25 minute read
06. MITA BRANDING
by MITA
New Security Operations Centre
08.3 Cyber Security Malta
The Cyber Security Malta campaign, led by MITA, has for the third consecutive year delivered National Cyber Security Awareness and Education activities targeting different groups. Holding on to the principles that cyber security is everyone’s responsibility and that awareness is required all year round, the Cyber Security Malta programme for 2020 was jam-packed with activities intended to instil amongst citizens a cyber hygiene culture together with a sense of responsibility whilst being digital.
Secure by design is a principle aimed at ensuring security considerations at the architecture design stage of systems. This technical concept was presented on the Cyber Security Malta social media platforms by creating a comparison with the wrestling. This innovative and relevant comparison between a specialised technical subject and a sport discipline enabled people to understand the subject and relate with ease. The message was delivered through the production of eight social media clips which, via an element of hype, highlighted concepts, best practices, and similarities existing in these two disciplines.
The Covid-19 pandemic brought about the need of being more online in 2020. To this effect, Cyber Security Malta embarked on a specific campaign in this respect. The campaign was characterised by three main elements including TV productions, an alliance with an international campaign and social media productions. The Virtwal-e campaign, aired on the national TV stations, treated various topics like two-factor authentication, ransomware, fake news, online shopping and teleworking. MITA specialists on Cyber Security, together with the Malta Police Force, explained the concept of the topics whilst delving deeper into why it is important to stay safe. Cyber Security Malta also combined efforts and created synergies with the #WashYourCyberHands campaign led by Interpol. Cyber Security Malta joined this alliance, formed by global law enforcement and cyber security communities, to deliver messages related to Covid-19 emerging cyber threats. Cyber Security Malta produced original material with a national context to ensure maximum reach-out to local communities, whilst sharing informative material produced by Interpol. On the 28th of October, Cyber Security Malta organised the first national cyber security webinar with the title Emerging Threats . . . unplugged. During this four-hour webinar, executives had the opportunity to explore further the anticipated threats for 2021. During this webinar, there were two panels - one discussing the importance of thinking before acting when it comes to cyber protection and the other one focusing on the shifting sands of cyber security. There were more than 600 registrations, reaching a maximum of 330 concurrent participants at a point in time throughout the webinar.
In year 2020 Cyber Security Malta was also busy with the implementation of the B Secure Scheme for the private sector, a scheme which was launched in 2020. The three main elements included:
• generation of articles treating emerging cyber security topics, which eventually were shared on Cyber Security Malta website; • coordination of the delivery of 13 different specialised training courses attended by almost 150 executives and professionals; • coordination of the execution of risk assessments, including penetration testing and vulnerabilities assessments, for seven SMEs and three large entities. The beneficiaries had very positive comments. A common testimony was the power such an exercise gives in influencing senior management to invest in cyber security.
The different schemes, awareness and educational campaigns that Cyber Security Malta embarks on are various, in line with the changing dynamics of the cyber domain, and ongoing. All activities are intended to ensure inclusiveness, using different platforms and formats in conveying the messages. Whilst 2020 has been rich in offering various deliverables, 2021 is none the less with several interesting initiatives in the pipeline.
08.4 An Automation Journey
In today’s digital world, Government organisations leverage IT to offer public services with increased efficiency and reduced queue time. Government IT systems and services need a secure, reliable, and flexible environment to cater to diverse needs.
MITA, Infrastructure Services Department, has a team of professionals dedicated to creating and support a stable and secure hosting infrastructure – both cloud and on-premise – which Government organisations can use to build their applications. The support and continuous improvement of such an extensive infrastructure built with a plethora of diverse technologies can be quite arduous and time-consuming, especially if repeatable tasks are done manually.
To keep abreast of the improvements, the team soon realised the need to transition from traditional system administrators that react to daily situations and are more accustomed to being task-driven, to a team that harnesses automation and proactive engineering.
