thailand e-government roadmap

1

Thailand eThailand e--Government Government RoadmapRoadmap

2

AgendaAgenda

• Overall the ICT Thailand status.

• The ICT Master Plan No. 2, ICT 2020.

• Thailand e-government status.

• Development of Thailand e-government.

3

ICT Indicators for Thailand on the world stageICT Indicators for Thailand on the world stage..

Source: The Economist Intelligence Unit

4

ee--readiness rankingsreadiness rankings

Source: The Economist Intelligence Unit

5

Source: WEF

NetworkedNetworked--Readiness RankingsReadiness Rankings

6

The big problem Thailand's ICT development in all the indexes. The availability of infrastructure, information Which are still inadequate and not evenly spread. To the development and utilization of ICT to the amount of knowledge. Business development services of government. Can not be effective.

ICT Indicators for Thailand on the world stageICT Indicators for Thailand on the world stage

7

Compare the proportion of people with fixed line phonesCompare the proportion of people with fixed line phones

Overview of the Thailand telecommunicationOverview of the Thailand telecommunication

Source : IMD World Competitive Year Book 2007

Unit: per 100 people

8

Overview of the Thailand telecommunicationOverview of the Thailand telecommunication

Year 2550, Thailand has Penetration Rate 2.1%, while in Malaysia.

Year 2549 , Thailand ha Penetration Rate 4.6% , in 2553 Malaysia the targets go to 7%.

High-speed InternetHigh-speed Internet

9

Structure of Broadband Internet in the worldStructure of Broadband Internet in the world

Source: Gartner (November 2008)

Broadband Internet use trends of world, regional, and Broadband Internet use trends of world, regional, and ThailandThailand

Growth 73.9 %

Growth -10.6 %

10

ท่ีมา: Gartner (November 2008)

Number of broadband and Narrowband in Thailand


11

source: Gartner (November 2008)

Structure of Broadband Internet in Asia Pacific

Growth -4.3 %

Growth 31.6 %


12

Internet Usage Growth (Internet Usage Growth (Daily Daily Page view) source: truehits.netPage view) source: truehits.net

13

Thailand ICT Master Plan 2009-2013

14

Vision of the Thailand master plan for ICT.Vision of the Thailand master plan for ICT.

Thailand is a rich intellectual society.(Smart Thailand) with ICT

Rich social intelligence "here means. Social development and use of information technology and communication wise. Using the guidelines of the sufficiency economy philosophy. People have all levels of intelligence (Smart People) and knowledge of information (Information Literacy) to access and use of

information as a critical moral and ethical literacy. Benefits to themselves and society. The management of information technology And communication with Governance (Smart Governance) to support the

development to Economic and social base of knowledge and innovation, sustainable and stable

15

Vision “SMART”

Thailand

1. To develop manpower in quality and sufficient .

2. To Develop ICT broadband infrastructure.

3. To ICT management system with Governance Governance.

ObjectivesObjectives

1. To improve the quantity and capability of manpower.

2. A Governance and management of ICT Governance in the national

3. To support the restructuring of production towards value-added products and services.

4. to make strength the community and individuals.

5. A business and industrial potential of ICT.

Vision Vision -- Mission Mission -- ObjectivesObjectives

Mission

16TargetsTargets At least 50% of people have access to knowledge and use

of ICT is critical, and literacy.

Enhance the availability of ICT in the Networked Readiness Index in the Top quartile (25%).

Proportion of industrial value-added ICT.The GDP of not less than 15%.

17

SMART Thailand

Manpower Development.(ICT Professionals and “Information-Literate” People)1

Management of ICT with good governance (Institutional arrangement, Rules and Regulation, Financing, …)

2

ICT Infrastructure development.3 Capacity of the ICT industry.5

Use ICT to support the Governance and Use ICT to support the Governance and governance in the management of public

services. 4

Use ICT to enhance the sustainable competitiveness.

