Share
Two years after the amendments to the e-Government Act have been adopted, what is the outcome for Information Services?
- Two years and two months after Information Services was assigned as a National System Integrator, we have laid the basis of e-health. We proved that the problem is not so big. Obviously, with determination and competence we can reach the 30-year-old goal of functional e-health.
We restructured the company to perform these functions as a system integrator for several key state sructures - the Ministry of Finance, the National Revenue Agency, the Ministry of Health, the Registry Agency (AA), Geodesy, cartography and cadaster agency. We established brand new communication and information infrastructures for NRA, AА, MFA, etc. We fully upgraded their equipment starting from computer basis and proceeding to their key data centers. Not a single lev was invested in some of those aspects over the past 10 years. We have implemented cybersecurity measures.
Outside the company, we had the opportunity to work with large structures such as the National Revenue Agency, which are of great interest to cyber criminals. On the company's website we have published an in-depth presentation on our achievements such as company's finances, as key systems of the state. These are systems that have been operating for the last 20-30 years, but no result has been achieved. We succeeded because we are positioned between the administration and the private sector and have systematic knowledge of the business processes in the country - how they could be changed and improved to be effective not only for the state but also for business and citizens.
The public procurement platform is such an example. It works effectively from 2020. For the first 6 months, it worked with 110 partnering authorities - the central government, several municipalities, Kozloduy NPP. Since June 2020, during the pandemic, we have implemented trainings for all contracting authorities in the country and now all of them use it. Centralized, electronic platform with a sufficient level of data encryption. We currently have over 35% of bids submitted outside of standard business hours. This means that people do not only save paper, but also do not rush to get to the relevant administration. They also avoid the visit to the state. Last but not least, they can place their offer from anywhere in the world. The state administration actually works round-the-clock, every day.
Beyond our function as a system integrator, we have built the Court Case Management System (CCMS). It is multifunctional because the trials in the judiciary were conducted by different practices. We managed to build the system, together with the Supreme Judicial Council (SJC), with a lot of effort and a lot of professional talks with particular courts, judges, clerks. To study all the processes and their interrelations, to upgrade the system so it can now work for all 153 courts, and to be used in 152 courts - the exception is the Supreme Court of Cassation (SCC).
Would you say that pandemic or the possibility to channel activities through one legal entity were the circumstances that paved the way for the rapid launch of the National Health Information System (NHIS) in a relatively short time? Is it due to any of those or a combination of both factors?
- I am sure that the reason is never just one factor. There are at least two reasons: on one hand, the acceleration of technology usage in public administration, due to the coronavirus pandemic, made it possible to avoid actually go to the GP for a prescription. The latter came along with the development of the company's expertise - serious, in-depth knowledge of state processes. The fact that we have the opportunity to serve the NHIF and at the same time to have a contract with the Ministry of Health allowed us to look at the broad picture of healthcare, the process from start to finish. Currently, e-prescriptions are those covered by the NHIF. We are ready to release the white recipe and all other types of recipes. But there also must be readiness from software companies involved in healthcare, as well as end users - doctors and hospitals. The acceleration was a result of a single factor - the COVID crisis, coupled by the functional and technological expertise of the company.
Minister Bozhanov's plan includes introduction of digitalization this and next year. Does Information Services have enough capacity, such as the number of software developers, to write the necessary "government code"?
- I think that the question has a different answer. The state administration faces a huge technological gap not only in terms of investments in computers and systems, but also as competent staff who can use these technologies. The state must clarify its plans to proceed, given that in this and previous years it had become clear the structures in the state administration lack a sufficient level of expertise. It is not only a matter of quantity, but of quality as well. There is no quantity - on the market, not only in the state sector, not only in Information Services. It also applies for the private sector. This deficit lack has been clearly identified.
The situation in the state is even worse, because not only salaries are lower, but there is also a purely image issue. It is not prestigious to work for the state. Not only because of the political changes in the government, but also from the results of the state structures. No self-respecting expert would want to tie himself to results that are not clearly used and evaluated by the market.
When you say “the state” does that include Information Services?
