This sub-component will establish key IT governance policies, standards and structures in the areas of Enterprise Architecture (EA) and information security. It will build the government’s national EA as an important tool for coordinating investments across public agencies, and avoiding duplication and waste. The EA includes the development of an e-Government Interoperability Framework (e-GIF) to facilitate the cross-agency exchange of information residing in each other’s systems, applications, and services, in order for cost-effective delivery of services to the public and business, and between government agencies. EA, by its very nature, is a forward-looking concept and can help the public sector to radically redesign government processes and programs to achieve organizational goals. Hence, the project will create capabilities within GOB to adopt EA methodologies in the design and execution of e-government applications and programs.
GOB is in the midst of substantial public sector transformation activities. A majority of these initiatives are triggered by the need to have better and seamless government services delivered online. The focus on automating government services is often largely limited to specific ministries and agencies. However, such initiatives lack the cross-ministry / agency viewpoint and coordination. This creates challenges in taking a Whole-of-Government (W-O-G) approach with its concomitant benefits, which are much more than benefits derived by taking agency-centric viewpoints. These shortcomings are clearly evident in the findings of the UN Global E-Government Survey 2010. According to the UN, the value of e-government will be increasingly defined by its contribution to national development. Lack of a coherent strategy is often cited as the primary reason for the under-development of e-government. Moving forward, more and more countries are adopting national e-government strategies and multi-year action plans, and EA is the strategy that governments are increasingly looking toward. According to Haiyan Qian, Director of the Division for Public Administration and Development Management, United Nations Department of Economic and Social Affairs (UNDESA), “EA is an effective strategic planning tool for governments by [facilitating] creation of linkages and improving interoperability among government agencies, benefiting both internal operational processes, as well as improved public service delivery to citizens.”
Typically, governments are the largest organizations, so is GOB. They are further characterized by complex, federated structures where individual government organizations work in their respective silos. This often leads to fragmented business processes and duplicated systems and technologies, creating obstacles in cross-agency interoperability. Government-wide architecture allows end-to-end business processes, standard technologies, rationalized data structure and modularized e-services that can be assembled as required to deliver e-services. Given its specific local nuances and characteristics, this sub-component will initially take a bottom-up approach in Bangladesh. This means that the adoption of the National Enterprise Architecture (NEA) will initiate at the grass-roots level by identifying high-priority citizen services that are delivered at the Upazilla levels. This approach will allow the GOB to initially bypass central policies and procedures, as they can be excruciatingly sluggish. Moving forward, in the next stage the Technical Reference Model (TRM) as part of the Technical Architecture (TA) will be established. This will ensure common national technical standards and lay the foundation for further advancements in the NEA. For consistency and coherence, the TRM will subsume the initially-established foundational infrastructure (i.e., government data center and IT disaster recovery center; government cloud computing services; and shared services delivery platform). The TRM will include extensive use of Free and Open Source Software (FOSS) to fulfill GOB’s business and operational requirements.
NEA is expected to be a complex and resource intensive undertaking for the GOB, with substantial risks given GOB’s limited internal capabilities. As a mitigating strategy, this sub-component will utilize an incremental EA approach. Smaller initiatives will be started to demonstrate tangible results and institute a disciplined approach to leveraging technology for government transformation, and the project will progressively build GOB’s capacity to use EA as a tool for providing better public services to citizens and businesses. The proposed sequence of NEA activities for the GOB will largely be a follows:
i. Establish the contours and the broad structure for whole-of-government EA framework (NEA). This will harmonize the current EA activities of both the BCC and A2I Programme, and leverage on architecture-related activities already in progress in the GOB. This will draw on the existing resources that have already been expended. The multi-level structure in GOB will be taken into consideration.
ii. Identify and elaborate the NEA entry points factoring in GOB’s characteristics, structure, challenges and other influencing factors. Typical entry points include government operational efficiency, IT planning and optimization, systems of systems, service architecture and governance risk and compliance. A detailed assessment would be needed to identify the most relevant entry point(s) for GOB.