(Strategic Sectors, SMEs)6

Hardware Software Communication

Development strategyDevelopment strategy

18

SMART Thailand SMART Thailand 20202020

Smart Government

Smart Agriculture

Stronger Economy

Smart Services

Social Equality

Smart HealthSmart Learning

Environmental Friendly

Smart Environment(ICT for Green &

Green ICT)

ICT Human Resources and ICT Competent Workforce ICT Infrastructure ICT Industry

ICT 2020 Framework

19

ICTICT20202020:: Key Success FactorsKey Success Factors

Smart Smart ThailandThailand

20202020

The government must communicate a clear public. ICT / Broadband as a National agenda.

Must provide the structure of the implementation status and supervise the ICT Agenda driven a clear and practical to drive must come from top management.

20

Leadership and Governance StructureLeadership and Governance Structure

Improve the composition and structure of authority of the NITC and the need to follow-up meeting at least once a quarter.

The agency of the Ministry of ICT has served as the Executive Office of Public Information (Government Chief Information Office: GCIO) is a central agency to coordinate and drive the country's ICT agenda, preparation of policy and master plan. Evaluation. Should have the flexibility to work

To agencies responsible for the strategic focus following.– National Cyber Security Agency

– Government Information Technology Services

21

Leadership and Governance StructureLeadership and Governance Structure

To the mechanism of linkages of the NITC and other national committee. The responsibilities related to some dimensions of ICT development such as

– Electronic Transaction Committee

– Commission created the National Economic Policy.

– Board of Governor of the National Telecommunications and new series will follow the law.

22

Development of Thailand e-government

23

Political will

And support

Computer and

Network

Infrastructure

Rules & Regulations

Legal InfrastructureSecurity &

Policy

Information

Infrastructure

e-Commerce

Infrastructure

HRD CIO/CEO

Program

- CIO Training

- CIO Forum

- CIO Conference

Information

in every

organization

- e-Commerce

Resource Center

- G to C

- G to B

- e-Procurement

- e-Tax

- e-Citizen

- e-Marketplaces

- Electronic Transactions Act

- Data Protection Law

- NII Law, EFT Law

- Gov Data Infrastructure

- Gov News Exchange

- Gov Data Exchange

- Gov Interoperability Standard

- PKI

- ThaiCERT

- Computer Crime Law

- Government CA Service

- Ministry of ICT

- National ICT CommitteeNational Operation

Center

- Government IT Services

- Government Information Network

- SchoolNet

Civil Servant

Attitudes

Thailand eThailand e--Government Development Beneath the IcebergGovernment Development Beneath the Iceberg

27

Ministry of ICT. To plan the direction of development of e-Government Year 2548-2551 (e-Government Roadmap), which set important plans in the development of management systems. And services sector of the country. To a concrete result.

Infrastructure : Infrastructure development, information technology and communications. Services : Development of public services through electronic systems. Regulation : To improve law and regulations.

Development of Thailand eDevelopment of Thailand e--governmentgovernment

28

Milestones of the

Ministry of Information and

Communication Technology is

committed to transform the

administrative process. And

government services through

modern technology. To facilitate the

public. Efficiently Quickly and

thoroughly.

E-Government.

(e-Government) is considered as a

change management system,

government system and public

service. Government policy that

secures the needs of the people at

the center (Citizen Centric).

Phase 1 by the year 2553.C-Government targets or Connected Government that links between government agencies in providing e-Services.

Phase 2-3 by the year 2554-55.The m-Government Mobile Government or the links between government agencies through mobile phones and other mobile computing devices. In providing e-Services.

Phase 4 by the year 2556 A u-Government Ubiquitous Government or the links between government agencies. Through multiple channels. In providing e-Services at any time and any time a service is 24x7.

Phase 4 by the year 2557 The T-Government Transformed Government or the government or through conversion of the definition of the United Nations. The government closer to people from all sectors. A link between government agencies. Through multiple channels. In providing e-Services at any time and any time a service is 24x7.