- Information Services as a state entity - a company with state capital - has a little more freedom. Here the experts and my colleagues are not civil servants, but employees of a company. However, as part of the state, over the years and now, the company suffers from a reputation of working for the state and is state-owned. Our financial issue is not so easy - yes, we do not cash as big as in private companies working abroad, but we have been struggling over the years to boost income. Over the last seven years, it has been increased three and a half or four fold. But the purely image problem remains. When we work with state structures, many of them do not have the capacity and knowledge of what needs to happen to make it easier for citizens and businesses. Or unwillingness to do it - accept it directly. And this unwillingness is in place because people are afraid of the new, they are afraid of acquiring new knowledge. They are also eager to keep their key positions in the structures, as they have been doing so far.
When IT experts at the middle or high level start talking to these people from government agencies, they don't last long. Nevertheless, we have managed to extend the success story. Before and now, we have had support at a high political level to introduce systems with very clear end result: publicity, transparency, efficiency and accessibility.
I am asking you, following remarks by Minister Bozhanov that the image issue was the main problem of Information Services. Would you say that the issue might be resolved?
- The image problem of the company or the state in general can be resolved only in one way: very hard work with clear results. Only relying on work and professionalism with clear and concrete results may improve the reputation of this company and the state can be changed.
Lastly, I would like to outline that when we suffered last year DDoS attacks, many people did not realize their sizes. Our company has been investing in this area since 2015 when the country’s local elections took place. Then we suffered the first attack of this kind. Then we acquired technology, knowledge, etc. to cope with similar relatively ordinary attacks for Bulgaria. Further, in October we were attacked again and had the chance to experience the most serious attack on Bulgaria. That was an attack that exceeded the total traffic of all Internet providers in Bulgaria. However, results can be achieved only with investment and wisdom - not only to acquire something, but also to manage and use it professionally. Then the reputation improves. You can see that those attacks were not aimed at us, but also targeted at private structures (in a similar way the sites of "Capital" and "Dnevnik" were attacked in January 2022. The attempts coincided with assaults on the sites of the Parliament and companies such as Borika).
Another key issue is transparency - with transparent procedures, with minimum price levels, with savings from scale and efficiency related to those state structures that trust us. When an agency wants to achieve high levels of cyber hygiene, the latter will not be possible with outdated operational systems. This requires the replacement of personal computers as they need to have minimal capacity to facilitate the installation of the appropriate software. Last year we changed the computers in the National Revenue Agency, RA, the Customs Agency, Emergency Aid Service and in other entities. The price of those computers is like no other in the country. For two years we have conducted over 270 public tenders. There is only one complaint and it was related to an internal error. The order was terminated even before the complaint arrived. We have held our liability and we have drawn our own conclusions. These were orders valued at a total of BGN 120 million for the last two years.
What is more important in terms of cybersecurity - to counter the attacks more effectively or to identify where they come from and what is their origin and broader aim? As you were saying there were attacks against you, against his.bg, against "Capital", against the website of the parliament, against other private companies. Is there information whether that was coordinated or not?
- I will go back to the previous question as the two issues are related. The attacks were a consequence of the introduction of the EU Digital Covid Certificate. It was a challenge for our reputation. Bulgaria was the first of seven countries to integrate into the EU Digital Covid Certificate system more than a month prior to its international usage which started on the 1st of July. That was a certain bonus for our reputation.
When it comes to cybersecurity, it's an everyday business. The further technology progresses, the more attacks will be launched. Not every day, but every hour. Structures need to invest in the acquisition of technology and expertise. Last but not least, we must stop splitting into "public administration", "private sector", etc. Cybersecurity requires a common effort. The attacks against us, against you, are the same. They aim the same thing - to damage the reputation of a structure. So it is important to work together. The efforts should come from those who are familiar with the matter, those who have faced the problem and have found their way around it. Many countries hold a tight grip on of ISPs. In Bulgaria we have more than 500 such entities. Therefore, it is hard to monitor the whole incoming traffic. As far as DDoS attacks are concerned, we are talking about corruption of the channel and failure of service access. They are not attacks that drain data, which is much worse or affecting reputation.
