You are on page 1of 255

[ National Information Security Policy Course ]

Azerbaijan
| Laman Huseynzade
THE REPUBLIC OF
AZERBAIJAN

CYBER SECURITY SERVICE UNDER THE MINISTRY OF


TRANSPORT, COMMUNICATIONS AND HIGH TECHNOLOGIES
DEPARTMENT OF INTERNATIONAL RELATIONS AND COOPERATION
LAMAN HUSEYNZADE

INFORMATION SECURITY POLICY COURSE


27 OCTOBER-2 NOVEMBER 2018
INFORMATION SECURITY STATUS OF AZERBAIJAN

CYBER SECURITY SERVICE UNDER THE MINISTRY OF TRANSPORT,


COMMUNICATIONS AND HIGH TECHNOLOGIES

SPECIAL STATE PROTECTION SERVICE


SPECIAL COMMUNICATION AND INFORMATION SECURITY STATE
AGENCY
COMPUTER EMERGENCY RESPONSE TEAM

AZERBAIJAN NATIONAL ACADEMY OF SCIENCES


COMPUTER SECURITY INCIDENT RESPONSE TEAM
INFORMATION SECURITY STATUS OF AZERBAIJAN

✓Capacity to detect and respond to cyber incidents 24/7


✓Capacity to fight against cyber crimes
✓Capacity to conduct military cyber defence operations
✓Capacity to protect critical information infrastructure
CYBER SECURITY SERVICE UNDER THE MINISTRY OF TRANSPORT,
COMMUNICATIONS AND HIGH TECHNOLOGIES

Established:
On the 26th september of 2012 the decree was signed by President of th
e Republic of Azerbaijan

Mission:
➢Coordination of information security authorities
➢Awareness and education of people and private sector
➢Incident handling
➢Prevention of cyber attacks
➢Eliminate results of cyber attacks
➢Monitoring internet traffic of country
➢Analyzing cyber threats
➢Providing services in the field of information security and
personal data protection
CYBERSECURITY STRATEGY
PROJECT CONTENT
1. INTRODUCTION
2. DEFINITIONS
3. AIMS AND PRINCIPLES
4. THREATS AGAINST NATIONAL CYBERSPACE
5. MAIN ACTIVITIES
5.1. Improving legal and organizational fundamentals of cyber security
5.2. Increasing cyber security of critical infrastructures
5.3. Fight against cybercrime
5.4. Conducting scientific researches and staff training
5.5. Increasing the culture of information security
5.6. Cooperation on cyber security
PROJECT SCHEDULE
1. ESTABLISHING OF WORKING GROUP (representatives from different
ministries) – APRIL 2018
1. PREPERATION OF DRAFT VERSION OF STRATEGY –MAY-AUGUST 2018
2. CONCORDANCE WITH GOVERNMENT ORGANIZATIONS – SEPTEMBER 2018
3. ASSES PROPOSALS OF GOVERNMENT ORGANIZATIONS – OCTOBER 2018
4. APPROVAL OF THE STRATEGY BY PRESIDENT – EXPECTED NOVEMBER 2018
5. PREPARING ACTION PLAN REGARDING TO THE STRATEGY – 3 MONTHS AFTER
APPROVAL

REQUIREMENTS
1. Identifying critical infrastructure
2. Improving legal acts based on international experience
3. Increasing staff training
4. Cooperation with different countries and international organizations in the field of
cyber security
GOALS AND CHALLENGES IN THE FIELD OF
INFORMATION SECURITY
1. APPROVING OF CYBERSECURITY STRATEGY
2. APPROVING OF ACTION PLAN REGARDING TO THE CYBER
SECURITY STRATEGY
3. IMPROVING LEGAL ACTS IN THE FIELD OF INFORMATION
SECURITY, AS WELL AS DATA PROTECTION
4. STRENGTHENING THE FIGHT AGAINST CYBERCRIME
5. PREPARATION OF HIGHLY QUALIFIED SPECIALISTS IN THE FIELD
OF INFORMATION SECURITY
6. STRENGTHENING CYBER SECURITY OF CRITICAL INFORMATION
INFRASTRUCTURES
COOPERATION BETWEEN AZERBAIJAN AND
KOREA
✓ System of the Electronic Government Training Center has been implemented b
y the grant of the government of the Republic of Korea.
✓ Experts regularly participate trainings and courses held by KISA and KOICA.
✓ We have presented some projects to KOICA in the field of information security.
✓ Our expert studied master education sponsored by KOICA.
✓ CYBER SECURITY SERVICE is a member of CAMP (The Cyber security Alliance fo
r Mutual Progress ) since 2016.
[ National Information Security Policy Course ]

Cambodia
| Ratha Nuth
Cambodia ICT and Cybersecurity
Mr. Nuth Ratha,
ICT Security Department
General ICT Department
Ministry of Posts and Telecommunications, Cambodia

National Information Security Policy Course


29 Oct – 02 Nov 2018 11
1. About Cambodia

Temple

12
1. About Cambodia
Phnom Penh
Capital City

13
1. About Cambodia

SEA & Beach


14
2. Cambodia’s Telecom in Brief
Mobile Operators: 6
(3 share more than 90% of the market)
Fixed operators: 7
ISP: 33

Land Fiber Optical Network: 37, 800 Km


Viettel Cambodia: 17, 200 Km
CFONC: 19,000 Km
Telecom Cambodia: 1,600 Km

Sub-Marine Cable Projects (Ongoing):


Telcotech : MCT
CFONC : AAE-1

15
2. Cambodia’s Telecom in Brief

2G Mobile Network Coverage


➢Population Coverage: 99.0%
➢Geographical Coverage: 73.7%

3G Mobile Network Coverage


➢Population Coverage: 65.8%
➢Geographical Coverage: 29.5%

4G-LTE Mobile Network Coverage


➢Population Coverage: 57.5%
➢ Geographical Coverage: 12.7%

16
2. Cambodia’s Telecom in Brief
Fiber Optic Cable Infrastructure

Company Length Optic Cable

Viettel (Cambodia) 8,300 km


CFOCN 17,200 km
Telecom Cambodia 1,600 km
Total 27,100 km

17
2. Domain Registration

.org.kh .net.kh .per.kh .mil.kh .kh


.edu.kh 8.27% 1.05% 0.08% 0.20% 0.04%
.gov.kh 5.93%
6.55%

.com.kh
77.88%

18
3. About MPTC

19
3. Capacity
Capacity Development
Development onCambodia
on Cybersecurity in Cybersecurity
in Cambodia
OBJECTIVE

The overall project objective is to reinforce the function of concerned


division/organization such as CamCERT under Department of ICT Security
by installing the security devices for protecting the ICT assets of specific
government agency toward establishment of the Security Operation
Center (SOC) in near future.

OUTPUT

Output 1: Organizational and policy Improvement


Improve the organizational structure, policies, guideline to treat cyber incidents.

Output2: Awareness rising for cyber incidents


Improve awareness of governmental officials on cyberattack and develop function to
monitor such cyberattack.
3. Capacity
Capacity DevelopmentDevelopment
on Cybersecurity inon Cybersecurity
Cambodia (TO-BE)
in Cambodia (TO-BE)
OBJECTIVE

The overall project objective is to reinforce the function of concerned


division/organization such as CamCERT under Department of ICT Security
by installing the security devices for protecting the ICT assets of specific
government agency toward establishment of the Security Operation
Center (SOC) in near future.

OUTPUT

Output 1: Organizational and policy Improvement


Improve the organizational structure, policies, guideline to treat cyber incidents.

Output2: Awareness rising for cyber incidents


Improve awareness of governmental officials on cyberattack and develop function to
monitor such cyberattack.
3. Capacity
Capacity DevelopmentDevelopment
on Cybersecurity inon Cybersecurity
Cambodia (TO-BE)
in Cambodia (TO-BE)
OUTPUT 1

• Formulation of baseline standard and rule on the use of web application.


• Definition of critical infrastructure.
• Assignment of Point of Contact (POC) and share incidents to international
organization through such POC
• Definition of duties of demarcation of CSOs and CIOs

OUTPUT 2

• Trainings to improve incidents detection and analysis of capacity of CSOs of


Ministries.
• Development of curriculum for the training on the incidents detection and analysis.
• Formulation of program to improve cyber security literacy.
• Holding workshop for cybersecurity awareness rising for governmental agencies by
initiative by MPTC
3. Capacity
Capacity DevelopmentDevelopment
on Cybersecurity inon Cybersecurity
Cambodia (TO-BE)
in Cambodia (TO-BE)
EQUIPMENT

• IDS/IPS
• WAF
• Network Analyzing Tool
• Vulnerability assessment tool (for Web Application)
• SIEM (Security Information and Event Management) tool

IMPLEMENTATION SCHEDULE

APRIL 2019 ~ APRIL 2020

WE ARE LOOKING FOR FINANCIAL FUNDING SUPPORT FOR THIS


PROJECT
5. CHALLENGES

Challenges

• Cooperation with ISP


• Monitoring and preventing cyber attack
• No incident report from local

Issue

• Absent of law and regulation regarding cybersecurity


• Lack of expert
• Lack cybersecurity personnel
6. Cambodia-Korea Cooperation on ICT

• GAIS Project
• PAIS Project
• Cambodia ICT Masterplan 2020
• Consultation on Information Security Policy in Cambodia
• Feasibility Study on Digital Signature in Cambodia
Thank You

26
[ National Information Security Technical Course ]

Colombia
| Arnol Garavito
COLOMBIA
Boyacá Department
Government
ICT Direction
ARNOL FILYP GARAVITO OCHOA
1ST General Introduction of the Country
2nd ICT Status of the Country

Deficit of IT professionals
58.000 New Students
2014 IT Careers to 2018
93.431

2018
35.504

100%
EMPLOYMENT
Redeemable
ICT INDUSTRY Credits

Promotional
campaigns in IT
Careers

3.000 Young rural


entrepreneurs using ICT IT talent
for business training.
3rd Current ICT Issue of your Country

Currently the Departmental Government is


working on implementing the following tech
nology:

MiPymes formal with WEB and / o


r mobile presence

1.115 municipalities with 4G MiPymes that make transactions thr


cellular technology in 2018 ough
Electronic Commerce
4th Introduction of your organization

Health Secretary​

Secretary of Agricultural
Development
Carlos Andres Amaya ​

​Planning secretary
Governor

Secretary of Culture and


Tourism

Secretary of Education
1500 employees in Boyacá

Productivity Secretary
and ITC
5th Self Introduction (About Me)

I'm Arnol Filyp Garavito Ochoa, I'm husband and father of two magi
cal princesses, I'm a Electronic Engineer
and course master in management TIC, I'm currently
working in the Governorate of Boyacá, implementing different tech
nologies and promoting projects.
I consider myself a
very calm person, dreame, shy and responsible but
very cheerful. I like to work in the ICT area because
from there we can improve the quality of services to citizens and cr
eate developments for or nation.