One can compare our work with that of a chef who spends most of his time preparing food to achieve consistent food quality. The chef realised that he is dawdling too much time on cooking and would prefer to dedicate more time to creating new recipes, so he needed to find a solution that would speed up his cooking processes while maintaining high standards. He invests time in implementing an automated solution for his meals creation to have a standardised quality of food, speed up preparation time, cut down waiting time, be proactive, and provide self-service without requiring his input. Furthermore, the chef designed a process to manage his kitchen inventory whereby when meals are prepared automatically, the ingredients used are deducted from the stock. Once the inventory of those ingredients is low, an order is done automatically to the supplier.
Our team started to automate several mundane tasks, some of which required days to be serviced manually as other teams’ input was needed by which are now being completed within five minutes. These initiatives provide a lot of advantages apart from considerable time saving, such as standardisation and efficiency. Having a standardised automated process would prevent human errors that would result in unplanned work, similarly when the chef would have to urgently re-prepare another meal because he added too much salt. In our case, a meal could be anything from a trivial shared folder to a critical and complex solution where a modest error could potentially result in service downtime or degradation, possibly causing hours (or days) of unplanned work.
The time saved by virtue of these initiatives is utilised to further achieve greater automation goals, with the intent to increase efficiency that all stakeholders can benefit from. We aim to continue building on our achievements and evaluating solutions for providing self-service to our clients, while also identifying the best way to engineer and implement better self-healing processes. In such a dynamic industry where tasks and technologies are constantly shifting, these initiatives are not a destination, but an enthralling ongoing journey that empowers us to support the country’s digital future efficiently and effectively.
In 2020, MITA completed the transformation of the national electronic identity (eID) mechanism we had been working on for the past few years, for the eID to become a key enabler for eGovernment services and a critical core service provided by MITA.
The first important step of the transformation was a complete technology overhaul of the solution and the introduction of a Single Sign-on (SSO) screen for a newly harmonised user experience for the eID authentication mechanism. The SSO screen was newly designed using a simplified graphics user interface and re-engineered to streamline the key eID functions and operations. The screen met the requirements for accessibility and was designed to be responsive and usable from various devices. Changes were made in the operational procedures to simplify the acquisition of the eID. This meant not only that Maltese citizens and residents had easier access to the eID but also that the authentication experience was consistent for all service providers.
The SSO Screen was also an important development for the security of the integration process. By using the SAML 2.0 protocol, it was possible to uniquely identify incoming requests from service providers and to encrypt responses containing the users’ data. The lighter OpenID Connect protocol was also supported for native app development. Most importantly, the service provider would no longer have access to the users’ credentials which are only handled by the Identity Provider.
The subsequent step of the transformation in 2018 was the alignment of the Levels of Assurance to achieve a Basic Assurance level using the eID Account and password, and a High Assurance level using the ID Card and PIN, as shown below. This resulted in the provision of a better choice of usability and security for the subscribers and relying parties. The Basic Assurance level is based on a password with sufficient complexity and an optional time-based one-time password (TOTP). The High Assurance level may potentially involve some usability challenges in view of the initial set up of the electronic ID Card but provides for higher security when required.
The latest step in the transformation in 2020 was the upgrade of the eID Account Management functionality to further align eID with the GDPR and to provide users with additional visibility and control over their eID account. The new Account Management screen includes an updated user profile with activity tracking and overhauled help facility. It allows for changes of password, email address and mobile number including corresponding verification. It also allows the user to switch on two-factor authentication using either email address, mobile or app for receiving the TOTP. The system now also allows users to preview and confirm the list of personal data fields which are sent to service providers during the authentication process, including the options to remember such access. As a result of the improvements made to the eID, we have witnessed a significant increase in the number of active eID accounts which now exceed 200K and a similar increase in the amount of yearly transactions which now exceed 2M. The eID has become an essential tool in the daily lives of citizens and residents of Malta and has been of great help to the public during the pandemic to facilitate online access to Government services. The next steps in the transformation include additional technology upgrades to ensure the continued resilience of the platform and the commencement of planning the subsequent evolution of the electronic identity mechanism.
08.6 Data Quality and Record Linkage
It is said that data is king. MITA as the data processor, and thus having to sit on a wealth of data, the latter statement, becomes significantly accurate. With many data entries done by different people, from different data sources happening simultaneously and at such high speed, the transformation of data to intelligence requires technology intervention.
