Information Sharing

A requirement for Cyber Defense

Shuky Peleg, CISA, CISSP

Head of Information Security, eGov

October 2012 | Ministry of Finance - eGovernment

What is eGov?

Providing citizens and businesses with better access to government information. eGov simplifies and shortens bureaucratic processes, offers online services and implements advanced government technologies in order to benefit citizens and businesses.

Managing platform for

inter-ministries processes

24/7 service

Providing better,

efficient online service

Better service for

citizens

Improving service

for businesses

Saving money

Increasing efficiency

Vision

and Goals

Reducing bureaucracy

New online

services

Technological advancements

Raising

government

production

Increasing

transparency

Raising productivity

Improving government’s

image

eGov

The Internet Frontier of the Israeli Government

eGov Services for Citizens and Businesses

Secure ISP/ASP/ESB/Connectivity providers for the Ministries

IT & Cyber Security Service Providers for Ministries

Knowledge Center and coordination body for IT & Cyber Security (CERT, SIEM, Threat and Malware Research)

eGov

Number of employees : ~250, all technology experts.

The E-Government unit is built entirely from Hi-tech professionals, employed by government tenders for technology services.

Part of E-Government projects are carried out using full outsourcing.

E-Government is regulated by NISA.

All e-Government employees have required level of security clearance

Government Network

Internet

e-Gov

Citizen Citizen Business Business

Government Offices

eGov Topology

2011/2 2010 2009 2008 2004/5 2002/3 2000/1 1997/8 2007 2006 2011 1997/8

ISP

Online services

Government information

Standards

Doing Business

Media and transparency

Personalization

Multi-channels

Information security

Payment service

Forms service

BCP/DRP

Gov.il Search engine

kids MASE project

Gov Servie bus

eGov report

Gov X

Customer service

My Gov |

Smart ID

Cellular | IVR

Gov 2.0 |

data gov

Social media | government

contact

Shituf

Service stations

MASLOL

Web

Web hosting

and Email

Building permits

Property or business

registration

7

eGov Security Group

An inherent part of eGov core activity

A technology leader A knowledge center and a public sector focal point for all ICT

security issues Promoting Israeli Information Security technologies

Defacement of Government Sites Bank of Israel - 2008

Denial of Service attacks “Cast Lead” in Gaza - 2009

Theft/Corruption of Government Data Corruption / disturbance to National Critical Infrastructure

Theft of services or money from the Government (E-Commerce)

Identity fraud / theft (E-Forms, PKI Infrastructure) Information Leakage Using Government Infrastructure as enabler / facilitator of

Cyber conflict Using Public Infrastructure as enabler / facilitator of Cyber

conflict

Main Threats

Main Protection Principles

Separation of duties

Segregation of Networks

Log Everything

Pass only what we can monitor

No remote administration

No single point of failure - “2 mistakes”

Secure Development Lifecycle

Identifying Cross-application and cross-domain influences

Organizational Chart

Head of

Information Security

Technology and Incident Response

Team

CERT and Analysis

2nd Level Monitoring and Forensics

Cyber, Methodology and

Application Security Team

Pen. Testing

Security Research

Information Security

Officer

Head of IT Infrastructure

Operation Centre (Network and

Security)

1st Level Security Monitoring and

response

Hosting Services

Platforms and Systems

Hardening

Systems Administration

Security Implementation (AV, FW, Mail…)

NISA

Critical

Infrastructure

Industry

Standards

and

Regulations:

ISO 27001, PCI

Privacy

ILITA

Self

Regulation and Best

Practices…

National Cyber Bureau

Regulatory Environment

Government CIO

National and

Internationals

Laws and Regulations

Standards

institution

of Israel

Industry Peers

Government

enterprises Universities and research intuitions

Israeli technology companies

Cooperation efforts

Israeli and

foreign CERT

organizations

Cyber Defense

Community Peers

National Cyber Bureau

Focus on the CERT Organization

Member in a Global CERT Org.

Creation of a Nation-Wide View

National CERT

Government (CERT.Gov.il)

e-Go

v

Go

vernm

ent

Offices

Pu

blic Secto

r

Academy (CERT.ac.il)

Un

iversities

Co

lleges

Private Sector

Telecom

m

ISPs

SMB

s

Financial Sector

Ban

king

Insu

rance

Critical Infrastructure

Energy

Water

Transp

ortatio

n

Defense

Military

Defen

se In

du

stries

Alerts

Procedures, Guidelines and Immediate Actions

Procedures, Guidelines and Immediate Actions

Our Legacy Protecting Government Internet Gateway and Servers

Our Routine Participate in designing secured systems and preventing malicious intents via advanced monitoring

Our Vision Serving as a liaison between the public and cyber defense agencies and government bodies to protect our way of life in the information era.

20

Thank you !

Ministry of Finance –E-Government Division