EE--govgov RoadmapRoadmap

30

Introduction to PKI and Trust Model

31

Why Do We Need PKI? Cryptography Technology Public Key Infrastructure (PKI) Certification Authority (CA) & Certificates Use of Certificates Trust Model

– Hierarchy– Cross Certification– Bridge CA– Cross Recognition– Certificate Trust List

AgendaAgenda

32

Why Do We Need PKI?Why Do We Need PKI?

Confidentiality

InternetInternet

ReceiverSender

Hello Alice Hello Alice

Intruder / Hacker

Hello Alice

Data Disclose

33

Why Do We Need PKI? (Why Do We Need PKI? (22))

I love you

Integrity

InternetInternet

ReceiverSender

I love you I hate you

Intruder / HackerI hate you

Data Alteration

34

Why Do We Need PKI? (Why Do We Need PKI? (33))

Identity in the Cyber World :

[email protected]

[email protected]

[email protected]

from: [email protected]

from: [email protected]

Authenticity Non-Repudiation

35

Why Do We Need PKI?(Why Do We Need PKI?(44))

4 functions are provided by PKI

ConfidentialityEnsure that nobody can get knowledge of what you transfer.

IntegrityEnsure that message has not been modified during transmission.

AuthenticationYou can verify the person you think you’re talking to.

Non-repudiationSender cannot be denied being associated with it.

36

Symmetric Key Use the same key for encryption and decryption

Buy 500 items $%c@!f4)e_&7#+ =

Encryption

Buy 500 items$%c@!f4)e_&7# + =

Decryption

The same key (Pre-shared secret)

Advantages: Disadvantages: Faster than Asymmetric Key Use for encryption

Key Management Difficulty of secure key

distribution

Cryptography Technology Cryptography Technology

37

Asymmetric Key Use different keys for encryption and decryption

Buy 500 items + =

Encryption

$%c@!f4)e_&7# Buy 500 items$%c@!f4)e_&7# + =

Decryption

Different Keys (Key Pair : Private Key & Public Key)

Advantages: Disadvantages: Systematic Key Management Use for encryption,

authenticity, integrity and non-repudiation

Slower than Symmetric Key

Cryptography Technology (Cryptography Technology (22))

38

Asymmetric Key

Private Key Kept secret. Know only to the owner.

Public Key Stored in a location that is accessible by

everyone. Don’t keep secret.


39

Asymmetric Key Usage

EncryptionEnsure the data will be kept secret.

Digital SigningAuthorize sender and ensure Data Integrity.

Confidentiality

Integrity

Authentication

Non-repudiation


40

Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)

What is PKI? Public Key Infrastructure (PKI) is a system of

digital certificates, Certification Authorities (CA), and other registration authorities that verify and authenticate the validity of each party involved in an internet transaction.

41

Public Key Infrastructure (PKI) (Public Key Infrastructure (PKI) (22))

PKI Components

Certification Authority

RegistrationAuthority (RA)

End Entity(EE)

Repository

(CA)

42

Certification AuthorityCertification Authority

Certification Authority (CA): CA issues digital certificates for proving their identities.

Certification AuthorityMr. A

Mrs. B

CA

Secure Transaction Secure Transaction

DigitalCertificate

DigitalCertificate

DigitalCertificate

Web Server C

Web Server CMr. A Mrs. B

43

What is Certificate?What is Certificate?

Digital Certificate An object used to bind the

identity of end entity to its public key.

Contains attributes about the end entity.

Issued and digitally signed by Certification Authority (CA).

- End Entity Information

- CA’s Digital Signature

- Certificate Information

- End Entity’s Public key

44

CertificatesCertificates

Example of Certificate

45


Example of Certificate Types

Personal Certificate

Organizational Certificate

VPN Certificate

SSL Certificate

Code Signing Certificate

etc.

46


Certificate Life Cycle ManagementCertificate Life Cycle Management

Creation

- link public key to certificate- used to identify EE

Distribution

- transmitted by owner- stored in repository for later retrieval

Expiration

- certificate expired- certificate revoked (publish CRL)

- key archival- key recovery

Registration

- register to RA- verification: information of EE- certificate issuance: by CA

47

Uses of CertificateUses of Certificate

General Uses of Certificate Secure e-mail (S/MIME) Secure Document Secure Socket Layer (SSL) Time Stamp service etc.