iii. Select the most appropriate areas for detailed development, with a focus on areas linked to Bangladesh's national priorities. These will most likely be focused initially at the Upazilla level.
iv. Develop architecture and standards, with emphasis on the ICT aspects of EA. This will lead development of the Technical Reference Model (TRM) for the NEA;
v. Develop architecture realization roadmap, including scope and nature. This will include the development of the Business Reference Model and the guidelines for architecture development.
vi. Select an area, segment, or line of business (LOB) for implementation. This will be linked to the development priorities of the government as benefits will be more apparent. The selected area, segment or LOB will be identified in alignment to GOB’s e-government strategic thrust(s).
vii. Expand the architecture and standards to include the other facets (i.e. data, application, business and security). This will include development of the Data Reference Model (DRM) and the Application Reference Model (ARM) in a progressive phased manner. As the reference models come on board, compliance mechanisms will be put in place.
viii. Incorporate the established architecture and standards as mandatory criteria for all future procurements. This will subsume the e-GIF.
ix. Institute appropriate governance decisions, structures and mechanisms to ensure the above are complied with, self-sustained and benefits-positive. The essential elements of this would include a NEA Program Management Office, enabling policies and other decision making tools, adequate accountability and authority structures among others.
x. Implement a data exchange to enable information from individual agencies to be exchanged and shared.
xi. Establish the required infrastructure needed for capability development, advocacy, and change management to enable the implementation. This will include the establishment of a national e-government centre modeled on India’s National Institute of Smart Government.
This sub-component will also establish the GOB’s information security program, and set program goals and priorities to support the government’s mission. It will also provide resources to set up a national Computer Incident Response Team (CIRT) to facilitate and support the program. Information security refers to the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction; and its purpose is to protect the confidentiality, integrity and availability of government information. As GOB moves towards modernizing its public administrations, an increasing account of information will be collected, processed and stored on electronic computers and transmitted across networks to other computers. Information security is critical as protecting confidential information of citizens, businesses and other constituents is a business, ethical and legal requirement. Hence, the project will support establishment of GOB’s basic principles for information security; develop the administrative controls in terms of policies, procedures, standards and guidelines; and provide logical and physical control mechanisms. It will also develop a system of security classification for government information, and provide tools for cryptography/encryption to protect information from unauthorized or accidental disclosure while in transit or storage.
As part of information security, this sub-component will also set up a national CIRT for Bangladesh. CIRT is a team that responds to computer security or cyber security incidents by providing necessary services to a defined constituency to effectively identify threats, coordinate at national and regional levels, as well as disseminate information. It also acts as a focal point for the constituency in matters related to cyber security. The massive growth and reliance on the Internet, coupled with the increasing sophistication of intruder techniques has opened the door for malicious activities conducted in cyberspace affecting millions of people internal and external to a country. Hence the establishment of a National CIRT in a sovereign country is not a “good-to-have” requirement, but is as essential as having emergency services such as fire department and police forces within the country.
In 2010, a team of experts had conducted a detailed assessment of Bangladesh’s readiness, and concluded that there is a definite need to set up a national CIRT in the country. The assessment shows that Bangladesh is not immune from various cyber security issues faced by other developed and developing nations. As more and more services are being offered over the internet, a wide variety of cyber security incidents are being reported ranging from Distributed Denial of Service attacks to hacking and defacement of government websites. Internet Banking, supposedly to be offered by all banks in Bangladesh in the future will be under siege by cyber perpetrators if efforts to protect the infrastructure are not made. Internet Service Providers (ISPs) have also experienced cyber attacks, but there was no coordinated effort through a trusted and secured channel at the national level to manage these issues. Hence this sub-component will set up a national CIRT to:
The CIRT will be set up in phases, and include activities to: