CC7178NI Cyber Security Management

Security Policies & Practices For E-Government

50% Group Coursework

2020-21 Spring

Student Name:
London Met ID:
College ID:
Assignment Due Date:
Assignment Submission Date:
Word Count:

I confirm that I understand my coursework needs to be submitted online via Google Classroom under the relevant module page
before the deadline for my assignment to be accepted and marked. I am fully aware that late submissions will be treated as
non-submission and a mark of zero will be awarded.
Cyber Security Management CC7178NI

Abstract
With the rise of technology and digital transition, e-government has been an important
medium for the government and its citizens to interact. It has been very helpful to both the

1
Cyber Security Management CC7178NI

Table of Contents
Table of Figures …..….……………………………………………………………………….3
Table of Abbreviations....…..……………………………………………………….………..4
Introduction……………………………………………………………………………..……5
General Introduction……...………………………………………………………....…….5
Problem Background.…….………...……………………….………………………....…..6
Current Scenario…………….…………………………….……………………………….6
Status of e-government security in Nepal…….…….…….……………………….6
Literature review…….……………………………………………………………………….8
e-Government……….…………………………………………………………………….8
Information security ….…………………………………………………………………..11
Designing Robust Security Policies & Practices for e-Government. …………………….11
a. Security Policies…….………………………………………………………..12
b. Security Practices..…………………………………………………………...13
Critical Analysis….………………………………………………………………………....14
3.1 Case Study 1 : Data breach on US Federal government..….………………………..14
3.1.1 Background..……….……………………………………………………....14
3.1.2 Objectives……….….……………………………………………………...14
3.1.3 Issue Identification....………………………………………………………15
3.1.4 Mitigation………..………………………………………………………....16
3.1.5 Case Study Summary……..………………………………………………..17
3.2 Case Study 2: Massive Cyber Attack on Atlanta City Government………..……….18
3.2.1 Background…...…………………………………………………………....18
3.2.2 Objectives...………………………………………………………………...19
3.2.3 Issue Identification……....…………………………………………………19
3.2.4 Mitigation ..………………………………………………………………....19
3.2.5 Case Study Summary…………..…………………………………………..20
Conclusion……..…………………………………………………………………………….21
References……..…………………………………………………………………………….22

2
Cyber Security Management CC7178NI

Table of Figures
Figure 1: E-governance security architecture (Joshi A, 2012, pp-254-257)...................…...5

Figure 2: Top security threats on e-government (ictpost, 2013)……………………...........7

Figure 3: Estimated Average Loss from Cyber Attacks (Smith, Z., Lostri, E., 2020)...........7

Figure 4: Types of e-Government Transactions ………………………….....……………...8

Figure 5: the process of data breach (TrendMicro. Data Breach)……………....………..... 9

Figure 6: DDoS attack on a client (Cloudflare)……………………………………..….…10

Figure 7: CIA triangle of Information Security ( Tyson, J., 2019)……………………...….11

Figure 8: Components of a Robust Cyber Security Policy [9]………...…………….…….12

Figure 9: Solarwind attack timeline (Panettieri. J., 2021)……….……………...….....…..14

Figure 10: Solarwind attack process ( Zorz, Z., 2020)……………………………...….....15

Figure 11: Stats Showing e-government services mostly affected by Ransomware ( Panettieri.
J., 2021)….….….….….….….….….….….….….….….….….….….….….….…………..17

3
Cyber Security Management CC7178NI

Table of Abbreviations

Abbreviated Word Full-Form

CIA Confidentiality, Integrity and Availability

CISA Cybersecurity and Infrastructure Security

Agency

DDoS Distributed Denial of Service

email Electronic mail

e-government Electronic government

FBI Federal Bureau of Investigation

gMSA Group Managed Service Account

ICT Information and Communication

Technology

IDS Intrusion Detection System

IT Information Technology

NIST National Institute of Standards and

Technology

US United States

4
Cyber Security Management CC7178NI

Introduction
a. General Introduction
Modern government has been gradually moving to e-government operations.
e-Government is the utilization of ICT assets to provide services to citizens. This has
made the government and its citizens closer.

Figure 1: E-governance security architecture (Joshi A, 2012, pp-254-257)

Security policies and practices are essential to protect Information and communication
technologies(ICT) assets of e-government.

So every government has taken initiatives to create an expert IT security team to

outline good security policies and practices for e-government operations including its
entities like government, citizens etc.

5
Cyber Security Management CC7178NI

b. Problem Background
Not a single element of the digital world is free from cybersecurity risks, so there is
no chance of e-government being risk-free too. There are many issues faced in
e-government implementation and its ongoing operations.

c. Current Scenario
Worldwide e-government systems have been facing various security threats. It has
affected the data and information of citizens and government bodies. In figure 3 we
can see how the loss from cybersecurity is increasing every year and only in 2020 it
was near 1 trillion dollars.

Figure 2 shows top security threats occurring in e-government.