The quality of data plays a very important part in the processing of data for record linkages, particularly for data cleaning. Many key identifiers for the same entity can be presented quite differently between data sets, which can greatly complicate record linkage. Entity matching is a process for identifying records from different data sources that correspond to the same real-world entities. For example, a key identifier for a man named Joseph G. Borg might appear in three different data sets but entered using different formats e.g.: Joseph George Borg or J.G. Borg. Entity Matching is used to cater for similar and other several data matching challenges such as entries of initials instead of full name or misspellings, name order variations, missing information, acronyms and so on.
Multiple domains, such as Taxation, Social Security, Health, and Public Registry, face the same issue of not being able to match instances referring to the same entities, such as Persons, Organisations and Addresses, resulting in double entries of entities, misplacement, or missing records of entities. This is a consequence of data being operated by different government bodies resulting in non-interoperable data silos due to diverging formats, data structures and levels of details.
To facilitate this process and support the respective business owners, MITA developed an Entity Matching System (EMS). Advanced Analytics techniques, such as fuzzy matching, statistical learning, and machine learning, are used to carry out Entity Matching and thus fill in existing data holes. The EMS is hosted on the Government of Malta Hybrid Cloud and is composed of four different components:
1. EMS APIs: a. Cleaning API: used to clean and normalize files, such as removal of special characters and/or extra white spaces, encoding to UTF-8, and letter casing conversion.
B. Matching API: Offers several Entity Matching techniques, such as exact matching, conditional matching, and fuzzy matching. These techniques can be applied to find matching entities (e.g. duplicate records) either within a single dataset and/ or between two datasets.
2. EMS Question and Answer Bot: A conversational question and answer bot that provides information about Entity Matching and the EMS in terms of functionality.
One area where this Entity matching system was used was to help government entities identify possible cases of persons or organisations existing in a sanctions list which obliges government to act under international regulations (e.g., United States Specially Designated Nationals List)
Clean and accurate data means quicker application of business intelligence to the resolved identities and their relationships. The deployment of such technologies allows for automated and effective business decisions to be made, whilst impacting business and administrative processes in real time, limiting the need for human intervention, and reducing the risk of errors that can be a discomfort for citizens.
08.7 Workstation Management
The MITA Workstation Management function is vested with the responsibility to centrally manage and operate more than 18,000 workstations across all Government ministries and departments. The management and operations include incident management, service level management, deployment management, supplier management, continual service improvement and more.
During 2020, the Workstation Management function continued to improve the services being provided and implemented several new modern technologies related to workstation and mobile device management. These technologies resulted in the co-creation of value for MITA and its customers and in being more efficient and effective in the day-to-day operations.
For years, the commissioning of new workstations and the re-installation of workstations already in use had always been carried out by using pen drives directly attached to the workstations. The pen drives contained the latest Windows Operating System and the standard MITA software and configuration. This method of installing (re-installing) workstations always required physical access to the workstation resulting in delays and even loss of productivity to have the workstation re-installed. The effort to co-ordinate the appointment with the end user is also not to be underestimated. Moreover, there is ongoing overhead to ensure that all the pen drives being used contain the latest software and configuration. To achieve a faster, more reliable way to deploy windows and applications to devices, MITA implemented Microsoft Autopilot. This completely changed the way workstations are managed as it permits the client services personnel, and even end users via a self-service mechanism, to install and re-install the workstation remotely. Using this technology, workstations that are not connected to the Government network can also be installed or re-installed remotely without the need of doing an onsite visit. This has been well received by MITA main customers (CIOs / IMU Office) and has drastically reduced the time spent to install and re-install workstations across the Government Ministries and departments. A number of workstations overseas in the Maltese embassies have already been successfully imaged using this new technology. Also, with the recent developments of the pandemic where substantial number of Government employees are working remotely from home, this technology has added even more value to MITA and its customers since workstations can be re-imaged with the standard MITA image software whilst connected to the internet from home.
Another technology designed to facilitate the management of Government owned mobile devices such as tablets, was also implemented by the MITA Workstation Management Team in Year 2020. This technology, the Microsoft Endpoint Manager Configuration Manager, mobile devices can be managed as long as they have an internet connection. With such a technology the management of mobile devices owned by the Government is more efficient, secure, and effective. Software, security policies, updates, patches, and apps can be easily centrally deployed and monitored. This will drastically reduce the time spent to deploy new software and keep the mobile devices updated with the latest patches and updates. Through this tool the mobile devices can be easily encrypted to further safeguard the Government data.
09. Support during COVID-19
09.1 Managing IT Service Desk
Transferring the Service Management Department (SMD) workforce to start working from home at short notice might sound daunting, but in fact was achieved quickly and with little or no disruption. The most challenging aspect was for the MITA Service Call Centre agents to start receiving and processing phone calls from their respective homes. However, the SMD was prepared for this. As part of a number of business continuity exercises carried out during the previous years, the MITA Service Call Centre was already set to be able to take phone calls from different premises. Once the lock-down started, MITA’s Call Centre services continued to operate seamlessly and in fact during the following few weeks the number of incoming phone calls almost doubled. To cater for this increase in load, some personnel from other MITA departments were temporarily assigned to perform Service Call Centre work.
One factor that helped to ease the load on SMD staff was the RFS system, that provided MITA clients with self-service support for requests such as granting VPN access to users. In fact, the number of automated requests processed via RFS doubled during mid-March.
One logistical aspect that had to be tackled was that of workstation support since face-to-face support was being discouraged or prohibited. MITA uses a Microsoft tool, the System Center Configuration Manager (SCCM), to connect remotely to workstations. MITA’s suppliers were provided with this tool to be able to reduce the contact with the clients as much as possible. However, the government’s Information Management Units (IMUs) also required to be able to assist users while working from home on their personal workstations. SCCM was not an option since this tool is only installed by default on government workstations managed by MITA. For this reason, another product, Bomgar, was made available as a service to IMUs to be able to connect to their clients’ personal workstations remotely.
As the lock-down began, MITA’s Network Operations Centre immediately aligned its processes to have half of its compliment working remotely with a maximum of 2 resources per shift having onsite 24/7.
presence at MITA DC in St Venera, prioritizing the health and safety of its employees while minimizing the impact of the pandemic on its operations. NOC continued to carry out its day-to-day operations smoothly, monitoring the availability of the Government IT services and most importantly those related to Health, whilst adding focus on having more visibility of the underlying network infrastructure which was vital to cater for the unprecedented levels of government users working from home at one go. On site presence enabled NOC to continue operating MITA’s Corporate Data Centres adhering to the required service levels. During such time, NOC also supported the Service Call Centre function during out of office hours handling circa 3,000 telephone calls during the first 3 months of the pandemic. These were mostly related to assisting users to set up their home working environments and attending to urgent Primary Health Care requests channeled through a specifically set up emergency line.
09.2 Business Continuity and Support for COVID-19 relief initiatives
Stakeholder management, building and maintaining effective relationships with an extensive array of stakeholders is the bedrock upon which MITA successfully implements services across Government. Equally important is mutual trust - in our people and them in the Agency, trust in our products and services, trust given to us by our clients by the general public. These two pillars were core for successful endeavors in 2020, the de facto year of uncertainty and change. As much as we dislike uncertainty, recognition of the benefits that it brings, such as creativity, hard work and problem solving, must be acknowledged.
Many teams within MITA promptly steered their efforts towards supporting our country in the battle against COVID-19. To mention a few, the Health Team, required all hands-on deck to ascertain timely delivery of IT systems; the Social Security team provided continuous support to the MSFC in the issuance of additional benefits for the unemployed, medical-related, disability or Parent related payments. The Tax Team had their hands full with the Government’s financial support schemes to countermeasure the temporary closure of businesses during the onslaught brought by the pandemic. For example, various enhancements were implemented to support the Government in the implementation of fiscal measures due to the COVID situation including the tax deferral process, wage supplement and a new VAT grant e-form to refund the deposit paid for postponement of Weddings/Civil Union ceremonies. These teams understood the need to step up their efforts beyond their usual 100%, and as a result, never failed to meet a request set by the client.