Of the most recent things carried out, there are differen


t security projects supported by the Governorate of Boy
acá, with which security below free code equipment, n
etwork LAN intrusion detection system, among others i I believe that technology is th
n process. e way for the development of
a society
economically.
6th General Introduction of the DEPARTNMENT
¡THANK YOU!
[ National Information Security Technical Course ]

Costa Rica
| Elder Briceno
Cibersecurity in Costa Rica
Elder Briceño Mendoza
Cybersecurity Analyst
Cybersecurity Incident Response Team
Ministry of Science, Technology and Telecommunications

29/11/2018
Cibersecurity policy and government
coordination in Costa Rica
• Cybersecurity Incident Response Team (CSIRT-CR)
– Created by decree in 2012, established in 2017.
– Government CSIRT and internal department in MICITT.
– SPOC for internal/external cybersecurity stakeholders.

• National Cybersecurity Strategy


– Developed with OAS support, published in 2017.
– Strengthen and articulate national cybersecurity.
Cybersecurity Initiatives and Challenges

• Strategical roadmap:
– Awareness raising
– Completing the legal framework
– Training current/potential CSIRT-CR employees
– Partnering with internal/external stakeholders
– National Cybersecurity Strategy implementation
Specific Initiative

• Developing the National Cybersecurity


Incident Response Protocol v1.0
– To establish a standardized CSIRT-CR service
handling.
– To comply with National Telecommunications
Development Plan (PNDT).
– To implement worldwide CSIRT best practices.
Thank you for your attention
CSIRT-CR <csirt@micitt.go.cr>
[ National Information Security Technical Course ]

Djibouti
| Liban Houssein Ali
DJIBOUTI

DSSI
LIBAN HOUSSEIN
29/10 – 02/11
Information Security Technical Course
Republic Of DJIBOUTI
Djibouti is a country located in the horn of
Africa
▪ Capital: Djibouti
▪ Religion Muslim
▪ Population: Almost a Million
▪ Area: 23 200 km
▪ Language: French and Arabic
▪ Presence of Military Bases: USA, France, Japan, China
Who is ANSIE
ANSIE (National Agency of Information Systems) was created in 2016 and
is attached to the Presidency of the Republic

The Agency has many goals for 3 entities:

- For Administration:
❖ Modernization of the functioning of the administrations through the use of the new
Information and Communication Technologies (ICT)
❖ Allow a faster exchange of information between the administration and citizens
❖ Increased transparency on the part of the administration and a reduction in the
running costs of the administration
❖ Apply a vast program of dematerialization

- For Citizen:
❖ Make the administration more accessible to the citizen and facilitate his efforts
❖ Develops powerful and safe tools, to simplify the lives of Djibouti citizens, whether
health, civil status or taxation
Who is ANSIE
- For Enterprise:
❖ Supports companies in their administrative procedures by providing them with tools
to facilitate their exchanges and the transmission of documents with the
administration

ANSIE is administered by a Board of Directors that is the organ of


deliberation, follow-up and control of the actions of the Agency, with
regard to the orientations defined in the national strategy of e-
government.

ANSIE is composed of 4 departments:

▪ Administrative, Financial and Legal department


▪ Network Infrastructure and Systems department
▪ Studies and Planning Department
▪ Security Information Systems department
ICT STATUS OF Djibouti

The concept of Cybersecurity is new in Djibouti, we


are lacking almost everything

- No National Cyber Security Strategy


- No Law, Policies, Standard and Regulation
- No National CERT/SOC
- No National Digital Forensic Laboratory
- Poor Public and Private Partnership
ICT PROJECTS
- PKI Project with KICA:
➢ The goal is establish a National Public Key
Infrastructure solution in Djibouti
▪ No Law, Regulation and Standard
▪ No application like e-Gouvernement, e-Taxation, e-
Banking, e-Health

- E-ID
➢ ANSIE want to provide an Electronic Card or ID
for each citizen (On-going)
ICT GOALS AND
CHALLENGES

There are plenty of challenges for the


republic of DJIBOUTI
✓ Develop an adequate and interoperable national and
regional cyber security frameworks
✓ Implement protection plan for Critical Infrastructure
✓ Data protection
✓ Cyber security Risks and Incident management
✓ Establish National Computer Emergency Response
Team (CERT)
✓ Cybersecurity Training and Experts
COOPERATION BETWEEN
YOUR DJIBOUTI AND KOREA
Very good cooperation with the
republic of Korea:
o Mostly with the port of Djibouti

We need more cooperation in the Cyber Security


field

THANKS
[ National Information Security Technical Course ]

Ecuador
| David Mayorga
ECUADOR

Servicio de Rentas Internas


IT Security
David Mayorga Polo
20-October-2018

Security Technical Expert Course / 29-Oct. to


02/Nov./2018
ICT facts

Banking sector:
• Defacement
• Spear phishing
• Malware
• DDoS
Nation's tax collection agency

Mission:
Manage the tax policy, within the framework of
the constitutional principles, ensuring the
collection sufficiency destined to the promotion of
the social cohesion.
GENERAL DIRECTOR

Tax Compliance Director Organizational


Development
Director

Business Core Units Business Support Units


IT Security Project – 2019
Anti-fraud Security Controls for IT services
• Strengthen access and monitoring controls through
specialized tools
• Implement robust controls for authentication and access.
• Implement double factor mechanisms and alerts on high risk
transactions.

-- February to November 2019 --

USD 320.000,00
Challenges

• National Cybersecurity strategy not developed


(including military).
• Protection of personal data not regulated.
• Lack of awareness in society poses a great risk.
• Cybersecurity attacks not properly reported.

• Internal fraud
• Budget restrictions
• Human resources restrictions
Cooperation

The Agency provides bilateral technical cooperation through the


following programs: Providing volunteers and experts to cooperate in
private and government institutions, nation wide projects, training,
scholarships for postgraduates and support to Korean non-
governmental organizations .
[ National Information Security Policy Course ]

Egypt
| Ahmed Mashaly
Egypt

Eg-CERT
Cyber Security Awareness
Ahmed Mashaly
22-10-2018
National Security Policy/ 5days
ICT STATUS OF THE COUNTRY

We used to handle more than


200 incident each month
ICT STATUS OF THE COUNTRY

Now we have changed the


approach where we handle
incidents based on the affected
organization and the business
impact of the incident.
ORGANIZATION EXPLANATION

EG-CERT is charged with providing computer and


information security incident response, support, defense
And analysis against cyber attacks and collaboration with
governmental, financial entities and any other critical
information infrastructure sectors.

EG-CERT also provides early warning against malware


spreading and massive cyberattacks against Egypt's telecom
infrastructure. EG-CERT consists of five main departments,
which are Incident Handling, Cyber forensics, Malware Analy
sis and Penetration Testing and Awareness.
ICT PROJECTS

Project name :
National cyber security
awareness campaign.
ICT PROJECTS

PROJECT CONTENTS :

1- Planning.
2- Developing content and setting measurements.
3- Delivering the content.
4- Measuring the progress and improving the
material and delivery methods.
Estimated to start mid 2019.
ICT GOALS AND CHALLENGES

Being able to reach as many


organizations and citizens as
possible as efficiently as possible to
develop and deliver awareness
content that is sufficient to make
cyber security a culture and a habit.
COOPERATION BETWEEN
EGYPT AND KOREA

None yet but hopefully after this course we shall be


able to jumpstart cooperation between Egypt and
Korea in the area of cyber security.
[ National Information Security Technical Course ]

El Salvador
| Guillermo Funes
El Salvador
MINISTRY OF JUSTICE AND
PUBLIC SECURITY
IT
GUILLERMO FUNES
29TH OCT 2018
2018 ICT EXPERT TRAINING PROGRAM
29TH OCT - 2ND NOV 2018
EL SALVADOR:
Area: 21,000 square kms (Smallest country in
Central America
Pupulation: 7,000,000
Mobile Phones: 9,000,000

Cybercrime Law (Feb 2016)


It Includes:
Crimes against Children and teenagers, Cyberbulling , Porn
Crimes against damages on Systems
Crimes against Unauthorized Access in any form
Crimes against theft of Electronic Identity
It Does Not Include: ISP duties, Network Administrators, other
CSIRTs,
Critical Infrastructure, Agencies coordination Etc
Ministry of Justice and Public Security:
Mission: We are in charge of the National Security
Main Departments:
• National Police
• Immigration department
• Correctional Facilities
• National Police Academy

Goverment’s CSIRT
Goverment Scope (Executive Branch Only)
Members:
• Ministry of Justice and Public Security
• National Police
• President’s Office
• Ministry of Education
• Deputy Ministry of Technology
• National Security Council (Leaded by the Minister of Justice and
Public Security)
 Development of a National Cybersecurity
Strategy
 Development of a Methodology of Cyberdefense
for Organizations(Public and Private)
 Development of a System for Early Awareness,
including Monitoring Devices
 Changing the law for include Cybersecurity and
Cyberdefense, Critical Infrastructures
Promove the Cybersecurity in the National
priority list
Protect the technology used againts crime :
• Telephone intervention
• Bracelets for law offenders
• System of jammers for cellphone signal around th
e correctional facilities
• Video surveillance System
• 400 Kilometers of fiber optic

Include into the law, several subjects, topics, and


policies regarding cybersecurity (Including CII)
 National Security:
 2011: Korea runs the first Suviliance System with 52
cameras(KOICA)
 2014: Korea runs a Suviliance System with 71 License Plate
Recognition cameras (KOICA)
 Cybersecurity:
 2018: Korea runs a diagnosis for Cybersecurity Status in El Salvador
(KEXIM-AhnLab): Support for Development of ISAC for the
Broadband Infrastructure Protection in El Salvador
 2019: Korea will establish a National Academy for Suvilliance
systems operators.(KOICA)
Thank you
Guillermo Funes
guillermo.funes@seguridad.gob.sv
gfunes@cert.Gob.sv
[ National Information Security Technical Course ]

Honduras
| Jose Angel Pineda Ortiz
Honduras

National Emergency System


911
MSc. Jose Angel Pineda
Department of Information Technology

Oct 29th
Security Technical Expert Course / Oct 29th ~ Nov 2nd
ICT Projects & Status
ICT Projects and Status
Honduras

• E-Government
• Cybersecurity
• Free Wi-Fi Zones in public spot
• Broadband
ICT Status - Honduras

• Statistics
National Emergency System 911

Mission:
Serve and coordinate immediately the emergency calls
make it to the 911 for any citizen or foreigner inside
the national territory.

