Embed Size (px)
Citation preview
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
e-GovernmentInformation Security
Jay GardenINFOSEC Assessments
Government Communications Security Bureau
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
Government Online Services• Treasury’s Crown Financial IS• Land Information NZ• FoRST• Health Intranet• irFile• … many more on the way
– information– transactions– voting / referendums
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
E-Government Initiatives
• SSC E-Government Unit• SENSITIVE and IN-CONFIDENCE• Secure Electronic Environment
(SEE)– SEE Mail (gateway-gateway secure
mail)– SEE Key (public key certificates)
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
SEE Overview
INTERNET
SSC
DPM&CTreasury
CertificateStoreCertification
Authority
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
SEE Key
• Public Key Infrastructure– authentication within Government– development of the framework, not
the Certification Authorities– much more that just cryptography– certificates for citizens ?
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
E-Government Initiatives
• SSC E-Government Unit• SENSITIVE and IN-CONFIDENCE• Secure Electronic Environment
(SEE)– SEE Mail (gateway-gateway secure
mail)– SEE Key (public key certificates)
• National Information Infrastructure
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
National Information Infrastructure
• Integrity & availability of critical systems– utilities: power, water, telecomms– emergency services– transport– finance– government
• Most components not controlled by Govt– Some are out of the country
• Coordination rather than control
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
E-Government Initiatives
www.e-government.govt.nz
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
INFOSEC Technologies
• Firewalls• Intrusion Detection• Vulnerability assessment• Authentication tokens, biometrics, single
sign-on, remote access• Public key - digital signatures and
encryption• Content filtering
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
Enigma• Combination of
– rotor selection, wiring and position
– plugboard configuration
• Rotor advances with each keystroke
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
Enigma• Combination of
– rotor selection, wiring and position– plugboard configuration
• Rotor advances with each keystroke
• 3 rotors - 3.28 x 10114 combinations
• ~1080 atoms in the visible universe !!
• 4 rotors - 2.33 x 10145 combinations
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
Breaking Enigma
• Overconfidence led to procedures not being followed– Weak and reused keys– known plaintext attacks
• Lessons equally applicable to current COMSEC and COMPUSEC mechanisms
G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U G O V E R N M E N T C O M M U N I C A T I O N S S E C U R I T Y B U R E A U
QUESTIONS?
www.gcsb.govt.nz
![4 Cyber Security Myths[Infosec Summary]](https://img.pdfslide.us/doc/110x75/55cf8ee4550346703b96bb33/4-cyber-security-mythsinfosec-summary.jpg)
