CERT BEST PRACTICES – BULGARIAN CERT AS SERVICE … · Bulgarian CERT as service-oriented organization According to the Law on e-Governance, the Bulgarian national CERT (which affiliate

connect • communicate • collaborate

CERT BEST PRACTICES – BULGARIAN CERT AS SERVICE

ORIENTED ORGANIZATION Slavcho Manolov - BREN

GN3+ TERENA e-Infrastructure Summer workshop Sofia, 16 - 20 June 2014


Service-oriented approach of CERTs

According to authoritative researches, in the recent years the frequency and complexity of Cyber-attacks have significantly increased. The experts assert that we have intervened in the fifth generation of Cyber-crime, characterized not only by multi-level organization and specialization of criminals, but also with application of methods for automation. In this situation the international community has established a new policy and organization of security protection as multi-level infrastructure including international collaboration. The Computer Emergency Response Teams (CERTs) are designed to play a major role in this infrastructure. Owing to the efforts of the international CERT community, primarily CERT/CC, FIRST and TF-CSIRT, and also of institutions, such as NIST and ENISA, the diverse activities of the CERT are described, formalized and standardized thoroughly. That’s why we can treat CERT as a manufacturing enterprise with fully regulated production cycle consisting of flows of business processes. The international best practices clearly show that the most effective way to organize such businesses is the transition to so called service-oriented organization.


Service Oriented Architecture (1)

The Service Oriented Architecture (SOA) is probably the most important technology initiative facing business today. SOA is more than a new direction of technology development in the software industry. It represents a dramatic change in the relationships between business and IT. SOA helps business and IT to unify goals and bridge the gaps between their very separate worlds by establishing a common language and creating a more flexible infrastructure to support changes. Service is a complex and dynamic collaboration between provider and customer. Therefore, companies need to continually optimize the interactions of all the components that make up the service to ensure that changing business objectives are met, and they need to improve both the customer interaction and relationship over time. SOA is architecture for building business applications as a set of loosely-coupled black box components orchestrated to deliver a well-defined level of service by linking together business processes. In other words, Service Oriented Architecture (SOA) is an architectural style that enables the assembly of systems from distributed, federated resources.


Service Oriented Architecture (2)


The nature of electronic services

The electronic services incorporate procedures with varying degrees of automation. In general these are chains of procedures implemented automatically, semi-automatically or manually provided by different suppliers. The modern infrastructure for complex electronic services entails: •  implementation of services as a set of value-added chain; •  centralized management of the process of service delivery in all its "Life cycle"; •  requesting and obtaining the services from "one-stop-shopping" (including territorial distributed ones). This can be achieved by so called "Orchestration of primary services."


Services

Message Exchange Pattern

describe

Operational Requirements

enforce

State

manage

Applications

composed of

Messages

exchange

is a set of Contracts

bound by

contain

Schemas define structure of

governed by Policies

have

Internal structure of the e-Service


The conceptual model of public services, created in the framework of European programme IDABC is shown in the figure below. It is flexible due to the fact that it allows different aggregate services to be created by combining basic public services from multiple providers.

European Conceptual model of public services


The Law on e-Governance (in force as of 13 June 2008, promulgated in State Gazette No 46 of 12 June 2007) regulates three main groups relations, namely: " the ways of providing services to citizens electronically; " the relationships related to the internal exchange of information and

documents, simultaneous movement of paper and electronic documents, assigning them creation, storing and archiving of electronic documents;

" relations associated with the automated exchange of electronic documents between administrative authorities.

As an addition to the law, six regulations, adopted by the Council of Ministers, detail its application.

Bulgarian Law on e-Governance


STATE AUTHORITY

Citizens. Businesses

STATE AUTHORITY

STATE AUTHORITY

Provision of electronic services

Activities related to working with e- documents

Electronic document exchange between

state authorities

Exceptions:

1.  Does not apply to electronic documents containing classified information

2.  Does not rescind regulations for paper documents when a particular format or work order are provided

The scope of the Law on

e-Governance


Key features of the Law (1)

The e-Governance Law and its ordinances define a new type of architecture in the organization of administrative activities. These regulations contain a set of instructions concerning the conduct of the interface of the administrations in their relation with citizens and businesses. For the most part, these instructions concern the provision of administrative services electronically. The unification is the most important element in the transition to the new type of administrative organization, namely “service-oriented activity”. In this regard: a) all requests (external or internal) are treated similarly in respect to the start of administrative processes (in terms of their quality of “initiating documents”); b) all orders (external or internal) to the administration are treated similarly in respect to the launch of its processes (in terms of their quality of “initiating documents”); c) any process started by the initiating document is presented as a sequence of stages of processing of the respective activity; d) each stage is defined in a unified form.