6
Cyber Security Management CC7178NI

Figure 2: Top security threats on e-government (ictpost, 2013)

Figure 3: Estimated Average Loss from Cyber Attacks (Smith, Z., Lostri, E., 2020)

Status of e-government security in Nepal :

The first IT policy of Nepal was proposed in 2000 B.S. This policy aims to connect all
ministries, departments, and offices with the government. The policy was altered and
updated many times since then.

7
Cyber Security Management CC7178NI

Literature review

a. e-Government
e-Government is the implementation of information communication technologies that
work as tools to provide different services to people.

e-Government consists of transactions between :

- Government & citizen ( G2C )
- Government & Employees ( G2E )
- Government & Business ( G2B )
- Government & Government ( G2G )

Figure 4: Types of e-Government Transactions

There is another term that comes frequently with e-government called e-governance
which refers to the utilization of information and communication technology (ICT)
for providing government services, disseminating information, and communication
operations with the general public [5].

Advantages :
- Provide uninterrupted service to citizens minimizing time and cost.
- Assists in improving services, understanding citizens feedback and
requirements.
- Helps minimize government operational costs.

8
Cyber Security Management CC7178NI

- Increases interactions between public and government.

- Helps in the sustainable development of the country.
Disadvantages :
- All citizens do not have access to the internet and smart devices.
- Initial development cost is high.

Threats to e-government include

- Data Breach: It’s intentional or unintentional exposure of confidential

information to unauthorized users. Many attackers break confidential data to
the public for fun or profit.

Figure 5: the process of data breach (TrendMicro. Data Breach)

- Distributed Denial of Service(DDoS):

9
Cyber Security Management CC7178NI

Figure 6 : DDoS attack on a client (Cloudflare)

- Malware:

- Ransomware:

- Phishing:

- Lack of user awareness:

- User to Root (U2R) attack:

- Packet Sniffer:

10
Cyber Security Management CC7178NI

b. Information security
Information security is the protection of user information from unauthorized access
and maintaining its integrity. Information security is defined by the CIA triangle :
- Confidentiality: involves keeping the information private and only accessed by
authorized users.
- Integrity: involves data that cannot be modified.
- Availability: involves the data can be available anytime to its requested user.

Figure 7: CIA triangle of Information Security ( Tyson, J., 2019)

c. Designing Robust Security Policies & Practices for

e-Government
Here we’ll talk about how to design robust security policies and practices for security
e-government. We’ll also discuss some examples of the best security policies and
practices that organizations have implemented to protect their data and information.

11
Cyber Security Management CC7178NI

Figure 8: Components of a Robust Cyber Security Policy [9]

Some examples of common security policy and practices that organizations have
implemented are :

a. Security Policies
-

12
Cyber Security Management CC7178NI

b. Security Practices
-

13
Cyber Security Management CC7178NI

Critical Analysis

3.1 Case Study 1 : Data breach on US Federal government

3.1.1 Background
In 2020, many US government agencies and lots of organizations around the world found a
serious data breach attack.

Figure 9: Solarwind attack timeline (Panettieri. J., 2021)

14
Cyber Security Management CC7178NI

Figure 10: Solarwind attack process ( Zorz, Z., 2020)

3.1.3 Issue Identification

In December 2020, a cybersecurity firm FireEye found that hackers had inserted malicious
code on SolarWind’s Orion software which was used to steal confidential information from
various private and federal organizations.

Over 3000 email accounts of the Department of Justice have been accessed [12]. Also, the
Department of Homeland security reported its top officials' email accounts were also

15
Cyber Security Management CC7178NI

accessed. In some agencies, it appeared that the attacker had altered records and settings
which needed manual review.

3.1.4 Mitigation
Cyber Security policies and practices of government and organizations should be updated
along with time. Following were some of the mitigation policy that was applied immediately
[18] :
1.

Some more mitigation security policies and practices to prevent such data breach to occur in
future are :
1.

16
Cyber Security Management CC7178NI

7.

3.1.5 Case Study Summary

From the case study, it is seen that e-government systems are insecure if proper security
policies and practices are not implemented in place. The e-government of the United States is
considered one of the good e-government systems and its security is also known to be great.
But we found out how the attacker used a compromised software to get access to the whole
system and breached the data.
So implementing best security policies and practices are critical for every e-government
system.

17
Cyber Security Management CC7178NI

3.2 Case Study 2: Massive Cyber Attack on Atlanta City

Government

3.2.1 Background
In March 2018, the city of Atlanta faced a huge cyberattack on its multiple services leading
to a big loss. The attackers used multiple attempts and techniques including ransomware
attacks.

Figure 11: Stats Showing e-government services mostly affected by Ransomware (

Panettieri. J., 2021)

18
Cyber Security Management CC7178NI

3.2.3 Issue Identification

On March 22, 2018, officials of the city of Atlanta found something unusual on the City's
network and later when employees signed in to the system they found that there had been a
ransomware attack.