Objectives:
Save and protect life, goods and everyone in Honduras
through the qualified personnel of the National
Emergency System 911(nine, one, one) with the
highest standard of operativity.
National Emergency System 911
National Emergency System 911
National Emergency System 911
Ongoing ICT Projects
Ongoing ICT Projects

• National Emergency System 911 New Centers


Copan (East Center)
Choluteca (South Center)
La Ceiba (North Center)
Ongoing ICT Projects

• National Emergency System 911 New Centers


Copan (East Center)
Choluteca (South Center)
Olancho (West Center)

• Geo-localization of the calls


Ongoing ICT Projects
Department of Information Technology

• Speech Recognition

• Computer Vision task as Object Detection,


Segmentation, Face recognition
Ongoing ICT Projects
Department of Information Technology

• Cyber security

• User’s Modules allocated in the website

• Mobile applications and GPS


Cooperation
Honduras – Korea Republic
Cooperation
Honduras - Korea
Thanks!!
Q/A
[ National Information Security Policy Course ]

Indonesia
| Henry Tampubolon
Indonesia
Henry Tampubolon
Directorate of Standardization
DG SDPPI
MCIT
Information Security Policy Course
A GLANCE OF ICT POLICY IN INDONESIA
Thank you
[ National Information Security Policy Course ]

Jordan
| Tareq Almajali
Information Security Policy

Jordan
Ministry of information
communication technology
security division
Tareq Ziad Al majali
16-10-2018
Information Security Policy
29-oct-2018 – 02-nov-2018
ICT and IT Enabled Services
(ITES)
Jordan’s ICT and IT Enabled Services (ITES) sector has come a long way in the past years and
has achieved a great deal of accomplishments in which we can all take great pride.
Today, the ICT ecosystem in Jordan is considered one of the most developed and robust in the region.
With the rise of internet penetration and the invasion of new technologies, ICT and ITES are
listed amongst the government’s highest priorities, and are expected to continue to contribute
to the Jordanian economy.

• Total population in Jordan around 9.80 million, internet users are around 8.70 million which means 89%
of total population.
• Also mobile connections are 11.34 million that means 116% of population in Jordan.
• Jordan has ranked in eighth place amongst the top 12 countries to fall victim to frequent cyber attacks in
the Arab world.
• The list was compiled by Kaspersky Lab, a multinational cyber security and anti-virus provider
headquartered in Moscow, Russia.
• According to statistics released by the Public Security Directorate (PSD), the number of cybercrimes
committed in Jordan since the beginning of 2018 has reached 1158 crimes.
Ministry of Information and Communications
Technology
Established in April 2002, the Ministry of Information and
Communications Technology [MoICT] is the government entity
responsible for articulating policy in the areas of Information
Technology, Telecommunications, and Post in the Hashemite Kingdom
of Jordan.
The sectors within Information Technology (IT) and Telecommunications are identified as particular drivers and enablers
of economic and social growth.
MoICT has overall responsibility for the achievement of National goals and objectives within ICT, and has various
means and relationships at its disposal through which to achieve them.
MoICT accordingly has broad powers of oversight and Action within the sectors that comprise ICT.
In addition to developing, incubating, and supporting ICT initiatives at a national level, the Ministry’s mandate includes s
timulating local and foreign technology investments as well as promoting awareness and adoption of ICT by all segments
by all segments of the population, in an all-inclusive approach.
The Ministry, through a dynamic public-private partnership process, works to create, promote, and drive new ICT
opportunities in Jordan, which will facilitate the positioning of the Kingdom as a regional player in technology adoption
and development, a key step to creating a knowledge-based economy.
National Information Assurance
and Cyber Security Strategy
National CyberSecurity Strategy (NCS) covering the period to 2023 provides a summary of the progress made against
the delivery of the objectives set out in 2012 and considers how current trends in cyber threats indicate a more robust national
approach to the governance of cyber security is required.
The use of Cyberspace is transforming business, making it more efficient and effective. It is opening up markets, allowing
commerce to take place at lower cost and enabling people to do business on the move. It has promoted fresh thinking,
innovative business models and new sources of growth and business opportunity for established enterprise and
emerging entrepreneurs alike. It enables companies to provide a better, cheaper and more convenient shopping experience
to customers. It also helps individuals to shop around, compare prices and find what they want.

These actors are not only working relentlessly to compromise digital assets, they are also looking for new and simple ways
of damaging its integrity and disrupting its availability.
Secure cyber space is essential for Jordanian entities to prosper, to grow and to demonstrate to external
organizations that Jordan is a safe place in which they can conduct business. For national security and prosperity, it is
incumbent upon us all to play our part; this includes both the public and private sector organizations and staff, as well as our
citizens. To address the challenges of cyber security head on, and seize the opportunities that cyber space offers,
requires leadership and governance of cyber at the highest levels.
NIACSS goals
•Strengthen Jordan’s National Security by Preventing Cyber Attacks to
Critical Information Infrastructures.
•Minimize Risks to Critical Information Infrastructures and Government
Networks by Reducing Vulnerabilities.
• Minimize Damage and Recovery Time from Cyber Attacks regardless of
source or intent.
• Enhance Jordan’s Economy and improve National Prosperity by
Increasing Confidence and Trust in Government, and by extension,
Private Information Systems Security, thereby encouraging investment
and creating opportunities for enhanced collaborative processes.
• Increase Information Security Awareness and its importance to National
Security through a National Information Security Awareness and Training
Program
KOICA in Jordan
KOICA implements projects related to "e-government" to promote the administrative efficiency and
transparency of developing partner governments.
Since narrowing the digital divide in a knowledge-based society expedites poverty alleviation and
promotes sustainable economic development, KOICA has made continuous efforts to reduce the digital
divide and facilitate economic development.
KOICA's ICT cooperation focuses on fostering ICT human resources by strengthening ICTeducation
infrastructure, and enhancing ICT education capacity implementinge-government initiatives such as
drawing up ICT master plans, and building infrastructure and systems, and expanding ICT usage by
launching internet phone networks, remote medical treatment, computerized libraries, Through these
assistance programs, KOICA is striving to achieve Target 18 of MDG 8, which aims to create global
partnerships for
development and make the benefits of new technologies available to the developing world.
[ National Information Security Policy Course ]

Kosovo
| Rifat Hyseni
Kosovo
Tax Administration of Kosovo
IT Department
RIFAT HYSENI
29 October 2019
Information Security Policy Course/ PERIOD
ICT STATUS OF THE COUNTRY
(cybersecurity National Strategy)
ICT FIGURES BASED ON EACH COURSE.
- The Internet penetration based on users is at least 76.62% or
1,080,038 Internet users (based on Census 2011 total
population).
- subscription rates)
- No Information of umber of cyber attacks given monthly..
EXPLAIN ABOUT YOUR ORGANIZATION
Executive State Agency,
Administrating the revenue at National Level.
• Education,
• Audit,
• Collection,
Information Technology, Automation, Services etc.
DESCRIBE ICT PROJECTS IN YOUR
ORGANIZATION/COUNTRY (RELATED TO THE
TRAINING COURSE, EITHER ONGOING OR TO-BE)

• Modernization od TAK based on new ICT System. 2019-2021


• Cyber Security Strategy in progress to be formalized
• ICT Security Policy
DESCRIBE ICT GOALS AND CHALLENGES
OF YOUR COUNTRY/ORGANIZATION
• E-Government Program still not in place.
• Cyber Security Capacities not in place
• National CERT not in full function yet.
• Complete Cyber Security Policies not in Place yet
DESCRIBE COOPERATION BETWEEN
YOUR COUNTRY AND KOREA
- December 2016, Seoul - Training about Cyber Security Basics – KISA
- June 2017, Pristina- Cyber Security Assessment and Training
- June- November 2018, Pristina - Pilot Project implementing WAF for Tax
Administration of Kosovo,
[ National Information Security Policy Course ]

Moldova
| Artur Munteanu
UNCLASSIFIED
Security and Intelligence Service of the Republic of Moldova

Republic of Moldova

Security and Intelligence Service


of the Republic of Moldova

Oct 29 (Mon) – Nov 2 (Fri), 2018

120
UNCLASSIFIED
Security and Intelligence Service of the Republic of Moldova

ICT is one of the most dynamic sectors in the Moldovan Economy and
represents one of the priority areas for development for the Moldovan
Government
ICT Infrastructure:
• Fixed Communication;
• Mobile Connection;
• International Communication.

Information Security, Data Protection and Privacy:


• Internet Infrastructure (cybercrime, terrorism and attacks) – Moldova ranked globally
73rd (out of 165 countries) in the 2017 Global Cybersecurity Index
• Type of attacks – 680000 attacks were registered by the CEC in 2016, 27 attempts to
breach Government information systems in 2016 (Trojan Virus), dozens of Moldovans fell
victim of phishing in 2016, DDOS attacks, 13000 cregisteredases of theft from bank accounts
in 2016.

121
UNCLASSIFIED
Security and Intelligence Service of the Republic of Moldova

Security and Intelligence Service


of the Republic of Moldova
MISSION: Efficient protection of fundamental rights and
freedoms of citizens, society and state against risks and
threats to state security.
One of the primary missions is to prevent and counteract aggressions in virtual
environment, domestic and abroad, targeting electronic communication systems of
national importance. This mission is carried out in accordance with the legislation in
force through the following operational processes:
• Developing proposals on ensuring informational security, developing and
promoting state policies in the field and exerting control in the process of ensuring
the protection of information in cyberspace;
• Developing strategies and implementing national policies in the field of
administration and ensuring the operation and security of communication systems.
122
UNCLASSIFIED
Security and Intelligence Service of the Republic of Moldova

ICT Projects in the Republic of Moldova

Regarding general ICT development, Moldova has fulfilled 58% of the ICT
development index (2016).

Moldova has made significant developments in the area of secure environment


for e-services, electronic identification and electronic signature and fight against
cybercrimes.

Additionally, baseline cyber security is relatively well developed in Moldova.

Moldova has a personal data protection authority, legislation for information


classification, minimum requirements for cyber security, and requirements for
ICT systems’ audit
123
UNCLASSIFIED
Security and Intelligence Service of the Republic of Moldova

The goals of the Republic of Moldova

Areas in the Republic of Moldova were developments are mostly


needed:

1. Cyber threat analysis;


2. Protection of essential e-services and critical information
infrastructure;
3. Capacity to manage large-scale cyber crises;
4. National defense capabilities.

124
UNCLASSIFIED
Security and Intelligence Service of the Republic of Moldova

Cooperation between the Republic of


Moldova and the Republic of Korea
The Government of the Republic of Korea provides assistance in different
areas to the institutions of the Republic of Moldova through the Korean
Agency for International Cooperation - KOICA.
Also, a number of projects in the field of information and
communication technologies (Moldovan-Korean Information and Access
Center, etc.) were supported financially.
In 2015, KOICA provided financial support of € 200,000 to support
ICT in education. Continuing collaboration with KOICA on the $ 300,000
SMART EDUCATION project (development of digital textbooks,
educational portal, educational repository, educational software, teacher
training) continues.
Today, Republic of Korea is one of the most important investors in the IT field of
Republic of Moldova and contributable side to the working out of the Digital Moldova
2020 strategy, in the view of Korean experience as to cyber security.
125
UNCLASSIFIED
Security and Intelligence Service of the Republic of Moldova

THANK YOU FOR YOUR ATTENTION!

