Sharing Good Practices

Public Information Security & PPP Project : Perspective Bangladesh

A.N. M. Safiqul Islam

Director( Deputy Secretary)

Bangladesh Hi-Tech Park Authority

ICT Division

29 November, 2011Singapore

Location of Bangladesh

Initiatives in Bangladesh

• 1998 Telecom Policy introduced.

• 2001 Telecommunication Act was formulated

and led to formation of BTRC.

• 2001 Formation of Ministry of Science & ICT.

• 2002 ICT Policy was formulated.

• 2008 -Submarine Cable (SEA ME WE-4)

• 2009 - Formulate ICT Policy 2209 with

a specific Vision,

10 objectives,

56 Strategic themes and

306 Action Items

• ICT Road Map and e Government Strategy.

Vision-2021 : Digital Bangladesh

To transform the country as a mid income country within 2021 and High Income country within 2030 by using ICT.

Digital Bangladesh Bangladesh to become a middle income country by 2021

Transparency Efficiency Efficiency

Public Network Public Network Computerization Computerization

To improve

Government efficiency

and promote

interaction between

governments Ministry/

Divisions, Departments,

Districts and Upazillas

by construction of

Government network

infrastructure

Interaction Interaction

To use ICT system within

the public administration to

improve efficiency and

transparency, reduce

wastage of resources,

enhance planning and raise

the quality of services.

To maximize the

computerization of work

processes and resources

through integrated

information management

system enabling real time

administration.

To construct a public network

as a backbone for the

effective implementation of

e-Government

Public Admin. Public Admin. Enhancement Enhancement

Integration Integration

Digital Bangladesh 2021

5/75

Initiatives in e-governance

Bangladesh has adopted different initiatives to ensure effective e-governance

Institutional Arrangement

• Digital Bangladesh Task Force headed by

Hon‟ble Prime Minister.

• Information & Communication Technology

Division

• Bangladesh Computer Council

Gov website

Offers limited,

basic, static

info.

Phase 1

Emerging

Content and

Information

is updated

with greater

regularity

Phase 2

Enhance

Form can be

downloaded;

Applications

submitted

online

Phase 3

Interactive

Users can

actually pay

for services or

conduct

financial

transactions

online

Phase 4

Transactional

Total

integration

of e-functions

and services

across

administrative

/departmental

boundaries

Phase 5

Seamless

Some Important Initiatives

MRP & MR

National ID Card

Information Service Centre in Union Level

Custom House Automation

e-GP

PKI and Digital Signature

Cyber Crime Forensic Lab

• Information generation is increasing

tremendously.

Information

'Information is an asset which, like other

important business assets, has value to

an organization and consequently needs

to be suitably protected‟

Information could be:

• Created

• Stored

• Destroyed

• Processed

• Transmitted

• Used

• Corrupted

• Stolen

ISO 27002:2005 defines Information Security as the

preservation of:

Confidentiality Ensuring that information is accessible only to those authorized to have access

Integrity Safeguarding the accuracy and completeness of information and processing methods

Availability Ensuring that authorized users have access to information and associated assets when required

• Whatever form the information takes, or

means by which it is shared or stored, it

should always be appropriately protected‟

(BS ISO 27002:2005)

Security of Information

The architecture where an integrated

combination of appliances, systems

and solutions, software, alarms, and

vulnerability scans working together

Having People, Processes, Technology,

Policies, Procedures

Monitored 24x7

INFORMATION INFORMATION

Information Security

Security breaches leads to…

• Reputation loss

• Financial loss

• Intellectual property loss

• Legislative Breaches leading to legal

actions (Cyber Law)

• Loss of customer confidence

• Business interruption costs

External act-

-Malicious act

- Hackers

-Accidents

Internal act

-„Doing my Job‟

- Sharing passwords

Network and Data Security

Network Security

It must be developed to

prevent many dangerous

things (hacking, illegal

forgery) from data transfer on

the internet.

Identity validation

Confidentiality

Integrity

Non Receive Repudiation

I

It must be developed to

prevent illegal forgery and

validation for stored data.

