160 likes | 183 Views
e-Government Information Security. Jay Garden INFOSEC Assessments Government Communications Security Bureau. Government Online Services. Treasury’s Crown Financial IS Land Information NZ FoRST Health Intranet irFile … many more on the way information transactions voting / referendums.
E N D
e-GovernmentInformation Security Jay GardenINFOSEC AssessmentsGovernment Communications Security Bureau
Government Online Services • Treasury’s Crown Financial IS • Land Information NZ • FoRST • Health Intranet • irFile • … many more on the way • information • transactions • voting / referendums
E-Government Initiatives • SSC E-Government Unit • SENSITIVE and IN-CONFIDENCE • Secure Electronic Environment (SEE) • SEE Mail (gateway-gateway secure mail) • SEE Key (public key certificates)
SEE Overview Certificate Store Certification Authority INTERNET SSC Treasury DPM&C
SEE Key • Public Key Infrastructure • authentication within Government • development of the framework, not the Certification Authorities • much more that just cryptography • certificates for citizens ?
E-Government Initiatives • SSC E-Government Unit • SENSITIVE and IN-CONFIDENCE • Secure Electronic Environment (SEE) • SEE Mail (gateway-gateway secure mail) • SEE Key (public key certificates) • National Information Infrastructure
National Information Infrastructure • Integrity & availability of critical systems • utilities: power, water, telecomms • emergency services • transport • finance • government • Most components not controlled by Govt • Some are out of the country • Coordination rather than control
E-Government Initiatives www.e-government.govt.nz
INFOSEC Technologies • Firewalls • Intrusion Detection • Vulnerability assessment • Authentication tokens, biometrics, single sign-on, remote access • Public key - digital signatures and encryption • Content filtering
Enigma • Combination of • rotor selection, wiring and position • plugboard configuration • Rotor advances with each keystroke
Enigma • Combination of • rotor selection, wiring and position • plugboard configuration • Rotor advances with each keystroke • 3 rotors - 3.28 x 10114 combinations • ~1080 atoms in the visible universe !! • 4 rotors - 2.33 x 10145 combinations
Breaking Enigma • Overconfidence led to procedures not being followed • Weak and reused keys • known plaintext attacks • Lessons equally applicable to current COMSEC and COMPUSEC mechanisms
QUESTIONS? www.gcsb.govt.nz