Information & Cyber Defense
Capabilities In Georgia
Tbilisi, 17 December 2015
Irakli Lomidze
Overview
Cyber & Information
Security In Georgia
Institution Organization In Georgia
Ministry of Justice
Data Exchange Agency
MoIA Cyber Crime
Division 24/7 International
Contact Point
Ministry of Defense
Cyber Security Bureau
State Security and Crisis
Management Council
been established in January 2014
Under the Direct Subordination of the Prime-Minister
has been established In December 2012 as a
Structural Unit of the Ministry of Internal Affairs
Cybercrime division is the only agency
that has Investigatory functions on all
types of Cyber Incidents;
established in 2014 Under Supervision of
Ministry of Defense of Georgia (MoD)
Public
Sector
+ SCIS
State
Secret
Military
Public
Sector
+ SCIS
State
Secret
Military
Public
Sector
+ SCIS
State
Secret
Military
Has been established in January 2010
Under Supervision on MoJ of Georgia
1) E-Government Development
2) Information Security Development.
3) CERT.GOV.GE Operate.
Legislation
Legislation
Cyber Security Strategy
for 2013–2015
National Security
Concept and Threat
Assessment Document
1. Information Security Law (2012)
2. Personal Data Protection ( 2012)
3. Cyber Crime Chapter on Crime Code. (U 2010)
4. Criminal Procedural Code (August 2014
Amendments)
5. List of Critical Informational Infrastructure
1. Budapest Convention on Cyber Crime All Major
IPR Conventions
2. Processing of Personal Data Conventions (1981)
• CERT.GOV.GE Computer emergency Response Team Charter
• Presidential Decrees Approval List of Critical Information System Subjects.
• Requirements of Information Security Officer working in Critical Information System Subjects.
• Order of Network Sensor Configuration.
• Order of Minimal Security Requirements for Critical Information System Subjects.
• Order of Asset Management Requirements for Critical Information System Subjects.
• Order of Information Security Audit Body Accreditation.
• Order of Information Security Audit Requirements in Critical Information System Subjects
• Order on Computer Emergency Response Team - Legal Entity under Public Law of Cyber Security Bureau
• Order on the Minimal Requirements for Information Security
• Order on the Rules for Information Asset Management.
CYBER SECURITY STRATEGY OF GEORGIA
Strategy for 3 year 2013-2015 with Action plan
Basic Principles – Cyber Security Strategy
• Whole-of-Government Approach.
• Public-private cooperation.
• Active international cooperation.
1. Research and analysis
2. New legislative framework
3. Institutional coordination for ensuring cyber security
4. Public awareness and education
5. International cooperation
Content of Strategy
Information Security Law
a legal entity or state agency whose uninterrupted operation of its information systems is
important for the defense and/or economic security of the state, as well as for normal
functioning of the state and/or society;
Law of Georgia on Information Security
Also: Critical information system subjects in the field of defense
Who is the Critical information system subject ?
Data Exchange AgencyServices/Activities
Data Exchange Agency
Information Security and Policy Division
Information Security policy development, implementation, monitoring, development.
CERT.GOV.GE (Computer Emergency Response Team)
Established In 2010 Under Supervision of Ministry of Justice Georgia
Information Security Team
Team Competence
Information Security Team
All Team Members are BSI Certified Professionals:
BSI/ISO 27001 (Information Security) LI/LA 5 Member of Team
BSI/ISO 22301 (Business Continuity) LI/LA 4 Member of Team
BSI/ISO 9001 (Quality Management) LA 5 Member of Team
ISO 31000 (Risk Management)
4 Member of Team
CGEIT (Certified in the Governance of Enterprise IT)
1 Member of Team
CISM (Certified Information Security Manager)
4 Member of Team
CISA (Certified Information System Auditor)
2 Member of Team
CRISC (Certified in Risk and Information Systems Control)
1 Member of Team
Information Security Services
ISO Management System Consulting Service
ISMS Implementation Service
Service Development Agency;
Public Registry of Georgia2 Organization
Review of Information Security Management documentation: Policy, Plans,
Audit report and etc.39 Organization
Certified Course in Management Systems
( Introduction, Implementation and Internal Audit in Information Security
Management Systems, Certification Exam).
More than 250
Professional
NATO SPS Project Trained Professionals from Moldova, Montenegro,
Azerbaijan, Ukraine, Mongolia
More than 100
Professional
Information Systems Audit Service
JSC Georgian State Electro system (GSE) 1 Organization
Consulting Services
Implementation of Management System
• Information Security ISO 27001
• Business Continuity ISO 22301
• Quality Management ISO 9001
Support on implementation of Legal requirements
• Awareness for Organization's Management
• ISMS Documentation Review
• Recommendation in every stage (Pre, Implementation, Post)
Consulting on establishment Risk management
Audit Services
Audit of Management Systems
• Information Security ISO 27001
• Business Continuity ISO 22301
• Quality Management ISO 9001
Audit of Information System
Training Course
Introduction on Information Security Management System
5 Day Course:
• Introduction on Information Security
Management System.
• Information Security Legislation Review.
• Information Security Standard ISO 27001
Review.
• Implementation of Information Security
Management System.
• Auditing of Information Security
Management System
• DEA Certification Exam
Course Language:
Georgian
English (Short Course)
Totally Up to 250 Georgian Professional
CERT.GOV.GE
We are the member of :
The Cyber security Executing Arm Of The UNITED NATIONS
SPECIALISED AGENCY of The International Telecommunication Union (ITU)
The Trusted Introducer - a.k.a. TI - is the trusted backbone
of the Security and Incident Response Team community in
Europe
FIRST is an international confederation of trusted computer
incident response teams who cooperatively handle computer
security incidents and promote incident prevention programs.
