Dubai eGovernment attaches great importance to providing state-of the-art protection and security programs for its electronic infrastructure and service delivery channels, in order to ensure uninterrupted and faulty-free delivery of services.

In this context, Dubai eGovernment recently organized a seminar on information security and protection of the electronic infrastructure. Mr. Rashed Majed Al Abbar, Senior Manager, Product Marketing-eBusiness Services, Etisalat, and Sherif Hazzaa, CEO, ISnSC LLC, Information Security & Solutions Consulting, were key participants in the seminar, in addition to the Dubai eGovernment IT team, the operative team of the electronic infrastructure.

What should be protected?
Dubai eGovernment has two core sectors that must be constantly protected. They are the central eServices sector, particularly ePay, as it  involves collection of government service fees, and the electronic infrastructure shared by all departments, such as the web hostingplatforms and the content management applications and material display on the Net. Each sector has its own methods of protection.

Protecting ePay
Users of Government services, both individuals and businesses, want to feel secure when using the central ePay gateway in government transactions.

Dubai eGovernment guarantees ePay users that the service is highly secure and reliable. For example, Dubai Police and Dubai Municipality eServices operative systems determine the identity of the client, according to an identification mechanism they have agreed upon with their clients. The system then indicates the fee to be paid. Once the client pays the fees online, the department transfers only two pieces of information to Dubai eGovernment central ePay gateway: the total fee amount and the client transaction reference number. Both pieces of
information are electronically coded using Dubai eGovernment special protection system. This makes any hacking attempts on the information futile as most of the secure information is not being passed through.

After the ePay gateway receives the transaction information, the three ePay channels provided by the eGovernment appear on the screen. They are: the eDirham, direct debit to bank and credit cards.

The first two channels are highly secure payment channels as the eDirham is managed by the Ministry of Finance and is only used when dealing with government departments, and the direct bank transfer is controlled by the bank's electronic system which is connected to the client’s account.

National Payment Gateway
Making payment using a credit card requires caution. The credit card data can be used by other parties. When a user selects to pay by using a credit card, Dubai eGovernment server transfers the whole process to the Etisalat server, the only authorized entity to manage the national ePay gateway. The information that is transferred, the amount required and the reference number, are coded again using a different method. Etisalat makes sure the payment process is successful and informs the Dubai eGovernment server of it using coded messages. In its turn, Dubai eGovernment server informs the server of the service provider department about the successful completion of the ePayment process through a coded channel.

The Dubai eGovernment IT team explained that the sensitive data of the credit card is only limited to the national ePay server, supervised by Etisalat.

Mr. Al Abbar assured that the security procedures provided by Etisalat are based on the procedures of international credit card providers, which thoroughly investigates an entity before authorizing it to practice this kind of technical service. Till now, the national payment gateway has never been breached.

Additional Security
Mr. Hazzaa revealed that using eServices provides users with additional security. Hacking of the government eServices sector is almost non-existent. However, caution is a must when credit cards are used through non-secure machines in public places or Internet cafes, he said.
Protecting Hosting Platforms

In the second part of the discussion, the Dubai eGovernment IT team focused on the two hosting platforms of the eServices team. One platform hosts Dubai eGovernment portal and the main portals of government departments. This platform, called "eHost Plus", is backed by cutting edge content management and data display applications.
 
The second platform, "eHost", is based on open source software. It is preferred by some departments because it has a low cost content management program and its website development is simple and inexpensive.
 
Mr. Sherif said that the security programs available in the market lack the smart tools to foil hackers' evolving methods to penetrate hosting software. This has spurred ISnSC to build a special firewall that can monitor the behavior of the hosting software. Using this firewall, the open order programming hosting software matches the eGovernment main hosting platform.
 
The IT team explained that the eGovernment has contracted the same company to carefully examine information security. To ensure immunity to any hacking and sabotage endeavors, the company will imitate all possible scenarios.
User Data Security is Top Priority
 
Salem Al Shair, eServices Director, Dubai eGovernment, said, "People earlier refrained from embracing the ePay platform because of fear of privacy violation. Dubai eGovernment addressed this issue by raising the level of security in ePay through the use of the 3DSecure, the most secure and efficient security system worldwide.”

The tie-up with MasterCard, American Express and Visa Card has certainly enhanced the usage of ePay platform. Our ePay technical team has recently completed the implementation of direct bank transfer payment channel.
 
Under the Dubai eGovernment agreement with Dubai Municipality, Etisalat, Dubai Commercial Bank and the Union National Bank, government customers can now pay service fees and fines through a direct bank debit.