At least 30 authorities and public institutions will be connected to the future government cloud and will use it by the end of 2025, and SRI will install technical solutions on this IT platform that will not allow viewing and access to data content, but will only generate cyber security alerts, in order to detect and prevent the materialization of cyberattacks, according to the draft resolution of the Government.
The start of the purchase of cloud technology: almost 600 million euros from PNRR
The Government is preparing the approval by the Director General of some expenditures amounting to almost 375 million euros from the PNRR for the implementation of the Government Cloud Infrastructure, an act that defines the allocation and costs that three key institutions will make to manage this platform: the Authority for the Digitization of Romania (ADR), the Special Service of Telecommunications (STS) and the Romanian Intelligence Service (SRI).
- SEE THE HG DRAFT AND MAIN RECORD HERE
Romania has allocated almost 600 million euros from PNRR for the development of this IT project.
This is only the first investment that will provide the infrastructure, technology and operation of the government cloud for the future applications of government institutions in the cloud by providing IaaS, PaaS and SaaS services in a unified, standardized way and adapted to the requirements of end users, companies and/or citizens.
- This was announced by ADR President Dragos Vlad on HotNews.ro on Friday that as part of this first investment, at least 30 institutions will migrate their own IT infrastructure to the cloud infrastructure.
- A second investment of €185 million, planned for the first quarter of 2023, will include the migration of IT systems to a cloud infrastructure: 5 new IT systems and 25 existing IT systems currently managed by various institutions and public authorities (examples: SEAP, Ghiseul.ro, etc.), he explained.
SRI will install technical cyber security solutions that prevent access to data stored and distributed in the cloud.
The act to be adopted by the Government defines the duties and costs that each of the three key institutions mentioned above will have.
We will begin with SRI’s responsibilities, taking into account concerns from civil society, such as those raised by the Association for Technology and the Internet (ApTI), which argues that SRI cannot ensure the security of personal data because its legitimate purpose is to collect information.
Thus, the SRI, through the National CYBERINT Center, will have the following powers:
- ensuring the cyber security of the government private cloud by knowing, preventing and countering cyber-attacks, threats, risks and vulnerabilities, including sophisticated APT-type attacks against the government private cloud services, at the SaaS level and hosted entities;
- collaborates with STS to know, prevent and counter sophisticated APT-type cyber-attacks directed against specific government private cloud services at the level of IaaS, respectively PaaS, by direct and automatic exchange of information related to security incidents without the transfer of content data.
DRI has the status of a state body whose activities are carried out in compliance with the principle of legality, an essential rule that requires compliance with the Basic Law and other applicable regulatory acts by state bodies, all legal entities under public or private law, and all citizens.
- In order to ensure the cybersecurity of the government’s private cloud, the Romanian Information Service will install specialized technical solutions that prevent viewing and access to existing content data at the CPG level.
- Appropriate solutions will exclusively generate cyber security alerts to detect and prevent cyber attacks from materializing.
- This equipment will be purchased from world-renowned manufacturers who also have experience in providing similar infrastructure in other countries.
- SRI will not have access to the content data stored and distributed at its layer, but only to the notifications generated by the relevant equipment.”, it is shown in the project of the GD.
The necessary investments of research institutes will have funding 199.2 million lei.
STS has a budget of more than 1.26 billion lei: what role will it play in the cloud
A dedicated telecommunications service (STS) will provide the following in the cloud:
- the core infrastructure of the government’s private cloud;
- implementation, technical and operational administration, cybersecurity, maintenance, and further development of government private cloud-specific services for the underlying infrastructure and provisioning of IaaS and PaaS models;
- secure access, connectivity, and interconnection with government private cloud-specific services for objects hosted or interconnected in the cloud;
- cyber security of the government private cloud by preventing and countering cyber attacks, for basic infrastructure, IaaS and PaaS model provisioning, including DDoS attacks directed against the government private cloud, in accordance with the powers provided by applicable regulations;
- cyber security of services and own IT systems in the government private cloud by preventing and countering cyber attacks;
The DPS allocated a budget for all this more than 1.26 billion lei.
The ADR budget is 398.4 million lei. What role will it play in the cloud?
The Authority for Digitization of Romania (ADR) will provide the following:
- development and implementation of the plan for migration and integration into the private government cloud of IT systems and public electronic services of state authorities and institutions belonging to the public administration.
- implementation, technical and operational administration, support, and further development of SaaS services specific to the government private cloud, including the provision through framework agreements in accordance with the law on public procurement of licenses for specific services required for the transition to the government private cloud of IT systems and electronics public services.
