Information Sharing A requirement for Cyber Defense Shuky Peleg, CISA, CISSP Head of Information Security, eGovOctober 2012 | Ministry of Finance - eGovernment
What is eGov?Providing citizens and businesses with betteraccess to government information.eGov simplifies and shortens bureaucraticprocesses, offers online services and implementsadvanced government technologies in order tobenefit citizens and businesses.
Improving Improving Raising government’s service image Saving government for money production businesses Better New service for online citizensservices Increasing efficiency Reducing bureaucracy Vision Raising productivity and Increasing Goalstransparency Managing platform for 24/7 Providing Technological inter-ministries service better, processes efficient advancements online service
eGovThe Internet Frontier of the Israeli Government eGov Services for Citizens and Businesses Secure ISP/ASP/ESB/Connectivity providers for the Ministries IT & Cyber Security Service Providers for Ministries Knowledge Center and coordination body for IT & Cyber Security (CERT, SIEM, Threat and Malware Research)
eGov Number of employees : ~250, all technology experts. The E-Government unit is built entirely from Hi-tech professionals, employed by government tenders for technology services. Part of E-Government projects are carried out using full outsourcing. E-Government is regulated by NISA. All e-Government employees have required level of security clearance
eGov Topology Government Offices Government Network e-Gov InternetCitizen Business Citizen Business
Personalization My Gov | Smart ID Doing Building Property or MASLOL businessBusiness permits registration Service Cellular |Multi-channels Web stations IVR Social media | Media and Shituf government Gov 2.0 | Customer transparency contact data gov service Gov Servie eGov Standards bus Gov X report Government Search MASE information Gov.il kids engine project Online Payment Forms services service service Web hosting Information ISP BCP/DRP and Email security 7 1997/8 2000/1 2002/3 2004/5 2006 2007 2008 2009 2010 2011 2011/2
eGov Security Group An inherent part of eGov core activity A technology leader A knowledge center and a public sector focal point for all ICT security issues Promoting Israeli Information Security technologies
Main Threats Defacement of Government Sites Bank of Israel - 2008 Denial of Service attacks “Cast Lead” in Gaza - 2009 Theft/Corruption of Government Data Corruption / disturbance to National Critical Infrastructure Theft of services or money from the Government (E- Commerce) Identity fraud / theft (E-Forms, PKI Infrastructure) Information Leakage Using Government Infrastructure as enabler / facilitator of Cyber conflict Using Public Infrastructure as enabler / facilitator of Cyber conflict
Main Protection Principles Separation of duties Segregation of Networks Log Everything Pass only what we can monitor No remote administration No single point of failure - “2 mistakes” Secure Development Lifecycle Identifying Cross-application and cross-domain influences
Organizational Chart Head of Head of IT Information Infrastructure Security Cyber, Information Operation Centre Technology and Methodology and Security SystemsIncident Response Application (Network and Hosting Services Team Administration Security Team Officer Security) 1st Level Security Platforms and Security CERT and Analysis Pen. Testing Monitoring and Systems Implementation response Hardening (AV, FW, Mail…) 2nd Level Monitoring and Forensics Security Research
Regulatory Environment Industry NISA Standards Critical and Infrastructure Government Regulations: CIO ISO 27001, PCIPrivacy ILITA National Cyber Bureau Self National and Regulation Internationals and Best Laws and Practices… Regulations
Cooperation efforts Standards Industry Israeli and institution Peers foreign CERT of Israel organizations National Cyber Bureau Israeli Cyber Defense technology Community companiesGovernment Peersenterprises Universities and research intuitions
Creation of a Nation-Wide View National CERT Procedures, Guidelines and Immediate Actions Government )CERT.Gov.il( Academy )CERT.ac.il( Alerts Private Sector Financial Sector Critical Infrastructure Defense Procedures, Guidelines and Immediate Actions Transportation Government Public Sector Universities Telecomm Industries Insurance Colleges Defense Banking Military Offices Energy Watere-Gov SMBs ISPs
Our Legacy Our Routine Our VisionProtecting Participate in Serving as a liaisonGovernment Internet designing secured between the publicGateway and Servers systems and and cyber defense preventing malicious agencies and intents via advanced government bodies monitoring to protect our way of life in the information era. 20
Ministry of Finance –E-Government Division Thank you !