Key features of the Law (2)

In this regard, the organizational and process-oriented aspects of the re-engineering of the administrative information system include: –  unification of the stages of the services and procedures;

–  unification of internal administrative processes;

–  unification of activities fulfilling by administration;

–  formation of the status of implementation of service or procedure;

–  providing an uniform means for control of all activities in the administration;

–  preparation of internal rules for conduct of administrative activities.


Bulgarian CERT as service-oriented organization

According to the Law on e-Governance, the Bulgarian national CERT (which affiliate is the Academic CERT), develops its activities as so called “Service-oriented Organization”. This includes two essential elements:

a) realization of the activities of the CERT as electronic services in the interpretation of the Ordinance on electronic services and the Ordinance on general requirements for interoperability and information security.

This means that the concrete services will be entered in the Register of electronic services, maintained by the State Administration. Also the data elements composing the service must be entered into the Register of information objects.

The structures of both registers are shown below; b) all business processes in the organization are related to flow of

electronic documents and have been managed by an Administrative Information System according to the Ordinance on the internal circulation of electronic documents and documents in hard-copy form in the administrations.

The essence of this system will be described further.


The Register of information objects

Technological Sub-Systems Sub-Registers:

Register

Information Objects

Creation and Processing

User Interface and

Access Management

Sub-Register of the Terms

Sub-Register of the Elements “Nomenclature”

Sub-Register of the Elements “Value”

Sub-Register of the Data Segments

Sub-Register of the Electronic Documents

In the Interoperability context “the Electronic Document” can be defined as “ logically completed self-described information structure, which can be visualized and meanwhile automatically processed by the information systems without human intervention. The e-Document contains tools for undoubted authentication and protection against the illegal access”.


The Register of electronic services

Technological Sub-Systems Sub-Registers:

Register

e-Services Creation and Processing

User Interface and Access Management

Primary (atomic) services

Composite services

BPEL-descriptions XML-descriptions

In the Interoperability context “the primary (atomic) e-Service” can be defined as “autonomous completed and realizable functionality with well defined I/O interface (i.e. e-Documents registered in the i-Objects Register)”.

connect • communicate • collaborate 15

UEEED

BG-Data models

Repository

The infrastructure for e-Services consists of:

•  unified definitions of e-services

•  unified environment for exchange of electronic documents- UEEED

•  centralized resources providing services for persons and companies identification and another services with specialized purposes

•  decentralized resources at the competent authorities allowing them to provide the services within their competence


Electronic services delivered by Bulgarian CERT

Following the above-mentioned regulations, the Bulgarian CERT has developed electronic services in the majority of its main activities. This includes:

1. Electronic service “Obtaining of incident report from constituency”; 2. Electronic service “Requests for receipt of warnings about

vulnerabilities in the specified range of applications”; 3. Electronic service “Entry and update of the Installation Database of

constituency”; 4. Electronic service “Reporting incident to the Commission for

Regulation of Telecommunications according to the Directive 2009/140/EC”


1. Analysis and modeling of business processes 2. Optimization of information resources 3. Automated Process Management and Users Notification Service 4. Automated data transfer with other business systems 5. Centralized maintenance of the records of services 6. Real time management of service requests

The main features of the service-oriented organization


Restructuring operations in the service-oriented organization

A. Functional-oriented organizational events - adoption of service-oriented strategy; - definition and parameterization of services as a set of elementary services (value-added chain), assessment of the possibility of automation of these chains; - adoption of development plan for the business processes and service-oriented projects; - adoption of an organizational structure consistent with the internal interactions in complex services and their centralized management. B.Tehnological-oriented organizational events According to a leading analyst companies the transition to a "service-oriented corporate intelligence" is necessarily linked to the centralized management of information resources of the organization (regardless of physical decentralization of resources) and closer integration between IT infrastructure and organizational structure.


Legislation

Register of the Registers

Register of the Information

Objects

Register of the Electronic Services

Register of the Certified Systems

Register of the Unified

Definitions of the Services

National Nomenclature of

Documents

National Nomenclature of

Records

The National Administrative Data Model


Inter-system exchange through UEEDE

Having in mind that constituency of CERP-Bulgaria are mainly administrative bodies and academic institutions, the exchange must be realized by so called Unified Environment for e-Documents Exchange (UEEDE) maintained by the Ministry of Transport, Information Technology and Communications. UEEDE is a secure managed environment for exchange of electronic documents, registered in the Register of information objects, between registered parties. The document exchange is protected by encryption / decryption procedure through asymmetric public key cryptography using digital certificates of the UEEDE-server and UEEDE-clients. These transport certificates will be issued by the internal public key infrastructure for all administrations, maintained by the Ministry of Transport, Information Technology and Communications. The transfer protocol is based on the German standard “OSCI Transport” recognized informally for now as pan-European one.