- migration, integration and interconnection in the government private cloud of IT systems of public authorities and institutions based on the agreement concluded by ADR with each authority and public institution notified by ADR, for the purpose of migration
- provides or acquires necessary software programs, computer applications and licenses, as well as software analysis, design and development services in accordance with the objectives of the duties.
- operates the marketplace component that allows Hosts on the Platform to access available programs based on contractual relationships established between providers and Hosts who purchase those programs.
- provides SaaS-level connectivity to certain public private cloud services for cloud and connected organizations.
The government cloud will be hybrid: what it means and what solutions it will contain
According to the PNRR, “Government cloud implementation will consider hybrid cloud solutions, particularly those used according to the levels of sensitivity and durability of data and uses, as well as the applications and organizations in trust. a structure centered on three levels that gradually develop from the inside out.
Level 1 – Internal Cloud:
- The internal cloud leverages existing low-level virtualization solutions, turning them into IaaS and PaaS cloud computing solutions available to government agencies.
- Depending on individual options, government agencies and institutions will be able to develop and provide SaaS services.
- This type of cloud enables the interoperability of databases and the operation of digital solutions based on the consumption of confidential, classified and properly cataloged data, and also meets the requirements of information control and security.
Tier 2 – Dedicated Cloud:
- Dedicated Cloud is based on cloud solutions available in the industrial/commercial sector and will be designed to provide an integrated operation with the internal cloud.
- It will be customized according to the specific requirements of public administration and will be based on dedicated infrastructures that provide interoperability and cyber security.
- This type of cloud will allow to centralize and process those applications and data that represent the lowest type of sensitivity, but which require, at the same time, a certain level of durability.
Level 3 – External Cloud:
- consists of a catalog of external shared cloud solutions available on the Internet as SaaS, easily accessible and intuitive for ease of use.
- This type of cloud encourages the participation of more IT solution providers in the digital ecosystem.”
The government private cloud covers: Internal cloud and private cloud that will be installed and deployed in data centers and will connect at the service level and provide hybridity by connecting to other public or private cloud installations that are part of the government cloud platform.
What advantages should the introduction of the cloud bring:
For citizens, the main advantages of implementing the government cloud will be:
- A single window – direct access to all government services using electronic forms available in the cloud;
- Accessible Romanian state – all institutions will be interconnected in the cloud, and the citizen will be able to request and receive documents anywhere and anytime;
- Time savings – no queues, no physical trips to government institutions;
- Traceability – a citizen will be able to have a history of his interaction with the administration;
- Security – The public cloud will benefit from the most advanced cyber security systems available.
“Thanks to this investment, a high level of protection will be ensured and will contribute to increasing the capabilities and quality of services and cybersecurity for the entire IT&C platform owned by the public administration in a unified and standardized way,” the document says.
For cloud administrative activities:
- will ensure the interaction of public systems;
- reduce bureaucracy by eliminating redundant or outdated administrative processes;
- will ensure better cooperation and rapid exchange of information between all government institutions;
- will make costs more efficient – government institutions will no longer have to provide maintenance for hardware and software equipment.
- improving the efficiency of the administrative apparatus will reduce the costs associated with disparate IT systems, and therefore will lead to an increase in the confidence of entrepreneurs in the activities of the state and generate economic growth.
- comprehensive protection of data, programs and networks;
- safe management of access to services and resources;
- reducing the risk of malware infection using protection mechanisms
- preventing attacks by detecting security breaches before they are used or combating them at an early stage;
- ensuring the management of vulnerabilities and the application of patches for their correction;
- protection against attacks aimed at limiting services (Distributed Denial-of-Service – DDoS);
- automation of processes, messages and reactions;
- minimization of reaction time in case of cyber attacks;
- reducing the range of cyber attacks that can be carried out against networks and their IT systems by state or financially motivated entities;
The adoption of this draft Government Resolution is expected by the end of this year and will allow the start of public procurement for the implementation of cloud infrastructure and discussions with all ministries regarding the inventory and needs for moving IT infrastructure to the cloud.
Photo source: Dreamstime.com
Source: Hot News
Ashley Bailey is a talented author and journalist known for her writing on trending topics. Currently working at 247 news reel, she brings readers fresh perspectives on current issues. With her well-researched and thought-provoking articles, she captures the zeitgeist and stays ahead of the latest trends. Ashley’s writing is a must-read for anyone interested in staying up-to-date with the latest developments.