126
[ National Information Security Technical Course ]

Mongolia
| Dashbalbar Sukhbaatar
COUNTRY PROFILE

MONGOLIA
Communications Regulatory Commission of
Mongolia

Department of Administration and Cooperation

Dashbalbar. S

2018-10-29

Information Security Technical Course / 5 minute


CONTENT OF PRESENTATION

➢ COUNTRY PROFILE
➢ ICT SECTOR ORGANIZATIONAL STRUCTURE AND
WORLD RANK OF MONGOLIA
➢ STATISTICS OF ICT SECTOR OF MONGOLIA
➢ LEGAL ENVIRONMENT AND ESTABLISHMENT OF
CRC
➢ MISSION AND MAIN RESPONSIBILITIES OF CRC
COUNTRY PROFILE
COUNTRY PROFILE
ICT SECTOR STRUCTURE

President Parliament

Prime Minister

Communications
Communication and Information Cabinet members of
Regulatory Commission
Technology Authority (CITA)
(CRC) the Government

IT Park 16 Ministries

Data center 27 Agencies

CITIZENS, BUSINESSES, OTHER PUBLIC, AND PRIVATE ENTITIES

National ICT Policy Council was established on 15 Dec,


2017 supervised by the Cabinet Secretary;
ICT SECTOR:
KEY INDICATORS AND STATISTICS
2. NUMBER OF MOBILE SUBSCRIPTIONS /thousand subscriptions/ (2017.12.31)
4,500.0

3,886.2
4,000.0

3,409.4
3,500.0
3,027.2 3,068.2
2,811.5 2,877.6
3,000.0

2,373.0
2,500.0
2,023.0
2,000.0 1,743.5

1,500.0

1,000.0

500.0

0.0
2009 2010 2011 2012 2013 2014 2015 2016 2017

Source: CRC of Mongolia (2017.12.31)


4
CONTENTICT
OFSECTOR
PRESENTATION
IDI – Asia and the Pacific 2017
ICT Development Index /IDI/ 2017 Asia
IDI 2017 IDI 2016 IDI 2016
Pacific Country
IDI 2017 IDI 2017 IDI 2016 IDI 2016 Value Rank Value
Country Rank 2017
Rank Value Rank Value 1 Korea (Rep.) 8.85 1 8.80
1 Iceland 8.98 2 8.78 2 Hong Kong, China 8.61 6 8.47
2 Korea (Rep.) 8.85 1 8.80
3 Japan 8.43 11 8.32
3 Switzerland 8.74 4 8.66 4 New Zealand 8.33 12 8.23
4 Denmark 8.71 3 8.68 5 Australia 8.24 16 8.08
5 United Kingdom 8.65 5 8.53 6 Singapore 8.05 20 7.85
6 Hong Kong, China 8.61 6 8.47 7 Macao, China 7.80 29 7.55
7 Netherlands 8.49 10 8.40 Brunei
8 6.75 54 6.56
8 Norway 8.47 7 8.45 Darussalam
9 Malaysia 6.38 62 6.22
9 Luxembourg 8.47 9 8.40
10 Thailand 5.67 79 5.31
10 Japan 8.43 11 8.32
11 China 5.60 83 5.17
11 Sweden 8.41 8 8.41 12 Iran (I.R.) 5.58 85 5.04
12 Germany 8.39 13 8.20 13 Maldives 5.25 86 4.97
89 Albania 5.14 89 4.90 14 Mongolia 4.96 87 4.91
90 Seychelles 5.03 92 4.80 15 Philippines 4.67 100 4.52
91 Mongolia 4.96 87 4.91 30 Bangladesh 2.53 146 2.37
92 South 31 Pakistan 2.42 148 2.21
Source : ITU Africa
2017 4.96 88 4.91
32 Kiribati 2.17 155 2.04
33 Solomon Islands 2.11 154 2.04
34 Afghanistan 1.95 165 1.71
ICT SECTOR:
KEY INDICATORS AND STATISTICS
2. NUMBER OF MOBILE SUBSCRIPTIONS /thousand subscriptions/ (2017.12.31)
4,500.0

3,886.2
4,000.0

3,409.4
3,500.0
3,027.2 3,068.2
2,811.5 2,877.6
3,000.0

2,373.0
2,500.0
2,023.0
2,000.0 1,743.5

1,500.0

1,000.0

500.0

0.0
2009 2010 2011 2012 2013 2014 2015 2016 2017

Source: CRC of Mongolia (2017.12.31)


4
ICT SECTOR:
KEY INDICATORS AND STATISTICS
3. NUMBER OF SMARTPHONE USERS (2017.12.31)
Mobile data users: 3,886,167
Data users: 2,625,685
Smartphone users: 2,439,236
3.74% 2.65%

71.90%
21.71%
2017 year: 26,354[TB]

2016 year: 17,455[TB]

Android IOS (Apple) OSs Other

Source:
10
CRC of Mongolia (2017.12.31)
ICT SECTOR:
KEY INDICATORS AND STATISTICS
4.NUMBER OF CABLE TELEVISION SUBSCRIBERS (thousands subscribers 2017.12.31)
900

855.9
800
796.6
700
725.8
669.9
600
Type 2017 year
500
523.8
Cable 5.70%
482.6
400
Satellite 44.68%

300
DTV 21.37%
294.5
200
210.8 IPTV 28.25%

100
Total 100.00%

0
2010 2011 2012 2013 2014 2015 2016 2017

Source: CRC of Mongolia (2017.12.31)


24
ICT SECTOR:
KEY INDICATORS AND STATISTICS
5. Main economic indicators of the communication sector
5.1. Total investment of ICT sector /billion MNT/
300

Type Market share


250 Mobile service 71.92%
239.2 ICN 9.18%
233.2
IPTV 5.48%
200
204.6 Wholesale service 4.48%
Postal service 2.63%
173.2
150 TV broadcasting 1.93%
Cable channel 1.71%
122.2 Cable television 1.25%
100
107.7 108.0 Fixed telephone
0.51%
89.9 service
Internet service 0.19%
50
Other 0.72%
Total 100.00%

0
2010 2011 2012 2013 2014 2015 2016 2017

Source: CRC of Mongolia (2017.12.31)


32
24
ICT SECTOR:
KEY INDICATORS AND STATISTICS
6. Main economic indicators of the communication sector
6.1. Total income of ICT sector /billion MNT/
1200
Market
Type
share
Mobile service 50.26%
1000
1,074.4
IPTV 11.78%
965.0 Internet 10.56%
933.3
800 850.4 Wholesale service 5.66%
784.0 Cable television 4.73%
ICN 4.30%
600 649.7 TV broadcasting 3.65%

538.9 Postal service 1.78%


470.9 Cable channel 1.50%
400
Fixed telephone 1.46%
VSAT 1.30%
200 NIIM 1.18%
Other 1.84%
Total 100.00%
0
2010 2011 2012 2013 2014 2015 2016 2017

Source: CRC of Mongolia (2017.12.31)


31
32
24
ICT SECTOR LEGAL ENVIRONMENT

Legal Framework:

Communications Law (1995)


Law on Radio waves (1999)
Postal Law (2003)
Law on USOF (2006)
e-Signature Law, (2011)
Financial transparency Law, (2014)
National Payment System Law, (2017)
Government Resolution 159, 2017
About the government electronic databases and data exchange
Government Resolution 23, 2015
About the e-Kiosk (ATM)
Government Resolution 254, 2015
About government online services & PPP promotion

Draft of laws (2016-2017):


Amendment of Communications Law, Broadcasting Law, e-Government
Law, Information Security Law, Data Protection Law
ICT SECTOR COOPERATION
POLICY AND PROGRAM

The State Policy on


ICT Sector and Government Policy 2017 Development of ICT
(2017-2025)
Milestones
National e-Government
2012
program

2011 National Broadband Program

National Program on Information Security


2010

2008 National Program on Unified Registration System

2006 E-Mongolia National Program

2004 Midterm Strategy for ICT Development in Mongolia

1999 Vision for Mongolian ICT Development up to 2010


POLICY AND PROGRAM

Key Program and Projects:

➢ Mongolian National Data Center was established by Government


Resolution 183th that issued on June 24th 2009 and MNDC is
funded by Government, responsible for stability, security,
reliability of Mongolian national electronic data system;
➢ Launching of e-Kiosk machines, 2013;
➢ Creation of 11-11 Call Center, 2014;
➢ UBIT Initiative : Smart Ulaanbaatar City Program, 2014-2020;
➢ Expansion of National Backbone Network to Soums level (Rural
areas),
➢ development of public key infrastructure as well as
establishment of XYP data exchange platform among
government organizations, 2016-2020;
➢ Smart Government Project, The world Bank, 2016-2020;
THANK YOU FOR YOUR
ATTENTION
Contact Address:
Dashbalbar. S,
IT & Network Security Officer
Communications Regulatory Commission
Metro Business Center, Fl-5,
Sukhbaatar District, Ulaanbaatar 14201
MONGOLIA
Tel: 976-99094645
Mail: dashbalbar@crc.gov.mn
Web: www.crc.gov.mn
[ National Information Security Technical Course ]

Montenegro
| Goran Tomkovic
Cybersecurity in Montenegro

Goran Tomković
CIRT-ME

Ministry of Public Administration


“Information Security Technical Policy”
South Korea, October 2018
Cybersecurity Status in Montenegro

Homes: Businesses:

• 55,9% have PC access, • 94,3% businesses use PC’s.


• 37,6% have laptops
• 94,9% have mobile phones,
• 67,5% have Internet access at home.

