malicious intents via advanced monitoring
Our Vision Serving as a liaison between the public and cyber defense agencies and government bodies to protect our way of life in the information era.
20
Thank you !
Ministry of Finance –E-Government Division