The Security of National Network of Public Administration «SYZEFXIS»

Dr. Haris StellakisProgram Portfolio Manager, Chief Security Officer of “SYZEFXIS” NetworkInformation Society SAMarch 4, 2015

2

2000 –2001–2002–2003–2004–2005–2006 2007– 2008 – 2009 – 2010 – 2011 – 2012 – 2013 2020

3rd Community Support

Framework

4th Community Support

Framework

5th Community Support

Framework

Establishment of

Information Society SA

A Life-long Partner

900M€ 1,300M€

Acquisition of DIGITAL AID SA

Acquisition ofObservatory of Digital Greece SA

Dr. Haris Stellakis – 03/2015

3

The Role of Information Society SA

Public Administration

CitizensBusinesses

Implements Facilitates

State AidsObserves

Informatics

• ~ 180 M€

Public Reform

• ~ 70 Μ€

Telecommunications

• Syzefxis• MAN• Rural Broadband

Dr. Haris Stellakis – 03/2015

SYZEFXIS ΙΙ(600 Μ€)

RURAL(160 Μ€)

Supplemental Actions for SYZEFXIS II(10 Μ€)

SYZEFXIS Ι(45 Μ€)

ΜΑΝ(5 Μ€)

Planning Tender Auctions Implementation Operations

Effort by Vendors

Effort by I.S. SA

Telecom Projects

Dr. Haris Stellakis – 03/2015

SYZEFXIS: The State’s Telecom backbone

5

Interoperability and Apps G2B / G2C

Ministries – General Secretaries Municipalities Citizen Service Centers Financial Agencies Health Agencies Citizen Protection Agencies (Police, etc) Armed Forces EU Agencies Justice Courts Independent Agencies

Dr. Haris Stellakis – 03/2015

SYZEFXIS: 2006-2013

6

 Agency Type Access Speed

Agencies

ADSL 24/1 Μbps 14283G 2/1 Mbps 50

SMALL 2/2 Mbps 2488MEDIUM 4-8/4-8 Mbps 434LARGE 34/34 Mbps 85TOTAL   4485

Free broadband access (2 – 34 Mbps)

Free onnet telephony services as well as offnet at competitive prices

Free webhosting or routing to external ISPs

Same for email services

Connection to EU Netowork “S-Testa”

Free teleconferencing services to specific deployments

Dr. Haris Stellakis – 03/2015

SYZEFXIS Ι: 2013-14

7

PoP OTE

MAN Switch

Router ΣΥΖΕΥΞΙΣ Ι

Router ΣΥΖΕΥΞΙΣ Ι

MAN Switch

Router ΣΥΖΕΥΞΙΣ Ι

SHDSL modemπρόσβασης

Κόμβος Πρόσβασης ΜΑΝ

ΜΑΝ

PBX

PBX

PBX

Kύριος κόμβος ΜΑΝ (ΚΚ)

Κόμβος ΜΑΝ πλησιέστερος στον ΟΤΕ

FE

FE

FE

PRA

PRA

PRA

GE

GE

GE

2Mbps

X.21

X.21

Router ΣΥΖΕΥΞΙΣ Ι

PBX

PRA

Κόμβος Πρόσβασης ΜΑΝ

FEGE ή FE

MAN Switch

FE

FE

FE

Metropolitan Area Fiber Optic Networks

Dr. Haris Stellakis – 03/2015

SYZEFXIS ΙΙ: 2015-2018

8

S0

5000

10000

15000

20000

25000

30000

35000

2005 2006 2008 2009 2010 2014

1.800 3.000 3.250 4.450 6.000

34.000

SIZE SPEED (Μbps)1 ADSL 24/1

2 SMALL 10/10

3 MEDIUM 100/100

4 LARGE 1000/1000

Secure broadband connection to 34.000 public

points and provision of telecom / multimedia

services 50% reduction to annual OPEX

Wireless access services 55.000 Government Agents

through the subsidization of smartphones

Secure services to Public Sector

Dr. Haris Stellakis – 03/2015

SYZEFXIS ΙΙ: 5 Subprojects

9

SIX / DC

Wireless Islet

Νησίδες 1-9

Telecom Islets 1-8

Security / Telephony /

Teleconferencing / Cabling

ISP / SLA

1

23

4

5

Dr. Haris Stellakis – 03/2015

10

Security in SYZEFXIS Ι (1/4)

Multi-stage Security Architecture:

Provision of different VPNs per Agency and/or App

Perimeter Security against the Internet• Private ΙΡ addressing• Connection through proxy

Centrally managed Security devices• Firewalls &Intrusion Detection Systems• Antivirus & antispam mechanisms• Multiple profile Web content filtering services

Perimeter Security per Islet• Intra-VPN communication for specific apps /

services, through the use of access lists• Control of Intra-VPN traffic

Dr. Haris Stellakis – 03/2015

11

Security in SYZEFXIS Ι (2/4)

Security Policy:

Within SYZEFXIS • Intra-VPN traffic• Inter-VPN traffic

Outside of SYZEFXIS• Internet• Educational Network “EDET”• EU Network s-Testa

The perimeter security lifting is subjected to approval by Information Society SA

