Fulufhelo Nelwamondo &Erick Dube

eGoverment in the information warfare era

Date: 22 October 2013

Overview

E-Government definition and current services in South Africa

Examples of where they where compromised

What needs to be done to address e-government security challenges

E-Government Services

Definitions of e-Government

E-Government is the use of information technologies by government agencies that have the ability to transform relations with citizens, businesses, and other arms of government.

These technologies can serve a variety of different ends: better delivery of government services to citizens, improved interactions with business and industry, citizen empowerment through access to information more efficient government many services can be served by one point Round-the-Clock services Rural area coverage: Services can be delivered by other agencies, not

only government units

E-Government Services The resulting benefits can be:

increased transparency, greater convenience, less corruption, cost reductions.

Existing Relationships in e-Government for South Africa

Activities and Actors

Government to Citizen (G2C2G) – provide information, services, and other functionality to citizens and receive input and feedback from citizens.

Government to Business (B2G2B) – those that

facilitate any of the range of relationships and interactions between government and businesses.

Government to Government (G2G2G) – projects or

systems that support information sharing and collaboration within or between government agencies

Government to Visitors/Foreigners (F2G2F) –

information, advice, and services for individuals and businesses planning to invest, visit, work, study, and live in the country.

e-Government in South Africa SARS eFiling eNaTIS DHA Verification of marital status, tracking applications of ID/Passports Government forms that are available online Telephone Interpreting Services for South Africa (TISSA) The Makuleke Farmers’ Project Government Contact Details Tenders advertisement Child Online Protection (COP) SchoolNet SA e-Health Vacancies Circular Portal The National Portal initiative (Thutong) Batho Pele Portal KHANYA

e-Government in South Africa

E-Gov ServicesDomain “.gov.za”

Attacks

Attacks

VulnerabilitiesC: ConfidentialityI: IntegrityA: Availability

Threats trend …

Maturity

Visibility

Trough ofIrrelevance

Slope ofEnlightenment

Plateau ofPermanent Annoyance

TechnologyTrigger

Peak of Inflated

Hyperbole

“Phishing”

Spyware

Wireless

and Mobile Device Attacks

Peer-to-Peer Exploits

War Chalking

Cyberterrorism Viruses

Identity Theft

Hybrid Worms

DNS Attacks

Denial of Service

Social Engineering

Xeno-Threats

Zero-Day Threats

Spam

As of August 2013

Cyberthreat Hype Cycle

Information Security Hype Cycle

Less than two years

Two to five years

Five to 10 years

More than 10 years

Obsolete before Plateau

Key: Time to Plateau

Technology Trigger

Peak of Inflated Expectations

Trough of Disillusionment

Slope of Enlightenment

Plateau of Productivity

Maturity

Visibility

Acronym KeyVPN virtual private networkWPA Wi-Fi Protected Access

All-in-One Security Appliances

Biometrics

Compliance Tools

Data-at-Rest Encryption Appliances

Deep Packet Inspection Firewalls

Digital Rights Management (enterprise)

Federated Identity

Identity Management

Instant Messaging Security

Intrusion Detection Systems

Managed Security Service Providers

Patch Management

Personal Intrusion Prevention

Public Key Operations/ Soft Tokens

Reduced Sign-On

Scan and Block

Secure Sockets Layer VPNs

Secure Sockets Layer/Trusted Link Security

Security Platforms

Security Smart Cards

Spam Filtering

Trusted Computing Group

Vulnerability Management

Web Services Security Standards

WPA Security

Hardware Tokens

What needs to be done

Main Research DriversIdentity verification challenges in South Africa

o Identity fraudo Residents without identity documents

Strategic independence for SA, through:o Building homegrown systemso Understanding the core technologies and limitationso Smart consumers of foreign technologies

Unique (South African) challenges o Plug-and-play solutions do not always work

Local industry supporto Little R&D performed

Information Security Approach to enable e-Government

Identity

Hacking

Intrusion Data

Retention

Cyber Crime

&

Terrorism

Privacy & Data Retention

Network

&

Info. Security

Prevent

Protect

Prosecute

Prevention and Protection

A Position on Security

E-Government should be a security-centered system Security cannot be designed as an afterthought

o Functionality is important, but security takes priority Security of the service provision ecosystem to be

considered at:o Business level

Secure business processes Non-repudiation of transactions, etc

o Information systems Systems integration with secure interfacing Application security

o Technology systems Data access matrix Interoperability Systems integrity and trust

__© CSIR 2009 www.csir.co.za

Prosecution

__© CSIR 2009 www.csir.co.za

Practical Threat View

Enabling prosecution:Description for terms

E Evidence

BI Background Information

Hp Prosecution hypothesis

Hd Defence hypothesis

LR Likelihood Ratio ( evidential value)

P(E|Hp, BI) Similarity factor

P(E| Hd, BI) Typicality factor

The objective to assign evidential value in the form of LR

Evaluation of Evidence for prosecution

•

Posterior probability ratio Likelihood ratio Prior probability ratio

Forensic evaluator

Evaluation of Evidence for prosecutionTest trace

Evaluation of Evidence

PROSECU

TION

COURT

DEFEN

CE

EVIDEN

CE

Concluding Remarks: What interventions are needed

Incidents could be much more serous if we don’t have a response plan

Digital access control is as important as its physical access counterpart

There is a need to have a central body with authority to alert people of possible cyber threats

Legislation should support computer forensic investigations

Conclusions

There is need for a Monitoring capability (Critical Security Dashboard) that provides a security barometer using a combination of configuration controls and monitoring tools that reflect the organizational security status quo and the existing mitigation levels.

There is need to establish a body of skills required to adequately implement the national cybersecurity framework

The RD&I framework that enhances the expertise base in technology development and localization that makes possible for organs of state and government departments to achieve strategic independence.