Data Security

PKI & Digital Signature

PKI & Digital Signature

• UNCITRAL Model Law

• Enactment of ICT Act 2006

– Digital signature

– Cyber crime

• … … …

• 2009- ICT Act has been amended

• CCA, the regulatory body of the govt. for PKI

in place- at the end of year 2009

• IT (CA) Rules 2010 for Certifying Authorities

Why PKI

• Straight forward technology to ensure

authentication, integrity, confidentiality and

non-repudiation in-

– E-Governance

– Electronic Commerce and E-transactions

– e-Services

– E-Procurement and so on

• Paperless government offices

• Successful step towards Digital Bangladesh

PKI Model

The sense of ICT Act 2006 refers

Hierarchical PKI model for Bangladesh-

Progress----

- ICT Act 2006 and IT(CA) Rules 2010

o - CCA has been appointed by the government

• - Necessary guidelines, e.g.

– - Licensing guideline

– - CPS guideline

– - Audit guideline

– - Interoperability guideline

• - CA License – 6 companies

• - Set up of Office of the CCA under ICT Division

• - Audit panel

• - Root CA Infrastructure

• - Tier-III Data center (National certificate repository)

• - Training and workshop on PKI issues

• - Awareness raising program throughout the country

Cyber Crime Forensic Lab

A cyber Crime Forensic Lab is going to be

established by RAB to investigate the

cyber crime and to identify the criminal.

Bangla GovNet Project

Bangla Govt Net Project

- It is a Public Network to connect all the Government entities throughout the country under a single Network.

• -To ensure a Basic Infrastructure for e-Government.

• -To ensure a Secured Connectivity among all the Government entities.

• -To ensure e-Governance through an integrated common platform.

Bangla GovtNet- con‟t

• 65 Ministries / Division, 114 Department, 64 DC Offices and

64 Upazilla offices will be connected through the Net work.

• Another Project Info-Sarker is launching soon to connect

rest of e Upzilla Level and Upazilla Level Offices.

Electronic Government Procurement

e-GP

Introducing good governance in public

procurement with the establishment of a

unified national procurement framework

and institutionalizing the procurement

management capacity.

Objectives of e-GP

To ensure economy, efficiency,

transparency, fairness and better

value for money.

PROMIS

The MIS was developed based on criteria

set by the The Government and Dohatec

New Media implemented the same and it

came to known as “PROMIS”

E- GP

In the first phase, e-Tendering will primarily be introduced

on pilot basis in -

- CPTU and

- 16 PEs under Bangladesh Water Development

Board (BWDB), Local Government Engineering

Department (LGED), Roads and Highways Department

(RHD) and Rural Electrification Board (REB)..

Custom House Automation

Custom House Automation

• Two Custom Houses has been Automated

- Chittagong

- Dhaka

Uniqueness of the Project

This has been developed as PPP initiative and has been one of the fist PPP project in this area.

No cash expense from the GoB exchequer

Unique Partnership between Chamber , IFC , C&F agent‟s association and Technology Provider DataSoft

The Project personnel only works with technological facilitation and do not intervene in any decision making process

This project is a Built Own Operate and ( BOOT ) for fixed time period

Current Major Stakeholders

• SITA

• Airline Agent Feeder

• Airline Operator

• Airline Express

• C&F Agents

• Airport Custom

• Custom Intelligence

• Bond Commission

• ICD

• PSI

• EPZ

• NBR

• Sonali Bank

Technology Uniqueness

• Extreme example of Opensource Software usage

in business environment , hence no licensing fees

payable

• Java and PHP based applications development on

a secure computing environment

• Workflow based web environment with more than

10 stakeholders connected

• Dash board driven approach adapted

28 December 2011 DataSoft Management Services Doc ID : CCHA-08-007 40

System Architecture

Security

Interface

SITA

C and F

Custom

Busin

ess

Asycuda +

+

Data

Exchange

Asycuda++

db

CHA

db Shipping Agent

Freight Forwarder

Advantages

• Improve Efficiency of various stakeholders

• Save Time for various task and thus reduces the

cost of doing business

• Improve Productivity

• Better accountability for various stakeholders

• Fosters transparency among the stakeholders

by letting the information flow better

• Ensure better Auditing

• Unique model for govt. services Automation

Challenges

Adjusting PKI in the existing culture.

Inadequate Human Resources.

Preparedness of Local Software Companies.

Legal variance related to PKI

Stable PKI framework for the country

Business case of PKI for its survival

PKI in e-govt. applications

Managing PKI

Cross border acceptability of Bangladesh Digital signature.

Access to ICT by Citizens, Business.

Resoureces

Q & A