CIRT/CERT Baseline Capabilities

Slides:

Advertisements

Similar presentations

NIMS ICS All-Hazard Position Specific Training – A Way Forward A Special Presentation for the All Hazards IMT Conference Houston, Texas November 4.

Advertisements

Process and mechanics of HFA progress monitoring and Review Sujit Mohanty, UNISDR The Hyogo Framework for Action Progress Review and Reporting.

UNV is administered by the UN Development Programme Volunteerism and Disaster Risk Reduction & Management Oliver Wittershagen Portfolio Manager East Asia.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

2-1-1 Disaster Data Management System AIRS Conference – New Orleans 2 nd Session May 23, 2012.

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

Philippine Cybercrime Efforts

ActionDescription 1Decisions about planning and managing the coast are governed by general legal instruments. 2Sectoral stakeholders meet on an ad hoc.

The EU framework for integration of third-country nationals: a focus on the role of cities and on funding opportunities Martin Schieffer, Immigration and.

The Implementation Structure DG AGRI, October 2005

The Managing Authority –Keystone of the Control System

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)

ITU Regional Workshop on Bridging the Standardization Gap Information and Network Security Presentation by Philip Victor & Shahbaz Khan Nadi, Fiji 4 th.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union Confidence and Security in the Information Society: ITU-IMPACT Alliance Information for the participants to the RPM.

1 Seoul-Melbourne Multilateral MOU on Cooperation in Countering Spam 19 November 2004 Lim, Jae-Myung Spam Response Team Korea Information Security Agency.

1 NECOBELAC Project WORK PACKAGE 3 Cross-national advocacy infrastructure.

Gaining Senior Leadership Support for Continuity of Operations

1 Kentuckys Public Safety Awareness Initiative Program Coordination and Partnerships August 23, 2005.

Vision: A strong and capable civil society, cooperating and responsive to Cambodias development challenges 1.

Effective Contract Management Planning

International Course on Development and Disasters with Special Focus on Health February 10 – 21, 2003: St Anns, Jamaica CDERA Experience in Institutional.

Khammar Mrabit Director Office of Nuclear Security

SAI Performance Measurement Framework

IS-700.A: National Incident Management System, An Introduction

How to commence the IT Modernization Process?

Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.

International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.

Climate change integration in EC development co-operation

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

Visual 3.1 Delegation of Authority & Management by Objectives Unit 3: Delegation of Authority & Management by Objectives.

Legal Frameworks for ICTs Building Capacity and Implementing Regulation St. Julian’s Malta 4 – 8 March 2013 Relevant activities of ITU on cybersecurity.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

A Framework to Implement a National Cyber Security Structure for Developing Nations ID Ellefsen - SH von Solms - Academy.

DHS, National Cyber Security Division Overview

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

(Geneva, Switzerland, September 2014)

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

CTCN ORIGINS 2 COP 15 (Copenhagen): agreement to establish a “Technology Mechanism” COP 16 (Cancun): Technology Mechanism further elaborated (TEC and.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

INTOSAI Public Debt Working Group Updating of the Strategic Plan Richard Domingue Office of the Auditor General of Canada June 14, 2010.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

A National approach to Cyber security/CIIP: Raising awareness.

Preparation of a Strategic Pilot Program for Climate Resilience (PPCR) Project - Phase I (November January 2013) Climate Investment Funds (CIF) Grant.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

What APEC Task Force for Emergency Preparedness (TFEP) has progressed in the implementation of HFA Presented by Vincent Liu Program Director APEC Secretariat.

Kathy Corbiere Service Delivery and Performance Commission

EVD PREPAREDNESS UPDATE | FOR INTERNAL USE ONLY 1 |1 | Health Emergency Preparedness 12 January 2016.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

DRIVER Action plan for an International Repository Organisation Dale Peters OAI6 Breakout Session Joining up Repositories 18 June 2009.

This Project is funded by the European Union Project implemented by Human Dynamics Consortium ECRAN process Climate vulnerability needs assessment Rob.

The Commonwealth Cybercrime Initiative David Tait, Cybercrime Policy Analyst.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Building Global CSIRT Capabilities Barbara Laswell, Ph. D

Cybersecurity in the ECOWAS region

About the NIS directive

Cyber Security coordination in Europe CERT-EU’s perspective

8 Building Blocks of National Cyber Strategies

AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele

Trust and Security Unit

The role of the ECCP (1) The involvement of all relevant stakeholders – public authorities, economic and social partners and civil society bodies – at.