Flexibility took another meaning in 2020. MITA leveraged the benefits of major investments made as people were asked to work from home. The flexibility and resilience of project teams was put to test and team spirit, collaboration and hard work triumphed to ensure timely delivery of critical services to Government, businesses, and citizens.
Given the circumstances the world was in, regardless of the pandemic, work of a cyclical nature, was still delivered on time. For example, the yearly financial Budget and associated simplification measures which greatly impact Social Security and Taxation, could not be placed on the backburner. Teams optimised time management, persevered and improved resource allocation, to reach these goals.
Technology is by no means static. Moving forward means that keeping technology up to standard is vital. MITA progress on an ambitious project to modernise all Government IT Systems. During the year, Phase 1 of the Taxation and Social Security modernisation project was concluded and marked the delivery of a modern designs for several business modules. For MITA, the vision to put the citizens first was never derailed despite the heavy lifting that everyone was doing to maintain a layer of normalcy. An example of this was the rebranding of the Social Security Online Service portal to MySocialSecurity (https://mysocialsecurity.gov.mt/) and the launch of new mServices. Another example of servicing the citizen was the implementation of two online services related to the notification of a Birth or Death of a person. To avoid queuing in person; especially during a pandemic, these eServices enabled citizens to submit the required documentation and pay online. These processes are now entirely digitised, from notification phase to Act registration and certificate printing. Citizens are electronically notified at different intervals through a well-organised workflow solution.
Maintaining high spirits and motivation were always a priority to MITA and its leaders. Our way of thinking was to remain visionary, expecting great things from our people, despite the challenges; whilst taking care of ourselves. The year 2020 made us rethink on how to lead in hard times and how to find new ways to succeed.
09.3 COVID19 Test Tracking
The COVID19 Test Tracking system was a joint project between the Ministry of Health, MITA and Microsoft, to manage the full lifecycle of COVID19 swabbing tests. The solution, provided by Microsoft under the MSDR (Microsoft Service Disaster Response) programme, provides functionality to register for swabbing test through a citizen facing portal, where citizens are to fill-in a brief questionnaire and provided with an appointment at one of the swabbing centres. Citizens receive an appointment by email, containing a QR code which is scanned at swabbing centres, to link test vial to the citizen. The backend solution is used by the Health Public Response Team, the different swabbing centres, and call centre to register and trace the swabbing tests across the country.
The project was implemented in very tight deadlines and has proved an important asset for the Health Public Response Team in their testing strategy, handling more than 330,000 swabbing appointments in the first 6 months in operation.
09.4 Telemedicine
During the first months of the pandemic MITA assisted health authorities with the implementation of new practice of Telemedicine in our country. Medical consultations were being carried out through communication via Microsoft Teams. The patients were able to contact health professionals without physical contact. In a few months, this service was a success and is still in operation throughout Malta and Gozo.
09.5 COVID Alert Malta
During the early months of the Covid-19 pandemic, the CTO office stepped up its technical consultancy to the Ministry of Health, to assist in the deployment of critical systems to manage the Covid-19 testing hubs and Covid-19 exposure notification mobile application. COVID Alert Malta, the Exposure Notification app, was a joint project between MITA and the Ministry of Health. This CTO managed project, in collaboration with Programme Management Department and the eGovernment and Corporate Solutions Department, had the aim of developing an app is to complement the manual contact tracing process being carried out at the time by the Health authorities. The latter involved volunteers phoning people to let them know they have been in contact with a positive patient. This manual process, apart from being very time consuming, is also prone to mistakes. For example, if the positive patient forgets to mention an encounter with another person, the contact tracing team will not be able to inform him or her that they are at risk of having been infected. Of course, such a manual process is very labour intensive, and can cause major delays in identifying and notifying at-risk individuals, therefore making it harder to stop the infection chains.
