fulufhelo nelwamondo & erick dube egoverment in the information warfare era date: 22 october...
Post on 26-Dec-2015
214 Views
Preview:
TRANSCRIPT
Overview
E-Government definition and current services in South Africa
Examples of where they where compromised
What needs to be done to address e-government security challenges
E-Government Services
Definitions of e-Government
E-Government is the use of information technologies by government agencies that have the ability to transform relations with citizens, businesses, and other arms of government.
These technologies can serve a variety of different ends: better delivery of government services to citizens, improved interactions with business and industry, citizen empowerment through access to information more efficient government many services can be served by one point Round-the-Clock services Rural area coverage: Services can be delivered by other agencies, not
only government units
E-Government Services The resulting benefits can be:
increased transparency, greater convenience, less corruption, cost reductions.
Existing Relationships in e-Government for South Africa
Activities and Actors
Government to Citizen (G2C2G) – provide information, services, and other functionality to citizens and receive input and feedback from citizens.
Government to Business (B2G2B) – those that
facilitate any of the range of relationships and interactions between government and businesses.
Government to Government (G2G2G) – projects or
systems that support information sharing and collaboration within or between government agencies
Government to Visitors/Foreigners (F2G2F) –
information, advice, and services for individuals and businesses planning to invest, visit, work, study, and live in the country.
e-Government in South Africa SARS eFiling eNaTIS DHA Verification of marital status, tracking applications of ID/Passports Government forms that are available online Telephone Interpreting Services for South Africa (TISSA) The Makuleke Farmers’ Project Government Contact Details Tenders advertisement Child Online Protection (COP) SchoolNet SA e-Health Vacancies Circular Portal The National Portal initiative (Thutong) Batho Pele Portal KHANYA
e-Government in South Africa
E-Gov ServicesDomain “.gov.za”
Attacks
Attacks
VulnerabilitiesC: ConfidentialityI: IntegrityA: Availability
Maturity
Visibility
Trough ofIrrelevance
Slope ofEnlightenment
Plateau ofPermanent Annoyance
TechnologyTrigger
Peak of Inflated
Hyperbole
“Phishing”
Spyware
Wireless
and Mobile Device Attacks
Peer-to-Peer Exploits
War Chalking
Cyberterrorism Viruses
Identity Theft
Hybrid Worms
DNS Attacks
Denial of Service
Social Engineering
Xeno-Threats
Zero-Day Threats
Spam
As of August 2013
Cyberthreat Hype Cycle
Information Security Hype Cycle
Less than two years
Two to five years
Five to 10 years
More than 10 years
Obsolete before Plateau
Key: Time to Plateau
Technology Trigger
Peak of Inflated Expectations
Trough of Disillusionment
Slope of Enlightenment
Plateau of Productivity
Maturity
Visibility
Acronym KeyVPN virtual private networkWPA Wi-Fi Protected Access
All-in-One Security Appliances
Biometrics
Compliance Tools
Data-at-Rest Encryption Appliances
Deep Packet Inspection Firewalls
Digital Rights Management (enterprise)
Federated Identity
Identity Management
Instant Messaging Security
Intrusion Detection Systems
Managed Security Service Providers
Patch Management
Personal Intrusion Prevention
Public Key Operations/ Soft Tokens
Reduced Sign-On
Scan and Block
Secure Sockets Layer VPNs
Secure Sockets Layer/Trusted Link Security
Security Platforms
Security Smart Cards
Spam Filtering
Trusted Computing Group
Vulnerability Management
Web Services Security Standards
WPA Security
Hardware Tokens
Main Research DriversIdentity verification challenges in South Africa
o Identity fraudo Residents without identity documents
Strategic independence for SA, through:o Building homegrown systemso Understanding the core technologies and limitationso Smart consumers of foreign technologies
Unique (South African) challenges o Plug-and-play solutions do not always work
Local industry supporto Little R&D performed
Information Security Approach to enable e-Government
Identity
Hacking
Intrusion Data
Retention
Cyber Crime
&
Terrorism
Privacy & Data Retention
Network
&
Info. Security
Prevent
Protect
Prosecute
A Position on Security
E-Government should be a security-centered system Security cannot be designed as an afterthought
o Functionality is important, but security takes priority Security of the service provision ecosystem to be
considered at:o Business level
Secure business processes Non-repudiation of transactions, etc
o Information systems Systems integration with secure interfacing Application security
o Technology systems Data access matrix Interoperability Systems integrity and trust
Enabling prosecution:Description for terms
E Evidence
BI Background Information
Hp Prosecution hypothesis
Hd Defence hypothesis
LR Likelihood Ratio ( evidential value)
P(E|Hp, BI) Similarity factor
P(E| Hd, BI) Typicality factor
The objective to assign evidential value in the form of LR
Evaluation of Evidence for prosecution
•
Posterior probability ratio Likelihood ratio Prior probability ratio
Forensic evaluator
Concluding Remarks: What interventions are needed
Incidents could be much more serous if we don’t have a response plan
Digital access control is as important as its physical access counterpart
There is a need to have a central body with authority to alert people of possible cyber threats
Legislation should support computer forensic investigations
Conclusions
There is need for a Monitoring capability (Critical Security Dashboard) that provides a security barometer using a combination of configuration controls and monitoring tools that reflect the organizational security status quo and the existing mitigation levels.
There is need to establish a body of skills required to adequately implement the national cybersecurity framework
The RD&I framework that enhances the expertise base in technology development and localization that makes possible for organs of state and government departments to achieve strategic independence.
top related