Specific Uses of Certificate e-Tax e-Procurement e-Invoice etc.

48

Uses of Certificate (Uses of Certificate (22))

Example of PKI Applications

S/MIME Microsoft Office Outlook Mozilla Thunderbird

SSL Microsoft Internet Explorer Mozilla Firefox

Secure Document Microsoft Office

OpenOffice.org

49

Trust ModelTrust Model

HierarchyHierarchyCrossCross--CertificationCertificationBridge CABridge CACrossCross--RecognitionRecognitionCertificate Trust ListCertificate Trust List

50

The simplest approach to a PKI framework is to have a single root CA. Root CA holds all certificates; all users refer to and trust it for all transactions. Also intermediate CAs are trusted because the root CA, which certifies it, is trusted.

CA1 CA2

CA 1.1 CA 1.2 CA 2.1 CA 2.2

Root CA

Intermediate CA

End Entity Certificates

Root CA

HierarchyHierarchy


51

Hierarchy (Hierarchy (22) ) -- AnalysisAnalysis


Advantages Disadvantages

• Simply validation - Certificates can be traced back through the hierarchy for validation

• Low costs due to simplicity of system• Usually high interoperability, if standards

are followed• Uniformity – the root CA specifies policies

which bind all elements of the system – but centralized policies are not well-suited to national or multi-national deployment

• If the root CA is compromised, the entire system is affected

• The system is not well-suited to complex deployments such as international trade

• A high degree of consensus is needed at design time

• Acceptance of single authority by all users is necessary, and may be difficult to achieve (particularly in international contexts)

• The technical and administrative workload of the CA is enormous for large deployment

Reference: Galexia

52

CrossCross--CertificationCertification

Cross-Certification (CC) model is one of the several models, which a CA issues a cross-certificate for another CA in order to initiate trust to each other. So, Users can verify unknown CA by cross certify.

CA 1

CA 1.1 CA 1.2

EE1.1 EE1.2

CA 2

EE2

Cross-Certify

Intermediate CA


Root CA


53

CrossCross--Certification : Full MeshCertification : Full Mesh


CA CA

CA

CA CA

CA

CA

CA

CA

CA CA

CA CA

CA CA

CA CA

Number of cross-certificates = n x (n-1); n = number of CAsEvery CAs need to be cross-certified by all other CAs in the network.

54

CrossCross--Certification : Partial MeshCertification : Partial Mesh


CA

CA

CA CA

CA CA

CA CA

CAs do not need to be cross-certified by all other CAs in the network.

55

CrossCross--Certification (Certification (33))


CA1 CA2

Subject: CA2 Issuer: CA1

Subject: CA1 Issuer: CA2

Certification Path:- CA1’s user receives a message from

CA2’s user.


CA1’s user.

CA1

CA2 by CA1

EE2

cross-certificate CA2

CA1 by CA2

EE1.1

CA 1.1

cross-certificate

56

CrossCross--Certification (Certification (44))



• No central authority means no critical point of failure

• No need for universal consensus; only between CAs as needed to form trust relationships

• High interoperability – but only if this already exist at the time of cross-certifying

• In case of many CAs are in domain, cross-certification can be expensive, and must be performed multiple times by each CA

• Poor scalability in a Full Mesh – each new CA must be compatible with CAs already in the network

• Multiple points for validation process to fail (in a Partial Mesh)

Reference: Galexia

57

Bridge CABridge CABridge CA

CA 1

CA 1.1

EE1.1

CA 1.2

EE1.2

CA 2

EE2


This model are combines aspects of both the hierarchy model and the cross-certification model. It reduces number of cross-certificates by requiring only one pair of cross-certifications for each CA.

Intermediate CAEnd Entity Certificates

Root CA

Bridge CA

Cross-CertifyCross-Certify

58

Bridge CA (Bridge CA (22))


Root CA

CA CA

Cross-Certify Cross-Certify

Cross-Certify

Bridge CA

Root CA

CA CA

Root CA

CA CA

number of cross-certificates = n x 2; n = number of CAs

59

Bridge CA (Bridge CA (33))



CA2’s user.