The app, available for both Android and iOS devices, uses Apple and Google’s Bluetooth contact tracing system, which does not collect user information and strikes a balance between enabling contact tracing functionality, and respecting users’ privacy in line with the GDPR. The app keeps track of proximity events between users through a log of pseudonymised information. If an individual tests positive for the virus, he or she is given a covid-code to confirm their infection on the app. The app then alerts individuals who were in close proximity to the infected person and are therefore at risk of having contracted the virus, as defined by the health authorities. These individuals are then encouraged to contact the health authorities. The quick self-isolation of individuals who were exposed to a COVID-19 positive individual facilitates the stopping of COVID-19 infection chains.
10. Environmental Commitment
10.1 Mita’s Tangible Commitment Towards The Environment
Over the past years, MITA has continued to consolidate its effort of attaining tangible results in sustainable environment. The positive results accomplished over the past years clearly demonstrate the corporate-wide support both from the management and its employees.
Through these years, MITA has invested heavily in several environmental friendly initiatives both in terms of capital projects and other initiatives aimed directly at reducing our environmental impact.
Consolidated Effort to maximise better use of resources
Apart from its commitment to reduce its carbon footprint, MITA continued on its waste separation and the associated recycling process across its offices. During 2019-2021, the percentage of recycling waste has reached 40% of the total waste disposed.
Electric Vehicles
MITA has replaced two of its corporate fleet cars by two electric vehicle as part of its pilot initiative.
ISO14001:2015 Certification
Following the systematic implementation of the Environmental Management System, MITA is committed to maintain and assess its overall processes related to the environmental impacts and aspects of its business operations.
MITA is certified to ISO14001:2015 for its Environmental Management System which is another flag bearer of MITA’s commitment and positive contribution towards a greener environment for the benefit of our society.
MITA Data Centre Services
The reporting mechanism adopted by MITA for monitoring power consumption within its MITA Data Centre is based on Green Grid international standards, and is in line with the EU Code of Conduct for Data Centre Energy Efficiency.
MITA is an official supporter of the EU Code, which was created in response to increasing energy consumption in data centres and the need to reduce the related environmental, economic and energy supply security impacts. It encourages a reduction in energy consumption, in a cost-effective manner, without hampering the mission critical function of data centres. This is achieved by improving understanding of energy demand, raising awareness, and recommending energy efficient best practice and targets.
11. mitacares
11.1 MITA shares its Digital Heart commitment with Dar tal-Providenza
Everyone is aware of the invaluable contribution that Dar tal-Providenza gives to the Maltese society in general, particularly to persons with disabilities residing at Siggiewi home and within other homes that are spread across the Maltese islands.
MITA Cares embarked on discussions with Dar tal-Providenza administration to assist on a well-needed project to upgrade its ICT networking infrastructure with its campus.
Following preliminary site-visits, it was clearly established that the previous ICT setup mandated a complete overhaul to address today’s and future operational needs within the campus.
In addressing these needs, MITA Cares undertook this assignment as a Corporate Social Responsibility project – Total ICT networking infrastructure upgrade at Dar tal-Providenza encompassing all aspects of the project lifecycle including design, costing, funding, implementation and training.
The project aimed to specifically address the following requirements:
• Upgrade of the network performance both in terms of bandwidth and reliability; • WIFI deployment across all campus to cater for administration purposes; • Free public Internet use to residents, staff, volunteers and more equally visitors.
Following a 12-month implementation programme, the newly deployed ICT networking infrastructure at Dar tal-Providenza includes over 10 km of data cable, over 400 data points, state of the art networking backend infrastructure and over 60 WIFI access points to cover all areas within the campus.
This is the largest CSR investment of MITA Cares over the past years. This substantial investment was a strong commitment both financially and direct contribution from MITA employees who were directly involved in the installation process.
Over 2,000 voluntary hours of effort were provided by MITA employees together with other monetary donations and fundraising held during various team building events.
MITA Cares has invested in the Dar tal-Providenza because of two key reasons:
• The invaluable contribution the Dar tal-Providenza provides towards the Maltese society; • In strong recognition to the support provided to an ex-MITA employee, Debbie Schembri who was one of the first residents at this home and lived in for over 40 years.
Throughout this project journey, MITA Cares was strongly supported by its Board of Directors, Senior Management and MITA employees. MITA is honored to have partnered with Dar tal-Providenza for this tangible CSR assignment.