Obtaining the trademark “CERT” Officially.
CERT.GOV.GEEstablished in 2011
Partners:
CERT-EE
Team Competence
CERT.GOV.GE Team
All Team Members are SANS Certified Professionals:
Systems and Network Auditor (GSNA)
SANS GIAC Certified Professionals
Trained by Terena (TI)
CERT.GOV.GE (Computer Emergency Response Team)
Services and Activities
Monitoring Service
• IP Monitoring Services.
• Network Monitoring System
Proactive Services: (Free)
• Incident Handling Support and Consulting
• National Incident Database
• Detection of Infected Web Sites
• Safe DNS (Safe Internet)
• Check My IP Service
Special Services:
• Source Code Analyze Service.
• Malware Analyze Service.
• Vulnerability Annalise Service
Course in Cyber Security and Incident Handling
Special Activities & Awareness
• Cyber Security Forum
• Annual GITI Regional Conference
• Website (dea.gov.ge),
• Facebook (certgovge)
• Media Campaign (TV, Internet)
• Wall Calendar
Basic Incident Handling
NATO SPS Project Trained Professionals from Afghan, Macedonia, Montenegro, Moldova, Montenegro,
Azerbaijan, Ukraine
CERT.GOV.GE Services
Incident Handling
Contact: [email protected]
IP Monitoring Services
Information Provided Daily About Infected IP Addressee : > 25000 record per day
Check My IP Service:
www.dea.gov.ge
www.checknet.ge
CheckNET Service
Sensors Type 1 (Netflow )
Sensors Type 2 (Deep Packet Analyzes)
Network Monitoring Services
Website Intrusion Detection Services
We Monitor All .Gov.ge Web Sites and Top.ge 100 Sites
Connected 10 Governmental Organization
CERT.GOV.GE Services
Vulnerability Analyzes
Source Code Static Analyzes
Malware Analyze
Safe Internet
Awareness (Adverts, Calendar, Social Media, …)
HP Web Inspect
IBM App Scan Standard
Nesus Professional
Cuckoo SandBox
ShadowServer Malware Analyzation Service
Safe DNS Georgia:
Integrated with Collective Intelligence Framework.
Blocks malware domains and redirecting to warning page.
First DNSSEC Enabled Resolver In Georgia.
5.159.16.16; 5.159.20.20
Blacklist Service:
IP and Domain blacklist.
Different formats for different software.
Available for Organization's.
http://blacklists.cert.gov.ge
Trainings (Local, International)
Training Course
Basic Cyber Incident Handling
3 Day Course:
• CSIRT introduction
• Incident Handling
• Basic Malware Analysis
• Sysinternal Tools
• Forensics with Linux
• Forensics with Windows
• Linux Intrusion Detection
• Case Studies
Course Language:
Georgian
English (Short Course)
Totally Up to 50 Georgian Professional
Awareness
Awareness
Wall Calendar
TV Social Adverts
www.facebook.com/certgovge
Daily Updates, > 1500 Subscribers
Georgian Information Security Forum (Abuse Forum)
> 50 Active professionals from governmental and commercial
organizations
5 Annual meetings
Started formalization Process
Security Events
CYBER-EXE GEORGIA 2014
16 Organization (Commercial and government Sector)
Red Team• CERT-GOV-GE
• COMCERT.pl
Blue Team• Education Management Information System
• National Public Registry
• Ministry of Labour Health and Social Affairs of Georgia
• MagtiCom
• Bank of Georgia
• Georgian Research and Educational Network Association Grena
• Ministry of Internal Affairs
• National Bank of Georgia
• Cyber Security Bureau
• Smart Logic
• state chancelary
• Geocell
• VTB Bank
• Ministry of Finance of Georgia
• Public Service Development Agency
• Free University of Tbilisi
CYBER-EXE GEORGIA 2015
19 Organization (Commercial and government Sector)
Red Team• CERT-GOV-GE
• COMCERT.pl
19 Blue Team• Education Management Information System
• Public Registry
• Ministry of Labour Health and Social Affairs of Georgia
• MagtiCom
• Bank of Georgia
• Georgian Research and Educational Network Association Grena
• Ministry of Internal Affairs
• Ministry of Defence
• Cyber Security Bureau
• Smart Logic
• Ministry of Finance of Georgia
• Public Service Development Agency
• TBC Bank
• Liberty Bank
• UGT
• Georgian Railway
• Delta Com
2014 FIRST Regional Symposium
Tbilisi, Georgia October 14-16, 2014
GITI 2011-2015
8th Regional Conference GITI 2015 (>400 Delegates)
Already 5 year we have dedicated Cyber Security Day
Regional Activities
Regional Cooperation
Moldova CERT
We Support them in various activities
Azerbaijan
Sponsor them became Trusted Introducer List member,
Support To FIRTS Membership
Turkey
Joined Training for developing countries
Poland
Sponsor COMcert.pl became Trusted Introducer List member
Contribution in NATO SPS Trainings
• Afghanistan
• Moldova
• Macedonia
• Montenegro
• Azerbaijan
• Ukraine
• -> Mongolia
Cyber Defense Training for IT Professionals
Totally Up to 150 Professional
2-3 Day Cyber and Information Security Sessions:
Q/A
Thank you for your attention
Contact Information for Data Exchange Agency:Phone: +995 (32) 2 91 51 40
E-mail: [email protected]; [email protected]
Web: www.dea.gov.ge