CA1’s user.

CA1 CA2

Subject: Bridge CA Issuer: CA1

Subject: Bridge CAIssuer: CA2

Bridge CA

Subject: CA1Issuer: Bridge CA

Subject: CA2Issuer: Bridge CA

CA1

Bridge CA by CA1

EE2

CA 2 by Bridge CA cross-

certificate

CA2

Bridge CA by CA2

CA 1 by Bridge CA

CA 1.1

EE 1.1

cross-certificate

60



• Scalability – new CAs need only cross-certify with the bridging CA

• Interoperability – CAs cross-certify individually with bridging CA

• The validation fails if the bridge CA is compromised (although individual CAs can continue to operate on their own)

• All parties involved must recognize the validity of the bridging CA

• High workload on the bridging CA as system grows

Bridge CA (4)Bridge CA (4)

Reference: Galexia

61

CrossCross--RecognitionRecognition


Cross-recognition model (CR) is different from cross-certification models because it is recognition between users and CAs instead of recognition between CAs. So, the decision whether or not to trust a CA ultimately falls to the user.

Intermediate CA


Root CACA 1

CA 1.1 CA 1.2

EE1.1 EE1.2

CA 2

EE2Cross-recognize

62


CA1 CA2

EE1.1 EE2


CA2’s user.


CA1’s user.

CA2

EE2

Install CA2’s Certificate Install CA1’s Certificate

CA1

CA 1.1

EE 1.1

CrossCross--Recognition (Recognition (22))

63



• Only the certificates of the breached CA are affected

• Largely remove the need for technical compatibility between CAs, only at the application level (e.g. a user’s software must be able to process the information in a given certificate)

• Allows entirely distinct CAs into interoperation easier

• the decision whether or not to trust a CA ultimately falls to the user

• users must be better-informed than in other models because the decision to trust the certificate rests with them and not their CA

CrossCross--Recognition (3)Recognition (3)

Reference: Galexia

64

Certificate Trust ListCertificate Trust List


CA1CA2CA3…

The Certificate Trust List (CTL) is a list of CAs’ certificates from a trusted authority. The list itself is digitally signed to ensure its integrity and accuracy.

Publishing Authority

CA 1.1

EE1.1

CA 1.2

EE1.2 EE2

Intermediate CA

Certificates

Root CA

CTL Signing Entity

Digitally sign

65


CA1 CA2

EE1.1 EE2


CA2’s user.


CA1’s user.

Install Certificate Trust List

Publishing Authority

Install Certificate Trust List

Publishing AuthorityCTL Signing Entity

Certificate Trust List

CA1CA1.1

EE1.1

Publishing AuthorityCTL Signing Entity

Certificate Trust List

CA2EE2

Certificate Trust ListCertificate Trust List ((22))

66



• High scalability• Generally low costs (but this can increase,

depending on the implementation)

• The single publisher of the trust list must be recognized by all parties

• Potential difficulties in distributing up-to-date versions of the trust list

• Single point of failure (the trust list and/or trust list authority) although individual CAs would continue to function

Certificate Trust List (3)Certificate Trust List (3)

Reference: Galexia

67

USAID

68

USAIDUSAID

69

MissionMission

The Office of U.S. Foreign Disaster Assistance (OFDA) is

the office within USAID responsible for facilitating and coordinating

U.S. Government emergency assistance overseas. As part of

USAID's Bureau for Democracy, Conflict, and Humanitarian

Assistance (DCHA), OFDA provides humanitarian assistance to save

lives, alleviate human suffering, and reduce the social and

economic impact of humanitarian emergencies worldwide.

70

Role and ResponsibilityRole and Responsibility

OFDA responds to all types of natural disasters, including earthquakes,volcanic eruptions, cyclones, floods, droughts, fires, pest infestations, anddisease outbreaks. OFDA also provides assistance when lives or livelihoodsare threatened by catastrophes such as civil conflict, acts of terrorism, orindustrial accidents. In addition to emergency assistance.

