Information and Cyber Security LEPL Data Exchange Agency Ministry of Justice of Georgia Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia

DEA – Data Exchange Agency Parliament of Georgia adopted a law on the establishment of “Legal entity of public law under the Ministry of Justice of Georgia - Data Exchange Agency” on the basis of which since 1 January 2010, Data Exchange Agency (DEA) started its activities. General Activities: Development and coordination of E-Governance Development of legal and regulative framework Ensure information and cyber security Establishment of the integrated data exchange system and ensure access to information resources

Cyber Security Ecosystem Security Council Minister of Justice Data Exchange Agency Ministry of Internal Affair 24/7 Cyber Crime Unit Minister of Defense Military Cyber Defense Unit

Information and Cyber Security AVAILABILITY INTEGRITY CONFIDENTIALITY Information Security policy development, implementation, monitoring. CERT.GOV.GE (Computer Emergency Response Team) Public Sector + Subject of Critical Infrastructure Systems State Secret Military

Policy and Legal Cyber Security Strategy of Georgia 2013-2015 Law on Information Security

CERT.GOV.GE - International Memberships The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs. The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) Obtaining the trademark “CERT” Officially.

CERT.GOV.GE - International Partners CLEAN-MX CERT-EE

Building up Cyber Proficiency with DEA MOU between CERT Communities Establish Points of Contact; exchange information on cyber incidents and threats; share experience for incident handling technical and other tools. MOU already working with: Romania; Latvia; Lithuania; Armenia; Azerbaijan; Moldova Formal Negotiations with: Bulgaria; Hungary; Ukraine; Turkey; Italy. Mutual Projects: Capacity building: cyber exercises; trainings, institutional support. Estonia; Austria; Poland.

Building up Cyber Proficiency in DEA Information Security All Team Members are BSI Certified Professionals: BSI/ISO 27001 (Information Security) LI/LA 5 Member of Team BSI/ISO 22301 (Business Continuity) LI/LA 4 Member of Team BSI/ISO 9001 (Quality Management) LA ISO 31000 (Risk Management) CISM (Certified Information Security Manager) 4 Member of Team CISA (Certified Information System Auditor) 2 Member of Team CRISC (Certified in Risk and Information Systems Control) 1 Member of Team CGEIT (Certified in the Governance of Enterprise IT) 1 Member of Team

Building up Cyber Proficiency in DEA GERT.GOV.GE All Team Members are SANS Certified Professionals: SANS GIAC Certified Professionals Systems and Network Auditor (GSNA) Trained by Terena (TI)

Cyber Class Project aims to help the talented young (20-25 years old) professional specialists to learn the basics of cyber security, also to share them the acquired knowledge by the agency in this direction. The project "Cyber Class" gives students the opportunity to acquire both theoretical and practical skills free of charge in the following disciplines: information system collection, penetration testing, malicious code analysis, the so-called "Pcap" and log file analysis, information security fundamentals. In order to pass the course , students should have a basic knowledge of the following areas: net- working, cryptography and web development. Each lecture will be held on the following plan: Presentation and pre-planned theme discussion; Discussions around the laboratory work and review of the presentations prepared by the students; Giving materials of pre-defined topic; Giving an explanation of laboratory work and a relevant task.

Cyber Security Forum Cyber Security Forum brings together the public and private sector representatives is a good example of cooperation based on a public incipient, which strives to ensure country’s cyber and information security.

16 Organization (Commercial and government Sector) CYBER-EXE GEORGIA 16 Organization (Commercial and government Sector) Red Team CERT-GOV-GE COMCERT.pl Blue Team Education Management Information System Georgian Research and Educational Network Association Grena Ministry of Labour Health and Social Affairs of Georgia National Public Registry MagtiCom Bank of Georgia Ministry of Internal Affairs National Bank of Georgia Cyber Security Bureau Smart Logic state chancelary Geocell VTB Bank Ministry of Finance of Georgia Public Service Development Agency Free University of Tbilisi

Information Security Awareness

The NATO ARW was promoted by the DEA and supported by many regional countries and international organizations ARW at a glance Round table Involved Stakeholders Working Sessions PROMOTERS WS 1 CYBER-DEFENSE STRATEGY AND CAPABILITIES WS 2 CYBER-DEFENSE STRATEGY AND CAPABILITIES: GEORGIA WS 3 CYBER-DEFENSE ASPECTS AND TECHNIQUES WS 4 IMPROVE REGIONAL COOPERATION IN CYBER-DEFENSE WS 5 INCIDENT RESPONSE AND INFORMATION SHARING WS 6 INTERNATIONAL COOPERATION WS 7 POTENTIAL REGIONAL COOPERATION APPROACHES STRATEGIC PARTNER REGIONAL INITIATIVE COUNTRIES ARMENIA AZERBAIJAN BULGARIA Georgia exhibits its awareness in cyber defense development and its intention of being a main player in this evolving scenario. As a proof of that, Georgia hosts this high-level workshop - completely focused on cyber defense issues -, in participation with NATO, neighbors countries and international organizations – an event ROMANIA TURKEY UKRAINE MOLDOVA GEORGIA OTHER COUNTRIES HUNGARY ITALY GERMANY UNITED STATES POLAND INTERNATIONAL ORGANIZATIONS EEAS Advanced Research Workshop, June 30 – July 1, 2015 Tbilisi

Advanced Research Workshop – Follow up, October 8, 2015 Kvareli A follow-up meeting was held in September with a selected number of participants to agree on next steps to implement ARW Follow-up Meeting Participants Working Sessions Main Results 1 WS 1 PRESENTATION OF THE ARW KEY RESULTS Define general mission statement of the initiative and what need to be protected PROMOTERS STRATEGIC PARTNER 2 WS 2 HOW TO BUILD THE REGIONAL INITIATIVE Identify the management structure REGIONAL INITIATIVE COUNTRIES ARMENIA GEORGIA BULGARIA ROMANIA TURKEY UKRAINE 3 WS 3 ROAD MAP TO BUILD THE REGIONAL INITIATIVE Outline tangible outcome to be achieved by the first year of the project OTHER COUNTRIES UNITED STATES HUNGARY Advanced Research Workshop – Follow up, October 8, 2015 Kvareli

As a way forward countries agreed on initiation of the Regional Cyber Defence Cooperation Project Develop cyber defence capabilities, tools and techniques to better protect governments and Critical Infrastructures (CIs) from emerging cyber threats. The Project will improve coordination in the cyber defence domain through a Cyber Defense Alliance. GOAL 1 DEFINE REGIONAL CYBER DEFENCE ROADMAP Outline roadmap and implementation plan on how to build/improve cyber defence capabilities 2 IMPROVE CAPABILITIES Identify and create tools to steer coordination among regional and national stakeholders 3 Raise awareness through events and programs addressed to institutions at regional and national level INCREASE CYBER DEFENCE COOPERATION APPROACH FOR THE REGIONAL CYBER DEFENCE INITIATIVE PROTECT REGIONAL AND NATIONAL CRITICAL INFRASTRUCTURES PROJECT PHASES

Thank you for your attention! Irakli Gvenetadze LEPL Data Exchange Agency Ministry of Justice of Georgia igvenetadze@dea.gov.ge www.dea.gov.ge; www.my.gov.ge; www.cert.gov.ge;