Exchange of documents through UEEDE

Administration “A” UEEDE Administration “B”

AIS: Service procedure “A”

UEEDE Client “A”

UEEDE Server UEEDE Client “B”

AIS: Service procedure “B”

Document “A”

OSCI Message “A”

OSCI Message “B”

Document “A”

OSCI Receipt “B”

OSCI Receipt “A”


Execution of complex e-Service

CES_REQ CES_RSP

PES_RSPi

PES_RSPj

PES_RSPk

Answer Composition

PES_REQi

PES_REQj

PES_REQk

Request Decomposition

Complex Services Agent UEEDE Administration i

Administration k

Administration j


Request Decomposition

PES_REQi

PES_REQj

PES_REQk

XLT_REQi

XLT - Interpreter

XLT_REQj

XLT_REQk

CES_REQ

XLT_Library


Answer Composition

PES_RESi

PES_RESj

PES_RESk

XLT_RESi

XLT - Interpreter

XLT_RESj

XLT_RESk

CES_RES

XLT_Library


Management of the execution of complex e-Service

UEEDE

CES_REQ

CES_RSP

BPeL – Composition

Decomposition

BPeL Interpreter

BPeL – Workflow

BPeL_Library


The Refference Model of AIS


The core position of AIS

Web

Scanned paper documents

AIS

CC

Integrated Web-application

Module for integration with

CC

Module for e-Mail exchange

Module for exchange manually

Валидация

UEEDE

Email

Manually

ХХ

●● ●

Sys 1

Sys 3

Sys n

Administration

Sys 2


Technological process of AIS re-engineering (1)

The technological process of the re-engineering of the Administrative Information System (AIS) consists of a following sequence of actions: - - analysis of the type and quantity of indispensable Document Registers; - - registration of these registers in the Register of registers and data; - - adjustment of AIS for processing with these registers; - establishment and maintenance into AIS of Classification Schemes for following types of information objects:

"   users; "   documents; "   tasks; "   personal data; "   nomenclatures,

- establishment of Departmental nomenclature of types of documents for concrete administration; adjustment of AIS for processing with this nomenclature;



- establishment of Departmental nomenclature of stages of services and procedures for concrete administration, adjustment of AIS for processing with this nomenclature; - establishment of Departmental nomenclature of services and procedures for concrete administration, adjustment of AIS for processing with this nomenclature; - establishment of Departmental nomenclature of schemes for storage of documents for concrete administration; adjustment of AIS for processing with this nomenclature; - creation of interfaces between AIS and “external environment” by specialized application, integrated into the AIS, such as: " module for Web-application; " module for integration with the Communication Client of the Unified Environment for Exchange of Electronic Documents (UEEED); " module for e-Mail exchange; " module for reception of documents stored on magnetic of other external media.



- interface modules for connection with other specific system of this administration – the regulations of the e-Governance Law do not prescribe any special requirements for these connections. The administration has an alternative between direct communication (i.e. the method of components call) and communication based on messages). The advantages of the second one are related to the ability to separate components one from another; - establishment of internal rules for processing with the AIS adapted to the specifics of the particular administration; - creation of profiles for access of various groups of employees to the resources of the AIS. The profiles correspond to the duties of employees included in job description.


LNoSP

S/P1 Еа Еb Еf Еr Еs Еx Еz

S/P2 Еа Еb Еg Еz

S/P3 Еc Еe Еf Еg Еs Еy

S/Pn Еd Еb Еf Еh Еq Еx Еz

Doc І

Doc ІІ

Doc ІІІ

Doc ІV

Doc V

Doc VІ

Doc VІІ

Doc VІІІ

Doc ІХ

LNoD

?

▪ ▪ ▪

Web

UEEDE

Email

Manually

Scanned paper documents

The documents induce starting of determinate procedures


Web application for documents receipt

Integrated Web-

application File Entry

Applications for editing

Web

Valid

atio

n


Model of the status

of procedure

List “Outstanding

stages”

Document

Status of the service

or procedure

List “Executed

stages”

List “Canceled

stages”

Stage 1

Stage n Stage n

Stage 1

Performer n

Performer 1

●●●

Correspondence

App “E1”

App “En”

Service Status


The realization of CERT activities as electronic services leads consequently to unification and formalization of business processes and data associated with them. This is a prerequisite for setting standards for the presentation of data. As a result, it will allow in the future to introduce methods for automated exchange of information between the CERT and its constituents, as well as between the various CERT-s involved in joint activities. This automated data exchange could be based on the new recommendation of International Telecommunication Union (ITU) X.1500, named “the Cybersecurity Information Exchange Framework (CYBEX)”.

Perspective for automated data exchange


Thank you!

[email protected]