OFDA funds mitigation activities to reduce the impact of recurrent natural hazards and provides training to build local capacity for disaster management and response.

71

Type of DisastersType of Disasters

72

Early warning SystemEarly warning System

1. Establishment of Standard Operating Procedure (SOP)

2. Receiving data from inter-and international agencies

3. Data Analysis

4. Dissemination of warning message

5. Planning, coordinating, monitoring and evaluating the warning, response and mitigation process with provincial governments and Department of Disaster Prevention and Mitigation in emergency response and mitigation, and evacuation drills

Reference: National Disaster Warning Center Thailand

73

Sea Level Change Sea Level Change MeansurementMeansurement

Proposed

Deploy at 9’N 89’E in late 2006 Deploy at 4’N 90’E in early 2006

Reference: National Disaster Warning Center Thailand

74

Tsunaneter Mooring SystemTsunaneter Mooring System

76

ChallengesChallenges

There are many actors in disaster management system in Thailand. It is a big challenge to give an equal or suitable role to all

As Thailand is “not much” a disaster prone country, to make the disaster risk reduction on top of the National Agenda is not an easy job

The challenge will be on the shoulder of DDPM, as the National Focal Point in Disaster Management, to start the process of linking national mechanism with the AADMER

Reference: ASEAN DEFENCE ESTABLISHMENTS AND CIVIL SOCIETY ORGANISATIONS (CSOs) COOPERATION ON NON-TRADITIONAL SECURITY ( Disaster Management )

77

The Road AheadThe Road Ahead

Establishment of a national committee (or sub-committee under the National DPM Committee, that would be directly responsible for the Implementation of the Agreement

Formulation of National SOPs (Request and Offer Assistance)

Establishment of SAR team, ERAT relief teams that has the international capacity

Make the AADMER more widely known to other agencies/organizations and have more engagements from them

Others Reference: ASEAN DEFENCE ESTABLISHMENTS AND CIVIL SOCIETY ORGANISATIONS (CSOs)

COOPERATION ON NON-TRADITIONAL SECURITY ( Disaster Management )

78

78

UN roleUN role

Define the proper scale of the problem and solution.

The system must be:– Fully owned by the Indian Ocean Rim countries– Based on international multilateral cooperation– Based on the open and free exchange of data– Protect all countries in the Indian Ocean Basin– Transparent and accountable to all members

Reference: Patricio A. Bernal, Executive Secretary IOC ,The Indian Ocean Tsunami Warning System: A Progress Report.

79

79

How does it function?How does it function?

Is based on the joint operation of international networks of detection connected with national tsunami warning centres

UN governance provided under the IOC

Each nation is responsible for issuing warnings in their territory and protect its own population.

National centres must have strong links with emergency preparedness authorities (national, provincial and local)

Reference: Patricio A. Bernal, Executive Secretary IOC ,The Indian Ocean Tsunami Warning System: A Progress Report.

80

80

Where are we now?Where are we now?

A single system being planned

All countries of the Indian Ocean participate

Tsunami advisory information provided from centres in Hawaii and Tokyo.

National focal points designated in 14 nations

Governance of UN/IOC accepted in Paris

Full scope of the task recognized: multi-nation (27), multi-year (>3)

Beyond the emergency: transition to reconstruction and development phase.

Joint UN implementation: IOC,WMO,ISDR,UNDPReference:

Patricio A. Bernal, Executive Secretary IOC ,The Indian Ocean Tsunami Warning System: A Progress Report.

81

Thank you for your attentionThank you for your attention

82

Presented byPresented by

NANTAWAN

WONGKACHONKITTI

83

Supported bySupported by

Onion HeadSiriporn Pongvinyoo

[email protected]

thailand e-government roadmap

Education

use ict

ict thailand status

management of ict governance

ict agenda

availability of ict

ict broadband infrastructure

utilization of ict

ict infrastructure development