Year Incidents

2013 22 Incidents:
2014 42
• Malware,
2015 132 • Web Defacement
2016 - May 163 • DDoS
2017 532 • Internet Fraud
• Inappropriate content on the Internet
2018 (1 oct) 364
Total 1255
Cybersecurity Status in Montenegro

CIRT Services
•Incident Handling, Response
and Coordination

•Security Advisories

•Awareness, Training &


Education
Cybersecurity Projects

New Cybersecurity Strategy for Montenegro 2018-2021 (finished)

•Critical Information Infrastructure Protection (ongoing)

•Establishing a Security Operations Center (SOC) (ongoing)

•Expanding National CIRT capacities (planned)

•Implementation of DLP (Data Loss Prevention) system (planned)

•Education of children, teaching staff, school pedagogues and


psychologists (planned)
Cybersecurity Challenges

•Limited resources of the National CIRT

•Limited resources of Law Enforcement Agencies

•Public-Private Partnership

•General cybersecurity awareness level


Montenegro – South Korea Cooperation

•World Bank

• KISA –Montenegro Joint Cybersecurity Seminar – May, 2016

•CAMP 2018 3rd Annual meeting & GCCD Cybersecurity Seminar

•CAMP Membership
[ National Information Security Policy Course ]

Peru
| Adriana Alejandra Narvaez Palacios
FONAFE
Fondo Nacional de Financiamiento de la Actividad Empresarial del Estado
National Fund for the Financing of the State's Business Activity

Lima - Perú
Adriana Alejandra Narváez Palacios
Octubre 2018
Information Security Policy Course/
29 Oct – 2 Nov
Timeline
Profesional experience
Risk Management Trainning KISA
2018

Practicante de
Manufactura 2016 - 2018
2011 Especialista de Riesgos
Analista de Riesgos
Practicante de y procesos
2017 2018
Riesgos Information Security
Magister en Policy Course
2010 - 2011 2012 - 2014 Administración
de Empresas

2011 2014 - 2016


Bachiller
Consultor de
Universidad de
Riesgos
lima
2011 - 2012
Asistente de Master en
GRC Riesgos
CULTURE: MACCHU PICCHU CITY (CUZCO, TYPICAL FOOD: CEVICHE
PERÚ)

PERÚ
CULTURE: NAZCA
LINES (ICA, PERÚ)

CULTURE: AMAZONAS RIVER (IQUITOS,


PERÚ)
Video: Perú Live the legend:
https://www.youtube.com/watch?v=gGq_U1DYUCs
2ND ICT STATUS OF PERÚ

Peru is the country with the lowest pe


rcentage of protected equipment in La
tin America

Ransomware, phishing and crypto


jacking are the most current form
s of users and businesses in Peru.
At the regional level, it is estimat
ed that cyber attacks will rise by
35% during 2020.
Actually Latin America is vulne
rable to cyber attacks, only six
countries have cyber security
strategies, while most are not
ready for new threats
The survey shows detailed results of Peru on investment to ensure
terminal points, databases and applications, using authentication
and identity management solutions, fraud detection and the use of
analytical tools, investments in cybersecurity.
Inglés

3RD COMPANY FONAFE

MISSION
"We are the corporation of
State companies that
provides quality goods and
services and generates value
economic, social and
environmental for the
development of the country“

Nuestro principal objetivo es


ser parte de la OCDE.

32 companies
Relationship between Risk Management and other frameworks
It allows management to
have an efficient strategy
Promotes the to ensure compliance
establishment of
adequate controls that
Corporate with the Company's
objectives.
mitigate the effects of Governance
an unwanted
interruption or disaster

Business
ISO 9001
Continuity

Provides an approach
on which to base
Allows the them. processes to
strengthening of
Risk Management guarantee the
Information quality of products
Security and / or services

Internal
ISO 27001
Control
Provides the guidelines
It focuses on the for the development of
development of controls that the Risk Assessment
ISO 37001 component
serve for the development of
Anti-Bribery Management
4TH ICT PROJECTS
Project 1: Improvement of Business Management

New Web Portal FONAFE

• Improve the Fonafe website

Project 2: Improvement of Business Management

Intranet FONAFE

• Improve Fonafe's intranet

Project 3: Implementation of Information Security Management FONAFE

• Prepare policies, manuals and corporate guidelines

Project 4: Improvement of Business Management Corporate Contact Center (CCC)

• Centralize as the only point of attention to the citizen through voice solutions, mail, social
networks, SMS and interactive chat.
5TH ICT GOALS OF PERU
In Peru there is a digital government
secretary in charge of the Presidency
of the Council of Ministers, in
addition there is a working group for
the implementation of the digital
national agenda with a view to the
year 2021, in that year Peru
celebrates its 200th anniversary as
the foundation of the country.
6th COOPERATION COUNTRY
AND KOREA
The "VI International Conference of the Public Company
Network: Transparency and Integrity as Pillars of Good
Management", This is an event that takes place every year, is
organized by the Inter-American Development Bank (IDB), in
cooperation with the Government of Republic of Korea of the
South, and the development of Good Practices in the
countries of Latin America and the Caribbean

Fonafe is a regulatory entity of the Peruvian state,


currently several international cooperation organizations
supported by the Republic of Korea, promotes the
Peruvian state manages to promote a digital state, a
government interconnected among its public institutions.
The Republic of Korea of ​the South and the various
organizations have managed to draw a road map
thinking about the development of Peru, which is about
to complete its bicentennial in the year 2021.
THANK YOU!
[ National Information Security Policy Course ]

Tunisia
| Nada Laabidi
ARAB INFORMATION AND COMMUNICATION
TECHNOLOGIES ORGANIZATION

DEVLOPMENT AND STRATEGIC PLANNING


DEPARTMENT
NADA LAABIDI
National Information Security Policy
29 October-02 November 2018
CyberSecurity in the Arab region
1. ICT status in the Arab region
2. Cybersecurity status in the Arab region
2.1 : Cybersecurity readiness of Arab States
2.2 : Cybersecurity strategies and approaches
2.3 : Cybercrime Legal Frameworks & Measures in
the Arab countries
2.4 : Data protection
2.5 Regional frameworks
3. Arab ICT Organization and its commitment for a safer cybers
pace in the Arab region
4. Cooperation between AICTO and Korean
institutions/Companies
1. ICT status in the Arab region
(some indicators)

3 5 6 3

IDI value in the Arab Region

ICT Development Index (IDI) 2017 (ICT access – ICT use – ICT Skills)
International Telecommunication Union
1. ICT status in the Arab region
(some indicators)
• Highest- and lowest-ranking Arab Countries, IDI 2017
1. ICT status in the Arab region
(some indicators)
• Proportion of households with internet access, 2017 : 47,2 %

Internet penetration rate for Men and Women


Proportion of individuals using the Internet, by , 2017
age, 2017 60

47.7
50

39.4
40

43.7
30

20

64.2
10

0
Male Female

Male Female
Total Population Ages 15-24

Source : ITU
2. Cybersecurity status in the
Arab region
2. Cybersecurity status in the
Arab region

• Cyberattacks in the Arab region

• UAE : Country faced 86 cyber attacks in the first two months of 2018
• Kuwait : In February there was an attempt by cyber criminals to hack
the website of Kuwait's Ministry of the Interior
• Saudi Arabia : December 2017 Saudi Aramco's (Saudi Arabia's state-
owned oil company) safety system was attacked by malicious software
• Tunisia : March 2018, DDoS attack against the OVH servers hosted in
the Tunisian Internet Agency (IXP).
• In May 2017 all Golf countries were subject to Wannacry ransomware
2. Cybersecurity status in the
Arab region

– 2.1 : Cybersecurity readiness of Arab States


– 2.2 : Cybersecurity strategies and approaches
– 2.3 : Cybercrime Legal Frameworks & Measures
in the Arab countries
– 2.4 : Personal Data protection
– 2.5 : Regional frameworks
2. Cybersecurity status in the
Arab region
2.1 : Cybersecurity readiness of Arab states

Global Cybreresecurity Index – 2017 (ITU)

Wich measures the commitment of countries around the world to


Cybersecurity with regard to the following five pillars : Legal, Technical, Orga
nizational, Capacity Building, Cooperation
2. Cybersecurity status in the
Arab region
Global situation of the commitment and the readiness of Arab State

Arab States scorecard (green for high, yellow for medium, and red for low).
s upon the basis of the 25 indicators (GCI – 2017)
2. Cybersecurity status in the
Arab region
2.1 : Cybersecurity readiness of Arab states
R.R Country Score G. Rank R.R Country Score G. Rank

1 Oman 0.871 4 12 Syria 0.237 102

2 Egypt 0.772 14 13 Palestine 0.228 104


3 Qatar 0.676 25 14 Libya 0.224 105
4 Tunisia 0.591 40 15 Lebanon 0.172 119
5 Saudi Arabia 0.569 46 16 Mauritania 0.146 125
6 United Arab E 0.566 47 17 Kuwait 0.104 139
mirates
7 Morocco 0.541 49 18 Djibouti 0.099 140

8 Bahrain 0.467 65 19 Iraq 0.043 159

9 Algeria 0.432 68 20 Comoros 0.040 161

10 Jordan 0.277 93 21 Somalia 0.034 162

11 Sudan 0.271 96 22 Yemen 0.007 164


Ranks and scores - GCI-2017
Cybercriminal legislation
in the Arab region

10Algeria – Bahrain – Egypt – Morocco – Oman – Qatar – Palestin


High
4 Djibouti – Jordan - Saudi Arabia - Syria
e – Sudan – Tunisia - United Arab Emirates

Medium

Low
8 Comoros – Iraq – Kuwait – Lebanon – Libya – Mauritania – Somalia - Yemen
CyberSecurity legislation
in the Arab region

7 Algeria – Egypt – Morocco – Oman – Qatar – Tunisia - United A


High
8 rab Emirates
Bahrain – Jordan – Kuwait – Mauritania - Saudi Arabia – Palestine – Sudan - Syria
Medium

Low
7 Comoros – Djibouti –Iraq- Lebanon – Libya – Somalia - Yemen
CyberSecurity Training
in the Arab region

High
10Algeria – Bahrain – Egypt – Morocco – Oman – Qatar - Saudi Ar
abia - Syria – Tunisia - United Arab Emirates
Medium

Low
12 Comoros – Djibouti – Iraq – Jordan – Kuwait – Lebanon – Libya – Mauritania –
Somalia – Palestine – Sudan - Yemen
CyberSecurity - LEGAL MESURES
in the Arab region
Cybercriminal legislation - CyberSecurity legislation - CyberSecurity Training

9 Algeria – Bahrain – Egypt – Morocco – Oman – Qatar - Saudi Ar


High
3 abia – Tunisia - United Arab Emirates
Palestine – Sudan - Syria
Medium

Low
10 Comoros – Djibouti – Iraq –Jordan –Kuwait –Lebanon –Libya – Mauritania – So
malia -Yemen
CyberSecurity – TECHNICAL MESURES
in the Arab region
National CERT/CIRT/CSIRT - Government CERT/CIRT/CSIRT - Sectorial CERT/CIRT/CSIRT - Stan
dards for organizations - Standards for professionals - Child online protection

Qatar

5 Egypt – Morocco – Oman – Qatar - Saudi Arabia


High
6 Bahrain – Palestine – Sudan – Syria – Tunisia - United Arab Emirates
Medium

Low
11 Algeria – Comoros – Djibouti – Iraq – Jordan – Kuwait – Lebanon - Libya – Mau
ritania – Somalia - Yemen
CyberSecurity – ORGANIZATIONAL MESURES
in the Arab region
Strategy – Responsible Agency – Cybersecurity metrics

