Information and Cyber Security In Georgia

Information & Cyber Security In Georgia

Irakli Lomidze

Tbilisi December 2014

Institution Organization

Institution Organization In Georgia

Minister of Justice

Data Exchange Agency

MoIA Cyber Crime

Division 24/7 International

Contact Point

Minister of Defense

Cyber Security Bureau

State Security and Crisis

Management Council

been established in January 2014

Under the Direct Subordination of the Prime-Minister

has been established In December 2012 as a

Structural Unit of the Ministry of Internal Affairs

Cybercrime division is the only agency

that has Investigatory functions on all

types of Cyber Incidents;

established in 2014 Under Supervision of

Ministry of Defense of Georgia (MoD)

Cybercrime division is the only

agency that has Investigatory

functions on all types of Cyber

Incidents;

Public

Sector

+ SCIS

State

Secret

Military

Public

Sector

+ SCIS

State

Secret

Military

Public

Sector

+ SCIS

State

Secret

Military

Has been established in January 2010

Under Supervision on MoJ of Georgia

1) E-Government Development

2) Information Security Development.

3) CERT.GOV.GE Operate.

Data Exchange Agency Agency has been established in January 2010

Under Supervision on Ministry of Justice of Georgia

E-Government Development

Information Security development, implementation, monitoring, development.

CERT.GOV.GE (Computer Emergency Response Team) Creation and Operate.

Public Sector +

Subject of Critical

Infrastructure

Systems

State Secret

Military

Legislation

Cyber Security Strategy

for 2013–2015 National Security Strategy Other Strategic Documents

1. Information Security Law (2012)

2. Personal Data Protection (2012)

3. Cyber Crime Chapter on Crime Code. (U 2010)

4. Criminal Procedural Code (August 2014

Amendments)

1. Budapest Convention on Cyber Crime All Major

IPR Conventions

2. Processing of Personal Data Conventions (1981)

• CERT.GOV.GE Computer emergency Response Team Charter

• Presidential Decrees Approval List of Critical Information System Subjects.

• Requirements of Information Security Officer working in Critical Information System Subjects.

• Order of Network Sensor Configuration.

• Order of Minimal Security Requirements for Critical Information System Subjects.

• Order of Asset Management Requirements for Critical Information System Subjects.

• Order of Information Security Audit Body Accreditation.

• Order of Information Security Audit Requirements in Critical Information System Subjects

• Order on Computer Emergency Response Team - Legal Entity under Public Law of Cyber Security Bureau

• Order on the Minimal Requirements for Information Security

• Order on the Rules for Information Asset Management.

Who is Critical information system subject ?

a legal entity or state agency whose uninterrupted operation of its information systems is

important for the defense and/or economic security of the state, as well as for normal

functioning of the state and/or society;

Law of Georgia on Information Security

Also: Critical information system subjects in the field of defense

Data Exchange Agency Services/Activities

Data Exchange Agency

Information Security policy development, implementation, monitoring, development.

CERT.GOV.GE (Computer Emergency Response Team)

Established In 2010 Under Supervision of Ministry of Justice Georgia

Information Security & Policy Division

Information Security

Team

CERT.GOV.GE

Team

All Team Members are

BSI Certified Professionals:

BSI/ISO 27001 (Information Security) LI/LA

BSI/ISO 22301 (Business Continuity) LI/LA

BSI/ISO 9001 (Quality Management) LA

ISO 31000 (Risk Management)

4 Member of the team are:

CISM (Certified Information Security Manager)

All CERT Team members are SANS

Certified Professionals:

SANS GIAC Certified Professionals

2 Member of the team are:

CISA (Certified Information System Auditor)

Information Security

Management Services Consulting Service

ISMS Implementation Service

Current Projects: Service Development Agency; Public Registry of Georgia

Review of Information Security documentation: Policy, Plans, Audit report and etc.39

Certified Course in Management Systems

( Introduction, Implementation and Internal Audit in Information Security Management

Systems, Certification Exam). 135

NATO SPS Project Trained Professionals from Afghanistan, Moldova, Montenegro,

Macedonia and Azerbaijan

90

Information Systems Audit Service

CERT.GOV.GE

CERT.GOV.GE Established in 2011

The Cyber security Executing Arm Of The UNITED NATIONS

SPECIALISED AGENCY of The International Telecommunication Union (ITU)

The Trusted Introducer - a.k.a. TI - is the trusted

backbone of the Security and Incident Response

Team community in Europe

FIRST is an international confederation of trusted

computer incident response teams who cooperatively

handle computer security incidents and promote

incident prevention programs.

Obtaining the trademark “CERT” Officially.

CERT.GOV.GE Established in 2011

Partners:

CERT-EE

CERT.GOV.GE (Computer Emergency Response Team)

Services and Activities

Monitoring Service

• IP Monitoring Services.

• Network Monitoring System

Proactive Services: (Free)

• Incident Handling Support and Consulting

• National Incident Database

• Detection of Infected Web Sites

• Safe DNS (Safe Internet)

• Check My IP Service

Special Services:

• Source and Binary Code Analyze Service.

• Malware Analyze Service.

• Vulnerability Annalise Service

Course in Cyber Security and Incident Handling

Special Activities & Awareness

• Cyber Security Forum

• Annual GITI Regional Conference

• Website (dea.gov.ge),

• Facebook (certgovge)

• Media Campaign (TV, Internet)

• Wall Calendar

Basic Incident Handling 120

NATO SPS Project Trained Professionals from Afghan, Macedonia, Moldova and Montenegro 90

IP Monitoring System

Information Provided Daily About Infected IP Addressee:

10 000 IP Addresses

20 000 IP Addresses 500 IP Addresses

1 500 IP Addresses

100 IP Addresses 15-20 Phishings

25-30 Deface Web-Sites

15-20 Malware Sites

More Then 12 000 000 Record in Database

Check My IP Service:

• DEA.GOV.GE

• MY.GOV.GE

Network Monitoring System

NetFlow Sensors (NfDump & NfSen)

Analyze NetFlow Data In Real Time:

Detects:

• SSH Brute Force Attacks.

• Botnets.

• dDoS Attacks.

Connected 11 Governmental Organization

Fully Transparent

Normative Act: Order of Network Sensor Configuration

Safe Internet

Safe DNS Georgia

Integrated with Collective Intelligence Framework.

Blocks malware domains and redirecting to warning

page.

First DNSSEC Enabled Resolver In Georgia.

Blacklist Service

IP and Domain blacklist.

Different formats for different software.

Available for Organization's.

Trainings

Turkey With University METU SPS Program

• Afghanistan

• Macedonia

• Montenegro

• Moldova

• Azerbaijan

Totally Up to 90 Professional

Training Course Cyber Security, Incident Handling, Information Security

Management Systems

Trainings in Georgia Totally Up to 120 Professional

Regional Cooperation

Moldova CERT

We Support them in various activities

Azerbaijan

Sponsor them became Trusted Introducer List member

Turkey

Joined Training for developing countries

Awareness

Wall Calendar

TV Social Adverts

Cyber Events in Georgia

September 2014

Cyber Security Exercises read and blue teams

For Governmental and Commercial

organizations.

October 2014

FIRST Symposia, Tbilisi

Symposia are regional themed events that are

run by FIRST or co-hosted with a local team(s)

and sponsors.

November 2014

Companies and Agencies presenting ICT

Innovations and sharing experiences.

Dedicated Cyber Security Day.

Q/A

Thank you for your attention

Contact Information Phone: +995 (32) 2 91 51 40

E-mail: info@dea.gov.ge; ilomidze@dea.gov.ge

Web: www.dea.gov.ge