3.2.4 Mitigation
If the City of Atlanta had implemented proper security policies and practices it would have
prevented such huge loss. Following security measures can be implemented to prevent such
attacks in future :
1. Frequent auditing of software and applications used by the city.
2.

19
Cyber Security Management CC7178NI

4.

3.2.5 Case Study Summary

From the case study, we learned that we should give keen attention to follow proper security
policies and practices. Even with a small mistake like using a weak password or not updating
software on time, governmental systems will have to face a huge loss.

20
Cyber Security Management CC7178NI

Conclusion
E-government is now an important part of the country's economy. The benefits provided by it
are numerous. But along with its benefit, the risk of security threats and sensitive information
leakage has been increased.

21
Cyber Security Management CC7178NI

References
[1] Joshi A., Tiwari H., 2012. Security For E-Governance. Journal of Information and
Operations Management, vol. 3, no. 1, pp-254-257

[2] ictpost, 2013. Security vulnerabilities and threats existing in the e-Governance. Available
at: http://ictpost.com/security-vulnerabilities-and-threats-existing-in-the-e-governance/ [
Accessed April 28, 2021 ].

[3 ] Introduction to e-Government and its Scenario in Nepal, Available at:

https://drc.nitc.gov.np/assets/img/downloads/200812043455MODULE_III.pdf. [ Accessed
April 21, 2021 ]

[4] vir, 2020. Spurring e-government initiatives. Available at:

https://www.vir.com.vn/spurring -e-government-initiatives-75704.html [ Accessed April 26,
2021 ].

[5] Singh, H., 2017. What is the difference between e-Government & e-Governance?.
Available at: https://www.jagranjosh.com/general-knowledge/what
-is-the-difference-between-egovernment-and-egovernance-1503018565-1 [ Accessed April
22, 2021 ].

[6] TrendMicro. Data Breach. Available at: https://www.trendmicro.com/vinfo/ie/security

/definition/data-breach [ Accessed April 26, 2021 ]

[7] Cloudfare. HTTP Flood Attack. Available at:

https://www.cloudflare.com/learning/ddos/http-flood-ddos-attack/ [ Accessed April 22, 2021]

[8] Tyson, J., 2019. The CIA Triad. Available at: https://blog.jamestyson.co.uk/the-cia-and-
dad-triads [ Accessed April 23, 2021 ]

[9] PUBLIC DATA AT RISK: CYBER THREATS TO THE NETWORKED

GOVERNMENT. Available at :
http://103.28.101.10/project51new/training/PublicDataAtRisk_ Cybersecurity_Apr2015.pdf [
Accessed April 23, 2021 ]

[10] Zorz, Z., 2020. Hackers breached U.S. government agencies via compromised
SolarWinds Orion software. Available at: https://www.helpnetsecurity.com/2020/
12/14/compromised-solarwinds-orion/ [ Accessed May 1, 2021 ]

[11] Panettieri. J., 2021. SolarWinds Orion Security Breach: Cyberattack Timeline and
Hacking Incident Details. Available at: https://www.channele2e.com/technology/security/

22
Cyber Security Management CC7178NI

solarwinds-orion-breach-hacking-incident-timeline-and-updated-details/ [ Accessed May 1,

2021 ]

[12] Paul, K., 2021. DoJ confirms email accounts breached by SolarWinds hackers. Available
at : https://www.theguardian.com/technology/2021/jan/06/doj-email-systems-
Solarwinds-hackers [ Accessed May 2, 2021 ]

[13] Eric, C., 2021. Ransomware Facts, Trends & Statistics for 2021. Available at :
https://www.safetydetectives.com/blog/ransomware-statistics/ [ Accessed April 30, 2021 ]

[14] HCCIC, 2018. Report on Ongoing SamSam Ransomware Campaigns. Available at:
https://www.aha.org/system/files/2018-04/corrected-HCCIC-2018-002W-SamSam-Ransomw
are-Campaign.pdf [ Accessed on May 2, 2021 ]

[15] Cyberdefenses, 2019, Local Governments Held for Ransom: Lessons Learned from the
Atlanta Cyber Attack. Available at : https://cyberdefenses.com/wp-content/uploads
/2019/11/Local-Governments-Held-for-Ransom-Lessons-Learned-from-the-Atlanta-Cyber-At
tack-9.24.18.pdf [ Accessed on May 3, 2021 ]

[16] Ozer, M., Varlioglu, S., Gonen, B., Basting, M., A Prevention and a Traction System for
Ransomware Attacks, Conference of Computational Science & Computational Intelligence
(CSCI’19); Dec 05-07, 2019;

[17] Smith, Z., Lostri, E., 2020, The Hidden Cost of Cybercrime. Available at :
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf [
Accessed on May 5, 2021 ]

[18] cyber.dhs.gov, Emergency Directive 21-01. Available at: https://cyber.dhs.gov/ed/21-01/

[ Accessed on May 10, 2021 ]

23