4-page Case Study - Posted 10/14/2013
Views: 147
Rate This Evidence:

Agencja Bezpieczeństwa Wewnętrznego

The Internal Security Agency in Poland is expanding its collaboration with Microsoft with respect to the government's data communications infrastructure.

„Collaboration with central and local government, and in particular educating specialists responsible for data communications security at government agencies, is a priority for Microsoft. Current programs will definitely be expanded, and new ones might be offered” 
Daniel Grabski, Chief Security Advisor, Microsoft Poland
   
The Internal Security Agency (Agencja Bezpieczeństwa Wewnętrznego - ABW) is expanding its collaboration with Microsoft with respect to the government’s data communications infrastructure security, among others in designing and implementing best practices for public sector’s IT administrators and users.

The Internal Security Agency (ABW) is a unit of special importance for security and assuring continuity of the Polish government’s operations. One of many, however steadily becoming more and more significant, areas of the Agency’s operations is IT security of central government offices, especially ones within the gov.pl domain.

As real threats in this area rise, in particular in conjunction with growing significance of IT worldwide as a weapon or tool of terror, the Agency is taking numerous preventive, verification and educational measures. Their scope and coverage continue to expand, not only due to the growth of threats themselves, but also as a result of decentralization of government. Critical infrastructure encompasses broader and broader circles of the public sector, and also, to a certain extent, of the commercial sector collaborating therewith.

Following prevailing trends ABW is cooperating closely with one of the information technology market leaders - Microsoft. Joint activities include both long term programs as well as ad-hoc training, workshops or consultations. Furthermore, assistance is provided in the form of tools enabling verification of the level of information technology infrastructure security.

ABW as a coordinator

Over last year the number and magnitude of threats to the government’s IT infrastructure grew substantially. Among many incidents it is worth to mention in particular attacks against the Polish government’s IT infrastructure observed at the beginning of 2013, as well as attempts to penetrate local government’s systems that intensified throughout 2012. Furthermore, both in 2012 as well as in 2013 spectacular DDoS attacks took place worldwide. Their complexity and scale confirm continuous state of danger in the internet and governments can not remain indifferent to such situation.

In light of these facts ABW’s role is becoming very important. The Agency, however, can not do it alone. The Agency is neither a producer of IT solutions used by numerous government units, nor it is responsible for the administration of critical systems that definitely need protection.

Therefore it is natural that ABW plays the role of a coordinator, moderator and catalyst of diverse security related activities required at the government level. By combining the knowledge of vendors and Microsoft specialists, and providing it to the appropriate government entities ABW is performing one of the most important tasks related to the protection of the public sector’s data communications infrastructure.

Long term collaboration

As part of its Government Security Program (GSP) Microsoft is helping the Agency ensure security of data communications infrastructure that is critical for the government operations. One of the key areas of collaboration is ability to analyze the source code of Microsoft products that are commonly used by the government. Participation in the GSP program provides access to unique knowledge that enables analyzing the source codes of Windows family operating systems and Microsoft products.

Another program, Microsoft Security Cooperation Program (SCP), is aimed at stimulating long term activities increasing the security of the government’s data communications infrastructure. The program includes publishing warnings and recommendations, technical assistance, opportunity to conduct consultations with experts, and also providing guidebooks and specialist training.

The SCP program’s foundation involves maintaining working relationships between persons responsible for security at ABW and Microsoft staff responsible for responding to threats quickly.

As part of the SCP program ABW receives early warnings of threats and their descriptions before they make it to public information distribution channels. This way the Agency is able to early, but at the same time realistically, evaluate the severity of threats to the government’s data communications infrastructure and, as a result, take actions that will effectively prevent any problems. The collaboration between ABW and Microsoft is not limited only to responding fast but also includes planning and preparing empirical security tests performed by the Agency’s specialists.

Educating specialists

A separate area of collaboration, as part of the SCP program, is systematic education of engineers. In Poland this idea was taken very seriously and implemented comprehensively. For example, recently pilot practical workshops on the security of Windows Server, Windows 7 and Windows 8 systems have been conducted with the participation of invited government agencies and non-government organizations. Workshops are the most effective form of transferring knowledge that is, after all, quite complex. The project’s success means that the above mentioned training will definitely be continued.

In parallel, guidebooks have been developed that make it easier for administrators to configure data communications systems used in government agency networks in such way so that they do not pose a threat to an agency, user or government as a whole. Complementary to such guidebooks Microsoft is providing free of charge software that automates the process of configuring security systems using Windows Global Policy rules. This tool, prepared as Microsoft Solution Accelerator package, was additionally equipped with documentation in Polish. Guidebooks related to the latest Windows 8 operating system are already being prepared.

Collaboration with central and local government, and in particular educating specialists responsible for data communications security at government agencies is a priority for Microsoft. Current programs will definitely be expanded, and new ones might be offered” – says Daniel Grabski, Chief Security Advisor

In spring 2013, as part of Microsoft’s SCP program, preparations began for another series of training classes for central and local government with respect to the security of Windows 7, Windows 8 systems and Windows Server 2008 and 2012 servers. Training classes are held with the participation and under the patronage of the CERT.GOV.PL team.

Educating citizens

Microsoft also supports ABW and the CERT.GOV.PL team in security related educational activities targeted at a broader audience. A number of presentation and instructional videos addressed to all computer users have been published on www.surfujbezpiecznie.pl. The information campaign is conducted under the slogan „protect yourself, your computer and your family”.

According to experts any end user awareness raising activities are a very important part of making sure the security procedures are properly implemented. Many threats at government level arise exactly because of the fact that poorly protected computers are accessible over the internet. Their resources can be used in many ways, without any knowledge of their owner. This is exactly what should be prevented first of all.

Another way to actively counteract cyber crime by Microsoft is a newly formed dedicated team to combat botnets (networks set up by hackers that encompass thousands, and sometimes even hundreds of thousands of infected computers) and the launch by the Digital Crime Unit – with which ABW’s corresponding team is maintaining ongoing working relationships – of a new, special program that improves the quality of operations in this area.

Solution Overview




Organization Profile
The Internal Security Agency (Agencja Bezpieczeństwa Wewnętrznego - ABW) performs a number of important roles within the Polish government. One of its more significant tasks is to protect the nation’s critical infrastructure and systems.

Business Situation
As threats are rising and the number of critical systems is growing the Internal Security Agency is taking numerous preventive, verification and educational measures.

Solution
In order to carry out its tasks effectively ABW is collaborating with suppliers of software used by government agencies and private entities that manage the government’s critical infrastructure. The collaboration is both long term as well as ad-hoc and it includes consulting, workshops, training, compiling documentation and also awareness building campaigns.

Benefits
  • Higher security of the government’s critical systems
  • Higher level of knowledge and preparedness of major systems’ administrators
  • Access to information on threats before they make their way to public information channels
  • Option to contact Microsoft head office specialists
  • Ability to analyze Microsoft products’ source code
  • Faster responding to arising threats to software and data

Software and Services
Unspecified Product

Vertical Industries
Public Administration

Country/Region
Poland

Business Need
Identity and Security

IT Issue
  • Identity, Security and Access Management
  • Interoperability

Languages
English

RSS