2 Oman – Qatar
High
10 Algeria – Bahrain – Egypt – Jordan – Lebanon – Libya – Mauritania – Morocco – Tu
nisia - United Arab Emirates
Medium

Low
10 Comoros – Djibouti – Iraq – Kuwait - Saudi Arabia – Somalia – Palestine – Suda
n – Syria - Yemen
CyberSecurity – CAPACITY BUILDING
in the Arab region
Standardization bodies – Cybercesurity good practices – R&D programmes – Public awarness
campaigns – Professional programmes – incentive mechanisms – Home-Grown industry

5 Egypt – Oman – Qatar - Saudi Arabia - Tunisia


High
5 Algeria – Jordan – Libya – Morocco - United Arab Emirates
Medium

Low
12 Bahrain – Comoros – Djibouti – Iraq – Kuwait –Lebanon – Mauritania – Somalia
– Palestine – Sudan – Syria - Yemen
CyberSecurity – COOPERATION
in the Arab region
Bilateral agreements – Multilateral agreements – International participation – Public Private Partners
hips – Interagency partnerships

4 Egypt – Oman - Saudi Arabia - Tunisia


High
7 Algeria – Bahrain – Djibouti – Lebanon – Morocco – Qatar - United Arab Emirates
Medium

Low
11 Comoros – Iraq – Jordan – Kuwait – Libya – Mauritania – Somalia – Palestine –
Sudan – Syria - Yemen
GCI in the Arab Region
Legal Measures – Technical Measures – Organizational Measures –
Capacity Building – Cooperation

4 Egypt – Oman – Qatar - Tunisia


High
5 Algeria – Bahrain – Morocco - Saudi Arabia - United Arab Emirates
Medium

Low
13 Comoros – Djibouti – Iraq – Jordan – Kuwait – Lebanon – Libya – Mauritania –
Somalia – Palestine – Sudan – Syria - Yemen
2. Cybersecurity status in the
Arab region
2.1 : Cybersecurity readiness of Arab region
Top three ranked Arab countries and an average score GCI-2017

Country GCI Legal Technical Organization Capacity Buil Cooperation


al ding
Oman 0.87 0.98 0.82 0.85 0.95 0.75

Egypt 0.77 0.92 0.92 0.4 0.92 0.7

Qatar 0.67 0.83 0.82 0.65 0.78 0.33

Source : Global Cybersecurity


Index 2017 - ITU
2. Cybersecurity status in the
Arab region
2.2 : Cybersecurity readiness in the Arab region
Comparison GCI and IDI in the Arab States

Source : Global Cybersecurity Index 2017 - ITU


Cybersecurity STRATEGIES
in the Arab countries
National Cybersecurity Strategies or a part of the National Digital/ICT Strategy

13Egypt – Oman – Qatar (2014) – Tunisia – Morocco – Sudan – UAE – Ba


hrain – Kuwait – Saoudi Arabia– Jordan (2012) – Palestine – Iraq
National CIRTs
In the Arab region

10 Egypt – libya - Morocco - Oman – Qatar – Saudi Arabia – Suda


n – Syria –Tunisia - United Arab Emirates
National CIRTs
2. Cybersecurity status in the
Arab region
2.3 : Cybercrime Legal Frameworks & Measures in the Arab countries

12 countries
Cybercrime’s Law
2. Cybersecurity status in the
Arab region
2.3 : Cybercrime Legal Frameworks & Measures in the Arab countries
Country Legislation en Description
acted

Morocco 2003 law to fight terrorism in 2003. It resorted to this law to thwart some web sites that used by te
rrorists to launch their attacks.

Tunisia 2003 The Tunisian legislator took a measure to resist the phenomenon of terrorism by issuing a law to fight
terrorism on December 10th, 2003. The first chapter of this law referred to the fight and rejection of t
errorism. The second chapter referred to the definition of terrorism, crimes of money laundering, fun
ding of terrorism. The third chapter dealt with the sanctions to be inflicted with a view to preventing
such crimes
Saudi Arabia March 2007 Royal decree in 2007
Anti-Cyber Crime Law, Royal Decree No. M/17, 26 March 2007
Sudan 2007 Cybercrime Act, 2007

Algeria 2008 In 2008, the Algerian government tabled a new draft before the national parliament to fight agains
t cyber crimes. By virtue of this draft, the government will be entitled to punish all criminals who wou
ld break into or destroy web sites and computers, steal protected data and numbers of credit card
s, establish or visit pro-terrorist sites. In the same vein, Algeria issued a law, in 2005, to fight terrorism,
money laundering and terrorism funding.

Oman February 2011 Royal Decree No 12/2011 issuing the Cyber Crime Law

Source : Research Paper - Joyce Hakmeh - Cybercrime Legislation in the GCC Countries - Fit for Purpose?
- Database of Legislation of the UNODC
2. Cybersecurity status in the
Arab region
2.3 : Cybercrime Legal Frameworks & Measures in the Arab countries

Country Legislation enacted Legislation / Law title

UAE August 2012 Federal Decree Law no. 5 (2012) On Combating Cybercrimes

Bahrain September 2014 Law No. (60) of 2014 on Information Technology Crimes

Qatar September 2014 Law No. (14) of 2014 Promulgating the Cybercrime Prevention Law

Kuwait July 2015 Law No. (63) for the year 2015 on Combating Information Technology Crimes

Cybercrime Law that contains 18 articles dealing with the complete spectrum of c
Jordan ybercrime, including everything from minor offences such as unauthorised access
to computer material to more serious crimes like identity theft and credit card frau
d
Egypt 2018 Law No.175/2018 « Anti-Cybercrime law »

Anti-Cybercrime law regulates activities online


Combationg information technology Law

Source : Research Paper - Joyce Hakmeh - Cybercrime Legislation in the GCC Countries - Fit for Purpose?
- Database of Legislation of the UNODC
2. Cybersecurity status in the
Arab region

2.4 : Personal Data protection

• Some countries in the Arab region are giving importan


ce to safeguarding individuals’ personal information an
d are addressing this through effective data protection
legislation.
• Egypt, Saudi Arabia, UAE & Tunisia all have data prote
ction legislation.
2. Cybersecurity status in the
Arab region

2.5 : Regional frameworks

Arab Convention on Combating Technology Offences


(21/12/2010)
Ministers of Interior and Justice in all Arab countries signed this convention
on behalf of their States

The purpose of this convention is to enhance and strengthen cooper


ation between the Arab States in the area of combating information
technology offences to ward off the threats of such crimes in order t
o protect the security and interests of the Arab States and the safety
of their communities and individuals.
ARAB INFORMATION AND COMMUNICATION
TECHNOLOGIES ORGANIZATION

Towards a Sustainable Arab Digital Society


ARAB INFORMATION AND COMMUNICATION
TECHNOLOGIES ORGANIZATION

About AICTO

The Arab ICT Organization «AICTO» is a specialized Arab


governmental organization working under the aegis of the
league of Arab States, located in Tunis, and has been operational
since 1st January 2008.
AICTO creation resulted from the will of the Arab States to
contribute to the development of ICTs and providing the
necessary mechanisms to reinforce cooperation between its
members while promoting and enriching common strategies and
policies to ensure an equitable access to ICT to all Arab citizens.
ARAB INFORMATION AND COMMUNICATION
TECHNOLOGIES ORGANIZATION

Members

Being a multi-stakeholder technical organization,


AICTO membership is open to the Public and private
sectors and the Civil Society dealing with ICT and
represented in the Arab region and worldwide in the
quality of "Associate Member", in addition to the
Arab States members of the League of Arab States,
represented by their ministries of ICT.
ARAB INFORMATION AND COMMUNICATION
TECHNOLOGIES ORGANIZATION

Our mission

Providing an open platform for ICT Multi-


stakeholders(Public sector, Private sector,
Civil Society and specialized bodies) for
dialogue, experience & expertise sharing
and for technological knowledge transfer.
ARAB INFORMATION AND COMMUNICATION
TECHNOLOGIES ORGANIZATION

AICTO’s Vision

Towards a harmonious Arab digital society bas


ed on the creativity and innovation, boosting t
he Arab-Interregional complementarity and co
ntributing efficiently to the development of the
global sustainable digital economy.
ARAB INFORMATION AND COMMUNICATION
TECHNOLOGIES ORGANIZATION

Our Strategic goals

• AICTO-SG 1 : Ensuring the transition of Arab countries to the All-Digital and


enabling Arab Citizens to benefit from innovative digital services
• AICTO-SG 2 : Achieving the Arab complementarity and bridging the digital
gab within the Arab region
• AICTO-SG 3 : Unifying and coordinating Arab positions serving their own str
ategic interest within international organizations/at the international level
• AICTO-SG 4 : Boosting the Arab countries’ contribution to the implementatio
n of sustainable development goals 2030 while enhancing their inclusion in
the global digital economy
AICTO’s Strategic vision
Regional Projects &
programs
Regional & International
E-
cooperation
transformation
Joint interregional projects
& actions
E-Innovation
AICTO Working groups
4E Implementa
Strategic
Strategy tion
Vision E-Inclusion Rosters of Experts/ Think
Tanks

Capacity Building (ATAC)

E-Trust
Technical Assistance
E-trust

Technical Studies and


CyberSecurity researches
3. AICTO’s commitment for a safer
cyberspace in the Arab region
AICTO projects & programs
AICTO’s programs
& Projects

Program 1 :
E-Trust : AAECA-Net

AAECA-Net WG1- E-trust-T

AAECA-Net WG2 - E-trust -L

Working Group :
Program 2. CS Technical Program 3. CS Capacity Program 4. CS Studies &
assistance & consultancy Building & Awareness Reports Cybersecurity & Data
Privacy
ARAB INFORMATION AND COMMUNICATION TECHNOLOGIES
ORGANIZATION

Program 1 : E-Trust
Towards building an
interregional - PKI’s (Public and - Awareness activities - Common Training
Multistakeholders private) actions
- Technical assistance
e-Trust Network - Governmental
- Trainings and - Common
based on Laws bodies (Ministries,
Vision & Main principles :

Membership

Activities

Opportunities for Collaboration


Capacity building Technical
Harmonization, regulators,…)
E-trust services
activities assistance actions
- Private companies
Interoperability and a - Studies & surveys - Common studies
(Infra and Solution
strong cooperation and reports
Suppliers, consulting - Working Groups :
framework
cabinets…) - AAECA-Net WG1- - Bi-Multilateral
- Open Interregional
- Universities & NGOs E-trust-T cooperation and
Multistakeholders
- AAECA-Net WG2 - partnerships
Network
- Open and flexible E-trust -L agreements
platform for Sharing (Harmonization of
global experiences & legal framework,
best practices Technical WG…)
- Coordination and
building up of an
upward convergence
framework
ARAB INFORMATION AND COMMUNICATION TECHNOLOGIES
ORGANIZATION