Software control mechanisms

User’s information

Perimeter Security lifting Ticket submission Evaluation by IS

SA

Reporting to Vendor

Ticket implementation (upon approval)

Reporting to Applicant Agency

Dr. Haris Stellakis – 03/2015

12

Security in SYZEFXIS Ι (3/4)

The role of Information Society SA:

To monitor the project vendors

To support the public Agencies

To implement and improve the security policy

To leverage the collected knowledge towards the design of next G SYZEFXIS

Jan-14

Feb-14

Mar-14

Apr-14

May-14

Jun-14Jul-1

4

Aug-14

Sep-14

Oct-14

Nov-14

Dec-14

Jan-15

Feb-150

10

20

30

40

50

60

Αιτήματα Φορέων

Περιφέρειες - Δήμοι

Νοσοκομεία

ΕΛΑΣ - Πυροσβεστική - Λιμενικό

Οικονομικές Υπηρεσίες

Υπουργεία - Γεν Γραμματείες

Υπηρεσίες Κοιν Αλλυλεγγύης - Ασφ. Ταμεία

Πολεοδομίες

ΕΥΔ Προγραμμάτων ΕΕ

Μουσεία

Λοιπές Δ.Υ.

0 20 40 60 80 100 120 140 160 180

Κατηγορίες Φορέων

39%

26%

20%

6%

3% 3% 2% 1%

Κατηγορίες Αιτημάτων

Άνοιγμα επιπλέον onnet θυρών

Απόδοση πραγματικής δ/σης ΙΡ

Άνοιγμα επιπλέον ofnet θυρών

Πρόσβαση σε site

Ρυθμίσεις CPE

Παράκαμψη proxy

Επικοινωνία με άλλα δίκτυα

Ενημέρωση DNS

Dr. Haris Stellakis – 03/2015

13

Security in SYZEFXIS Ι (4/4)

State Elections through SYZEFXIS:

Levaraging of telephone infrastructure

Municipalities Prefectures Ministry of Interiors

Leveraging of internet infrastructure

Creation of a VPN between MoI, SingularLogic and Zappeio Megaro for the communication of results

Full functionality was tested on a wide scale drill (5/2014)

2014 and 2015 Elections were completed succesfully

Dr. Haris Stellakis – 03/2015

14

Security in SYZEFXIS ΙΙ (1/5)

Security/ Telephony /

Teleconferencing / CablingYE - 4

Independent Security Auditor

(1,3 Μ€)

Έργο ΔΜ

Infrastructure

Services

A combination of Actions

Dr. Haris Stellakis – 03/2015

15

Security in SYZEFXIS ΙΙ (2/5)

Security Infrastructure and Services:

Procurement of suitable security equipment

Development of a security management information system

Operation services based on SLAs (Routing, QoS)

Security Services• IP Firewall, IPS, VPN, Email & Web Antivirus-

Antispam, Web Content Filtering

User training

Dr. Haris Stellakis – 03/2015

16

Security in SYZEFXIS ΙΙ (3/5)

State-of-the-art Architecture:

Leveraging IPSEC VPN technologies

Ability to support multiple vendors in contract framework

Ability to support gradual deployment

Ability to upgrade security level for some sensitive Agencies, through the use of special-purpose encrypting devices

Κ.Υ.Α.(Ανάδοχος 1)

Κ.Υ.Α.(Ανάδοχος 2)

Κ.Υ.Α.(Ανάδοχος Ν)

Κ.Σ.Α.

Περιφερειακές Συσκευές Ασφάλειας

(Αναδόχου 1)

Περιφερειακές Συσκευές Ασφάλειας

(Αναδόχου 2)

Περιφερειακές Συσκευές Ασφάλειας

(Αναδόχου Ν)

Creation of VPNs

Φορείς εκτός ΣΥΖΕΥΞΙΣ ΙΙ

Dr. Haris Stellakis – 03/2015

17

Security in SYZEFXIS ΙΙ (4/5)

Independent Security Auditor:

Development of an ISO 27001 based ISMS

Network security auditing

Development of a specialized Information System for Security Control and Management

Consulting services / security “think tank”

Dr. Haris Stellakis – 03/2015

18

Security in SYZEFXIS ΙΙ (5/5)

At the operational level:

Creation of an independent Department for Telecommunication projects• Discrete group for SYZEFXIS

Creation of a task force among all stakeholders • Infomarmation Society SA• Project vendors• Public Agencies• Ministry of Public Reform• Other Agencies(ie, Greek FCC, etc)

ΚτΠ ΑΕ

ΥΕΔΑ

Δημόσιοι Φορείς

Ανάδοχοι Έργων

Ελεγκτής Ασφάλειας

Λοιποί Φορείς

Dr. Haris Stellakis – 03/2015

19

Epilogue

Information Society, in collaboration with: Ministry of Public Reform, The EU Managing Authorities, and The project vendors

Facilitate: The terms and specs, The framework and procedures, The tools and mechanisms, and The resources

That assure the security of SYZEFXIS network and therefore the flawless operation of Greek Public Sector.

Dr. Haris Stellakis – 03/2015

20

The End

We thank you for your attention!

Dr. Haris Stellakis – 03/2015