1. Information Sharing
A requirement for Cyber Defense
Shuky Peleg, CISA, CISSP
Head of Information Security, eGov
October 2012 | Ministry of Finance - eGovernment
2. What is eGov?
Providing citizens and businesses with better
access to government information.
eGov simplifies and shortens bureaucratic
processes, offers online services and implements
advanced government technologies in order to
benefit citizens and businesses.
3. Improving
Improving
Raising government’s service
image Saving
government for
money
production businesses
Better
New service for
online
citizens
services Increasing
efficiency
Reducing
bureaucracy
Vision Raising
productivity
and
Increasing
Goals
transparency
Managing
platform for 24/7 Providing
Technological
inter-ministries service better,
processes efficient
advancements
online
service
4. eGov
The Internet Frontier of the Israeli Government
eGov Services for Citizens and Businesses
Secure ISP/ASP/ESB/Connectivity providers for the
Ministries
IT & Cyber Security Service Providers for Ministries
Knowledge Center and coordination body for IT &
Cyber Security (CERT, SIEM, Threat and Malware
Research)
5. eGov
Number of employees : ~250, all technology experts.
The E-Government unit is built entirely from Hi-tech
professionals, employed by government tenders for
technology services.
Part of E-Government projects are carried out using
full outsourcing.
E-Government is regulated by NISA.
All e-Government employees have required level of
security clearance
6. eGov Topology
Government Offices
Government Network
e-Gov
Internet
Citizen Business Citizen Business
7. Personalization My Gov |
Smart ID
Doing Building Property or
MASLOL business
Business permits registration
Service Cellular |
Multi-channels Web
stations IVR
Social media |
Media and Shituf government Gov 2.0 |
Customer
transparency contact
data gov
service
Gov Servie eGov
Standards bus Gov X
report
Government Search MASE
information Gov.il kids
engine project
Online Payment Forms
services service service
Web hosting Information
ISP BCP/DRP
and Email security
7
1997/8 2000/1 2002/3 2004/5 2006 2007 2008 2009 2010 2011 2011/2
8. eGov Security Group
An inherent part of eGov core activity
A technology leader
A knowledge center and a public sector focal point for all ICT
security issues
Promoting Israeli Information Security technologies
9. Main Threats
Defacement of Government Sites
Bank of Israel - 2008
Denial of Service attacks
“Cast Lead” in Gaza - 2009
Theft/Corruption of Government Data
Corruption / disturbance to National Critical Infrastructure
Theft of services or money from the Government (E-
Commerce)
Identity fraud / theft (E-Forms, PKI Infrastructure)
Information Leakage
Using Government Infrastructure as enabler / facilitator of
Cyber conflict
Using Public Infrastructure as enabler / facilitator of Cyber
conflict
10. Main Protection Principles
Separation of duties
Segregation of Networks
Log Everything
Pass only what we can monitor
No remote administration
No single point of failure - “2 mistakes”
Secure Development Lifecycle
Identifying Cross-application and cross-domain
influences
11. Organizational Chart
Head of
Head of IT
Information Infrastructure
Security
Cyber, Information Operation Centre
Technology and
Methodology and Security Systems
Incident Response
Application
(Network and Hosting Services
Team Administration
Security Team Officer Security)
1st Level Security Platforms and Security
CERT and Analysis Pen. Testing Monitoring and Systems Implementation
response Hardening (AV, FW, Mail…)
2nd Level Monitoring
and Forensics
Security Research
12. Regulatory Environment
Industry
NISA Standards
Critical and
Infrastructure Government Regulations:
CIO ISO 27001,
PCI
Privacy
ILITA
National Cyber
Bureau
Self
National and Regulation
Internationals and Best
Laws and Practices…
Regulations
13. Cooperation efforts
Standards Industry Israeli and
institution Peers foreign CERT
of Israel organizations
National Cyber
Bureau
Israeli
Cyber Defense technology
Community companies
Government Peers
enterprises Universities and
research
intuitions
16. Creation of a Nation-Wide View
National CERT Procedures, Guidelines and
Immediate Actions
Government
)CERT.Gov.il(
Academy
)CERT.ac.il(
Alerts
Private Sector
Financial
Sector
Critical
Infrastructure
Defense
Procedures, Guidelines and
Immediate Actions
Transportation
Government
Public Sector
Universities
Telecomm
Industries
Insurance
Colleges
Defense
Banking
Military
Offices
Energy
Water
e-Gov
SMBs
ISPs
17. Our Legacy Our Routine Our Vision
Protecting Participate in Serving as a liaison
Government Internet designing secured between the public
Gateway and Servers systems and and cyber defense
preventing malicious agencies and
intents via advanced government bodies
monitoring to protect our way of
life in the
information era.
20