Program 2 : CyberSecurity Technical


assistance & consultancy
Providing assistance to - On-site Technical assistance - Common Technical
- Arab LDCs to improve - Consultancy actions assistance actions
security in the digital space - Common Consultancy
- Working group :
- Arab countries having low Cybersecurity & Data Privacy assignments
Main principles and Focus :

scores in the GCI through


Activities

Opportunities for Collaboration


(Members : - Arab & - Common on-site hands-
consultancy missions (for
International on workshops
legal and technical levels )
Instituions/companies
- Arab countries not having working in the field
yet their - Arab & International Experts )
national/Govermental/Sectori
al : CERT/CIRT/CSIRT
ARAB INFORMATION AND COMMUNICATION TECHNOLOGIES
ORGANIZATION

Program 3 : CyberSecurity Capacity


Building & Awareness

Organizing forums, - Forums - CommonTraining


workshops, trainings on workshops
- Workshops
cybersecurity in order to
keep updating knowledge - Awareness open days - Common Certifying
and improving the skills in Trainings
Working group :
Main principles and Focus :

Activities

Opportunities for Collaboration


the field of Cybersecurity Cybersecurity & Data Privacy - Common Awareness
as well as sharing of best
Within the scope of the workshops/actions
practices (both on the
AICTO Technology
technical and legal levels) - Common Cynersecurity
Academy (ATAC)
Drills and Hachathons
- State personnel training (all
- Trainings sessions : special
economic sectors) - Know how transfer
program for Cybersecurity
- Private sector

- Poliy Makers, Law makers

- Law-enforcement

- Managerial and decision-


making-level
ARAB INFORMATION AND COMMUNICATION TECHNOLOGIES
ORGANIZATION

Program 4 :
CyberSecurity Studies & Reports
Conducting regional studies - Surveys - Common Studies
and surveys to collect
- Studies - Common reports &
updated data on the status of
the CS in the Arab region Roadmaps
- Working group :
(some studies includes also Cybersecurity & Data Privacy - Common database on
the African region) :
Main principles and Focus :

Cybersecurity indicators in
Activities

Opportunities for Collaboration


Cyber attacks indicators and the Arab region
threats facing the region (s)

The status of the regulatory


and legal frameworks

- Preparation and publishing


of White books (about the
best practices towards safer
internet and related subjects
4. Cooperation between AICTO and Korean
institutions/Companies

Status in quo

• The Arab Information and Communication Technologies Organizat


ion ( AICTO) has joined the Cybersecurity Alliance for Mutual Pro
gress (CAMP) family as a member
• Also, AICTO is member of Operations Committee of CAMP.
4. Cooperation between AICTO and Korean
institutions/Companies

The way forward :


Multilateral Sustainale Solutions

Cybersecurity is a major priority and it requires strong Cooper


ation relationships at the regional and international levels i
n order to create collaborative approach with input from all k
ey stakeholders in order to promote an open, free, and secure
cyberspace for everyone everywhere
ARAB INFORMATION AND COMMUNICATION TECHNOLOGIES
ORGANIZATION

Opportunities for Collaboration and


partnership

AICTO programs Opportunities for Collaboration Benefits


•Program 1 : E-Trust •- Common Training actions
• Know how transfer
•Program 2 : Technical - Common Technical assistance actions
• Dissemination of
assistance & consultancy •- Bi-Multilateral cooperation and partnerships agreements
products & solutions
•Program 3 : Capacity •- Common Consultancy assignments
- Common on-site hands-on workshops • Setup of pilot
Building & Awareness
•- Common Awareness workshops/actions projects in some Arab
•Program 4 : Studies &
- Common Cynersecurity Drills and Hachathons- Common countries
Reports
Studies, reports & Roadmaps • Business
- Common database on Cybersecurity indicators in the Arab opportunities
region
identification
•…
[ National Information Security Policy Course ]

Ukraine
| Anastasiia Bondarchuk
SECURITY SERVICE OF UKRAINE

DEPARTMENT OF INFORMATION SECURITY

Anastasiia Bondarchuk
DATE
Security Technical Expert Course/ 10.29 – 11.02
SECURITY SERVICE OF UKRAINE

Cybercrime Department is working to counter all kinds


of cyber threats and related crimes:

• Cyber threats to the state-owned information resources and special informa


tion and telecom infrastructure;
• Combating cybercrimes which present threat to the national security;
• Counteraction to the cyber terrorism and cyber espionage;
• Counteraction to the destructive usage of the social networks and free reso
urces of the Internet against the national security of Ukraine;
• Unlawful use of special wiretapping and surveillance equipment.
SECURITY SERVICE OF UKRAINE

Targets of attacks

Energy sector Banking and


financial sector

Transportation
Mass-media

Logistics and
telecommunication Trading networks
Government
institutions
SECURITY SERVICE OF UKRAINE

Ukrainian cyber threats


АРТ - attacks
Criminal
Supply-chain APT-29 Shadowpad
Pawn Storm Buhtrap Turla
Hellsing Ursnif CCleaner
(ver. 5.33)
BlackEnergy2 Sofacy
FakeToken
Armageddon Poseidon Ztorg
Animal Farm Armageddon Sofacy
Carbanak Gcat mod Armageddon

2015 2016 2017

Equation BlackEnergy3 Bad Rabbit


APT28 Emdivi DarkTrack
Naikon Potao NotPetya
Wild Neutron
BlackEnergy4 WannaCry
Cozy Duke ZeuS Dvmap
BlackEnergy3 Bolek/KBOT BlackEnergy
Duqu 2.0
Carbanak -X-
Potao
SECURITY SERVICE OF UKRAINE

MISP-UA – MALWARE INFORMATION SHARING PLATFORM


MISP USED BY INTERNATIONAL ORGANIZATIONS SUCH AS
NATO NCI Agency, FIRST, CIRCL, CiviCERT
SECURITY SERVICE OF UKRAINE

GOALS OF OUR PROJECTS

• MISP-UA – share malware IOC for prevention, timely detecting


and counteraction cyber threats,
• Introduction sensors in objects of critical infrastructure for timel
y detection new cyber threats (using SIEM – security informatio
n event management).
[ National Information Security Technical Course ]

Guatemala
| Carlos David Figueroa Guevara
COUNTRY

Information Systems Directorate


Carlos David Figueroa Guevara

Security Technical Expert Course


October 29 ~ November 2, 2018
Republic of Guatemala
Capital Ciudad de Guatemala

Government Democratic

President Jimmy Morales Cabrera

Population 17.4 millones (2018)

Total Surfac 108,889 square kilometers

Political Division
and Administrative 22 States
Population by Sex 48.7% Male
51.3% Female

Official Language Spanish

Currency Quetzal (Q)

Zona Horaria UTC-6


ICT STATUS OF THE COUNTRY
• Human Resources: Bilingual staff highly trained in technology languages with worldwide
recognized certifications.

• Connectivity: Excellent connectivity and redundancy. Modern fiber optic infrastructure, Three
main carriers and 19 ISPs., Connected to NAP by means of three independent submarine
cables.

• Technology: World class services, including QOS, MPLS (implemented for 5 years),
TrafficShaping, failover / failback and disaster recovery.

• In 2017 Guatemala was the fourth country in Latin America most prone to cyber attacks

• Cyber attacks 54% of users have been affected by malicious contend


(The biggest threat is the Trojans)
Statistics threats
Updated data until October 16, 2018
Minister of Labour and Social Prevention
Mission Vision

We are the State institution responsible for To be a Strengthened, competent,


ensuring and promoting effective and modern and reliable Ministry that
effective compliance with legislation, policies a
promotes a culture of respect for labor
nd programs related to work and social w
elfare, for the benefit of society. legislation and the welfare of society

Objective
To direct and orient the labour and social policy of the country.

Promote and guarantee freedom of association.

To promote and harmonize labour relations between employers


and workers.

To promote the development and improvement of the health and safet


y system at work and social welfare.

Enforce the legal system relating to work and social welfare.

To promote technical and professional training.


Information Systems Directorate – DISI
Main Roles

• The Information Systems Directorate is responsible for safeguarding, applying,


formulating, and proposing technological solutions for the Ministry of Labor and
Social Security. Through the issuance of policies and procedures according to the
needs of the institution

• Centralization of the labor information generated through the administrative support


systems developed and maintained by the Management
ICT PROJECTS
Projects Goals Period

Methodology of security for Establish a new methodology fo Project Period : 2018-2019


Minister of Labor and Social r standardizing security protoco
Prevention Data Center ls Bidding Period : Undefined
within networks, servers, comp
Budget : Undefined
uters, and logical designs to
enhance overall security.
COOPERATION BETWEEN GUATEMALA AND KOREA
In Ministry of Labour and Social Prevention
Standardize development processes, Change Control in and implementation of
Infrastructure Analysis. Review and advice on the implementation of control processe
s.
ended goals :
. Change Control Management in software development
. Standardize security protocols within networks, servers, computers
and logical designs for improve overall safety
• Implementing Process to centralized code source management
• Review and modification of procedures internal about IT management
goals in process
• Implementing MDM Database
• Restructuring Local Area Network and implementing new security standards
THANK YOU! GRACIAS!
[ National Information Security Policy Course ]

Sri Lanka
| Kanishka Karunasena
SRI LANKA

Sri Lanka CERT|CC


Ministry of Telecommunication and Digital Infrastructure

Dr Kanishka Karunasena
29-10-2018

Cyber Security Policy Training


ICT STATUS OF THE COUNTRY
Computer
Ownership Broadband Telephone
23.5% Subscriptions Subscriptions Telecomm.
Infrastruct
Urban: 39.9% Fixed 2.65 % Fixed 12.49% ure Index
Rural: 21% Wireless 7.8 % Mobile 103.1% 0.2445
Estate: 5.1%
Devices use to Connect to Internet
Internet usage Desktop or Laptops 38.1% Online e-Government
Service Development
21.3% Smart Phones 56.9% Index 0.5445
Index
Email usage 11% Tablets 2.1% 0.6522 Rank 79

Mobile Phones 2.9%


a. Computer Literacy 28.3% (A person could use computer
by own) Human
Capital
(Urban 41.1%, Rural 26.5%, Estate 9.5%) Index
b. Digital Literacy 38.7% (A person use computer, laptop, 0.7369
tablet or smartphone by own)
(Urban 54.5%, Rural 36.4%, Estate 16.4%)
Incidents Types 2012 2013 2014 2015 2016 2017

Phishing 08 08 12 14 23 26
Abuse/Privacy Vio 08 08 08 21 32 21
lation
Scams 06 18 12 18 12 16
160 141
Malicious Softwar 02 02 03 12 21 30
e/ Ransomware 140 118 143

Financial Frauds - - - 10 16 24 120 117


Compromise of W 15 16 56 20 10 11
100
ebsites
80
Compromise of E 06 08 10 16 16 11 71 75
mails 60
50
IP Violation 03 03 03 03 07 04 40
44
Unauthorized Acc 01 11 08 - - - 20
ess
0
DoS/ DDoS 01 01 06 03 04 -
4000

3500 3537
3537 Social Media Related Incidents Reported

3000 2850

2500
1947 fake social media 2250 2200
accounts 400 photo 2000
785 hacking social media abuse
accounts 1500 1425
1200
1000 1100
47 17
threatening pornographic 500
53 involving videos Other 281
misuse of 80
phone 7 copyright 0
numbers violations 2010 2011 2012 2013 2014 2015 2016 2017
SRI LANKA CERT
Vision
• To be Sri Lanka’s flagship organization and trusted source of advice on th
reats and vulnerabilities to Information Systems through proactive preve
ntion and effective action.
Mission

To be the single and the most trusted point of contact for Information Security in
Sri Lanka

• Sri Lanka (CERT) is the single trusted source of advice about the latest thr
eats and vulnerabilities affecting computer systems and networks, and a
source of expertise to assist the nation and member organizations, in resp
onding to and recovering from Cyber attacks.