We need to have trained experts, we need to create a spirit of community embracing private and public structures. As the danger is the same. However, we need rules and policies, not just to monitor an attack. Tomorrow the attack will be much bigger, because the devices in the world are becoming more and more sophisticated. Costs become higher, reputational damages get worse.
Would you say that the revenue surge over the last couple years was mainly or partially result from the amendments to legislation and the change in the company’s status?
- The changes in the Electronic Government Act were adopted in November 2019. By the end of 2019, the company up-scaled its team and employed about 450 experts with revenues of some BGN 34 million. We started with about 600 people and some BGN 20 million in revenue. In about 4-5 years we have posted a 50% increase in revenue with 25% less employees. However, the increased revenues came along new commitments outlined in the legislation. In the first full fiscal year we posted BGN 85 million and further rising last year – to over BGN 111 million in revenues.
These are plain numbers, but behind these revenues there is a lot of work, expertise and responsibility. Not only supplies of hardware and software, but also efficiency, based on solid arguments related to the choice of technology to introduce, why this technology, etc. We manage the process to meet the outstanding needs - needs of the present, needs of the future, the need to stay protected.
Yes, there is a significant surge in our revenues and financial results. The dividend and profit generation of the company is also serious, and that applies to the dividend disbursed by the company to the state. We aim to work efficiently, even though we are a state-owned company.
A software outsourcing company works on a project basis. A product company operates following its own market rules. What is the principle of Information Services?
- Our business is focused on system integration. Since the end of 2019, we have restored the number of involved experts to some 600, but we have loaded them with extra expertise which upgraded their initial skills. For example, years ago we had accountants and cashiers in each branch, now the whole company has seven accountants. Instead of 30 accountants, we now have 30 experts. We know what we have to work on and what will be the outcome, because we are in close cooperation with the structures of the state administration for which we are responsible. Together we draw development plans and we know what systems are needed.
The changes since the end of last year stimulated the current government to come up with a serious ambition in a short period of time to introduce certain technologies in a much shorter period of time than before. We hope to take some of these things. For some of them we will seek support from the private market. We must not in any way stop the possibility for the state to develop according to the volume and competencies of this company. Therefore, we are involved in key projects related to justice and healthcare. Others, which we do not consider so key and critical, we manage through public procurement, but we bear all the responsibility.
Has anything changed for you, since you are no longer part of Ministry of Transport, but of the new Ministry of e-Government? Do you feel a difference?
- The new ministry is still being structured and we hope that when the changes in the law are completed, there will be clarity regarding legal processes. For the first time, there is a ministry that will give a spur development and change of the state in the direction of e-government. The lack of need for a person who has, for example, a prescription financed by the National Health Insurance Fund to go to the pharmacy with paper, to return and then the pharmacy to go to the cash register, is something I hope to multiply. Just as we imagined the patient record should look like at the end of 2022, it will be done with the support of the ministry. It is invaluable to have a specific person at the ministerial level, to be able to talk to his colleagues at the Council of Ministers level and for the company to rely on such support.
Minister Bozhanov says that there are electronic services in Bulgaria for many things, but they are not used and promoted. Who is responsible for promoting the services developed by Information Services?
We are in a delicate situation where the company produces electronic services and systems, but at the same time does not own them. We rely entirely on the owner, the state, to notice the benefits of this system and begin to impose it. With short announcements to the media, we present weekly what we have done, but they are only informative. We do not want to take over these functions from the state or the relevant state body. It must be realized that the systems we develop bring opportunities and security to citizens and businesses.
An addition to Minister Bozhanov’s comments - many systems in the country do not communicate with each other. And they, in my opinion, are designed not to talk so that a key expert can remain key because he holds this system. We proceed differently and consider as key those experts who have knowledge of the processes and how the system can be modified and integrated with another national system, so that the state and citizens as consumers feel pleasure and security.
The interview was taken by Yoan Zapryanov
The full text of the interview can be found on the website of "Capital" weekly