• It was set up in June 2006, now functioning under the Ministry of Teleco
mmunication and Digital Infrastructure.
Establishment of Governance Framework
Establishment of a governance framework to implement

Projects
national information and cyber security strategy.

Enactment and Establishment of Legislation, Policies a


Our vision is to create a resilient and nd Standards
Formulation of legislation, policies, and standards to cre
trusted cyber security ecosystem that ate a regulatory environment to protect individuals and
organizations in the cyber space.
will enable Sri Lankan citizens to realize
the benefits of digitalization and to Resilient Digital Government and Infrastructure
Work with public authorities to ensure that the digital go
facilitate growth vernment systems implement and operate by the them h
Establishment ave the appropriate level of cyber security and resilience
of Governance
Framework
Development of Competent Workforce
Public-Private,
Local-
Legislations,
Policies and
Development of a skilled and competent workforce to m
International
Partnerships
Standards eet future demand.

Vision Raising Awareness and Empowerment of Citizens


Make our citizens more competent in protecting their id
Resilient
Awareness and Digital entity, privacy and economic assets in the cyber space.
Empowerment Government
of Citizens and
Infrastructure
Development of Public-Private, Local-International Par
Competent tnerships
Workforce
Development of public-private, local-international partn
erships to create a robust cybersecurity ecosystem.
CHALLENGES
• Overall ICT readiness of the country is poor
• Did not have a strategy for facing modern cyber
related threats
• Lack of awareness of citizens on cyber security.
• Lack of readiness in the public service
• Un availability of appropriate laws
COOPERATION BETWEEN SRI
LANKA AND KOREA

• Closely work with CAMP

• Implemented Lanka Government Network by


Samsung networks
[ National Information Security Policy Course ]

Uzbekistan
| Farrukh Abduvakhidov
Republic of Uzbekistan «Electronic Government»
system development Center

Information Technology
Development Department

FARRUKH ABDUVAKHIDOV

From October 29 - November 2, 201


8
with the length of 4 days
Information Security Policy Course

http://uzbekistan.travel
http://e-government.uz/uz
UZBEKISTAN PROFILE 2

Location: The Republic of Uzbekistan is situated in


the central part of Central Asia.Uzbekistan borders
Turkmenistan, Kazakhstan, Kyrgyzstan, Tajikistan
and Afghanistan in the South.

Administrative and Territorial Structure:


Autonomous Republic of Karakalpakistan, 12
regions, 226 cities and districts.

Capital: Tashkent

Independence date: 1st September 1991


(from Soviet Union)
National Symbols:
Flag of Uzbekistan, Emblem of Uzbekistan.

Area: 448,900 km2, Land: 425.400 km2,


Water: 22,000 km2

Population: 33 million, youths (up to 25 years) – 60%

State language: Uzbek


ICT OF UZBEKISTAN:
HUGE UNEXPLORED POTENTIAL & OPPORTUNITIES

✓ > 12 million internet users ✓ ICT share in GDP: 2%


✓ > 23 million mobile users ✓ Software industry is currently
at Initial stage
✓ 5th fastest developing state
✓ Very high literacy rate
in the world

ICT DEVELOPMENT – GOVERNMENT’S TOP PRIORITY

> 33,1 MILLION > 60% > 3 MILLION


POPULATION YOUTH POPULATION TASHKENT CITY
[3rd largest state in CIS] (up to 25 years) POPULATION
e-Government status
Uzbekistan
E-Government Architecture

9
2015-2019
ICT Infrastructure
Development Program POPULATION BUSINESS
(9 projects)

The Single Interactive Websites of

28
2013-2020 State services Portal Government Bodies
E-Government
Development Program
(28 projects)

Database of Database of
7 Public Health Entities Individuals
TAX 1

8 Education Procurement 2

9 Public Utilities Database of Budget 3


Real Estate
Database of
Transport
10 Justice-2 Clearing 4

11 State Management Customs 5


Database National
12 License Guides & Classifiers GIS Pension 6

Data Center
“Electronic Government” system development center under the Ministry for development of
information technologies and communications of the Republic of Uzbekistan on the basis of the
government decision (RCM No. 250 dated September 16, 2013), whose main tasks are:
▪ Developing strategic directions for further development and improvement of "Electronic government" system on the
basis of the analysis and research of global trends and the experience of foreign countries;

▪ Providing a single technological approach on formation of Electronic government system, which provides a consistent
mechanism design, development and integration of information systems, information resources and databases used in gover
nment organization, the organization of normative-methodical support of projects of "Electronic government";

▪ Arranging of a systemic reorganization of functional and operational processes of government authorities’ activity,
preparation of proposals on optimization, improvement and implementation of innovative mechanisms for managing busines
s processes associated with the provision of public services;

▪ Conducting target analysis and preparation of proposals on improvement of the existing legal framework for the effective im
plementation of the "Electronic government" system;

▪ Conducting systematic monitoring and evaluation of the implementation and development of information and
communication technologies, including the study on the effectiveness of implementation of information systems and resourc
es, conducting system of rating on the implementation effectiveness of information and communication technologies in the a
ctivities of state bodies within "e-Government" system.

▪ Developing a method for determining the key performance indicators of the effectiveness of the provision and use of
online government services, the target indicators and implementation indicators of projects within the “Electronic government
” system.
http://e-government.uz/en/menu/umumiy-malumotlar
Major e-Government
projects in detail
THE UNIFIED PORTAL OF INTERACTIVE PUBLIC SERVICES

my2.gov.uz
The Unified Portal of Interactive Public Services is established in 2013,
currently provides around 300 types of modern and popular public services, including electronic b
usiness registration. The new version (my2.gov.uz) was launched in May, 2017
Discuss the regulatory and legal
documents’ drafts openly

Preparing for discussion - 133

Is being discussed - 33

Discussed - 1060

To be revised - 16
1306 Doc.s

Accepted - 64
UZBEKISTAN OPEN DATA

data.gov.uz

• Launched in 2015
• 3735 datasets on 18 topics
• 129 data agencies
• 3035k downloads
• API for apps
UNIFIED IDENTIFICATION SYSTEM ID.GOV.UZ
Launched in October, 2016

Advantages:
1. One account - all
e-government systems
2. Individuals and legal entities
identification
3. User data privacy
List of connected resources
Single window
centers

The portal of electronic Portal of municipal


and housing fund – ek.uz
licensing - license.gov.uz
E-LICENSING LICENSE.GOV.UZ

41 from 62
Licensed
types of activities

128 363
entries in the register o
f licenses and permits

State Agency Number of licenses


MITC 5088
Ministry of Justice 3642
Ministry of Agriculture and Water Resources 2656
Ministry of internal affairs 870
Agency on intellectual property 389
A SINGLE PLATFORM FOR SOCIAL INITIATIVES

A single platform for social initiatives


(petition.gov.uz) was launched in April, 2018

1. What is an electronic collective appeal?


It is a electronic appeal filed in accordance with the established procedure through the
web portal “Social initiatives”
2. Who can submit an electronic collective appeal?
All citizen of the Republic of Uzbekistan, who has reached the age of eighteen by the day
of submission of the application
3. What is the purpose of the web portal “Social initiatives”?
The main purpose of this portal is to develop and strengthen the civil society, the protection
of human and civil rights, the participation of citizens in the management of state affairs.
4. What is the main features of this portal?
Submit your appeal;
To see the submit applications;
To vote for the placed appeals;
Get information about the progress and results of the implementation of collective appeals.
Development strategy
Rise to top 30 in the UN e-Government Rise in the World Bank’s “Doing Business”
index Survey Index to top 30 by 2020

Develop a central database of individuals, Establishment of Center for supporting the


legal entities, vehicles, real estate etc., so development and introduction of innovative
that state authorities can jointly use this projects to provide the enhancement of
central database to reduce time and innovation activities and realization of
inconvenience for the public scientific and technical products
Enhance large-scale organization of computer
Further develop e-Government with literacy trainings for citizens and business,
smart technologies, full integration of enabling them to effectively use the
e-Government services, widespread use opportunities created. Interactive kiosks will
of mobile technologies bee installed throughout the country to expand
public access to e-Government services
Further development of broadband internet
Train international level IT specialists, and
access based on fiber-optic communication
organize educational and academic programs at
lines, as well as improving the reliability of
Tashkent university of information technologies
telecommunication networks, enabling data
and Inha University in Tashkent in compliance
protection and information security of the
with international standards and in partnership
national information and communication system
with international institutions of higher learning
KOREAN-UZBEK COOPERATION
PROJECT
NAME OF ORGANIZATION NAME OF PROJECT
STATUS

Increasing computer literary of wider population in Uzbekistan


Korea International
through the establishment of specialized centers in the 2016-2018
Cooperation Agency (KOICA)
framework of "IT basics program“.

Individuals and legal entity database system;


LG CNS Integrated Platform for the e-Government System; 2015-2017
New version of Single portal of interactive government services

Feasibility Study on Implementation of Common Groupware for


THE BRIDGESOFT INC 2015-2016
Administrative Agencies in Uzbekistan

Korea Local Information


Feasibility Study on Establishing Master plan for Regional 2015-2016
Research & Development
Informatization
Institute (KLID)
National Agency for the
development of the
Cooperation and expanding the usage of open source software,
information technology 2016
implementing them in e-Government and education
industry of the Republic of
Korea (NIPA)
❖ Korea-Uzbekistan IT Cooperation Center (2013)
❖ Mr. Kim Nam-Seok appointed as Deputy Minister
for Development of Information Technologies and
Communications (2013)
❖ Mr. Chul Soo Lee appointed as Vice President -
ICT Adviser of Tashkent University of Information
Technologies (2013)
❖ Inha University in Tashkent (2014)