The European Union response to cyber threats

Computer Emergency Response Team

Presentation transcript:

CIRT/CERT Baseline Capabilities Anuj Singh, Director – Global Response Centre Regional Arab Forum on Cybersecurity, Cairo, Egypt 19th December 2011

Agenda Introduction Need for a National CIRT Benefits of a National CIRT CIRT Framework ITU-IMPACT Activities for member states Baseline Capabilities Cyber drill - ITU-IMPACT Alert

Introduction What is a CIRT A team that RESPONDS to cybersecurity incidents Provides services to a defined constituency Assist in effectively identifying threats, coordinate at national and regional levels, information dissemination Act as a focal point for the constituency Source: http://www.lakevalleyengineering.com/lve 3

The need for a National CIRT To ensure the continuity of society in times of crisis To protect essential services and critical national infrastructure To improve resistance to disruption To contain contagion effect To restore control in information dissemination To recover quickly back to original state of normalcy 4

Benefits of a National CIRT Serves as a trusted focal point of contact within and beyond the national borders Identifies and manages cyber threats that may have adverse effect on the country Helps to systematically respond to cybersecurity incidents and takes appropriate actions Helps the constituency to recover quickly and efficiently from security incidents Minimises loss or theft of information and disruption of services 5

Benefits of a National CIRT Better prepared against future incident handling based on lessons learned Deals effectively with legal issues Knowledge exchange platform among constituencies Develops and encourages adoption of security best practices & standards Promotes or undertakes the development of education, awareness and training materials 6

CIRT Framework National CIRTs drive and promote National Cybersecurity Strategies / Policies Cyber Forensics Services Governance / Legislations Critical Information Infrastructure Protection Cybersecurity Awareness, Training & Education Cybersecurity Research International Cooperation Security Assurance

CIRT Services Reactive Services Proactive Services SQM Services Alerts, Warnings and Advisories Incident Handling Incident analysis Incident response on site Incident response support Incident response coordination Vulnerability Handling Vulnerability analysis Vulnerability response Vulnerability response coordination Artifact Handling Artifact analysis Artifact response Artifact response coordination Announcements Technology Watch Security-Related Information Dissemination Security Audits or Assessments Configuration and Maintenance of Security Tools, Applications, and Infrastructures Development of Security Tools Intrusion Detection Services Risk Analysis Business Continuity and Disaster Recovery Planning Security Consulting Awareness Building Education/Training Product Evaluation or Certification Source: Handbook for CSIRTs – http://www.cert.org/archive/pdf/csirt-handbook.pdf

High-Level Process Creating a National CIRT Define the basic framework Establish the fundamental policies / procedures Train the staff Launch the incident handling system Announce the CIRT to the constituency Establish contact with other parties

Institutional & Organisational Requirements Mission Statement Stakeholders Sponsor Facilitators Constituents Services to Constituents Human Resources Physical Premise IT Infrastructure Policies & Procedures Promotional & Branding Awareness Campaigns

Workshops & CIRT Deployment To help partner countries assess of their readiness to implement a National CIRT. IMPACT reports on key issues and analysis, recommending a phased implementation plan for National CIRT. Three countries are moving ahead with the deployment of the National CIRT with the help from ITU-IMPACT No. Partner Countries Assessment Status 1 Afghanistan Completed in October 2009 2 Uganda, Tanzania, Kenya & Zambia Completed in April 2010 3 Nigeria, Burkina Faso, Ghana & Ivory Coast Completed in May 2010 4 Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010 5 Serbia, Montenegro, Bosnia, Albania Completed in November 2010 6 Cameroon, Chad, Gabon, Congo Completed in December 2010 7 Armenia and Laos Completed in November 2011 8 Cambodia, Myanmar and Vietnam 9 Senegal, Togo, Gambia and Niger

Phase 1 Phase 2 Phase 3 ITU-IMPACT Support for Member States Proposed CIRT Model ITU –IMPACT Support 6 – 8 months Reactive CIRT services Phase 1 9 – 18 months Proactive CIRT services Phase 2 19 – 24 months Security Quality Management services Phase 3

Baseline Capabilities Defines a minimum set of CIRT capabilities that address the challenges and priorities for National CIRT Mandate and Strategy Service Portfolio Co-operation Operation

Mandate & Strategy Requirements and Recommendations National CIRTs need a clear mandate to serve a well-defined constituency Their role should be embedded in the strategy for national cyber-security and established in an appropriate body with adequate funding. Develop a strategic approach to cyber-security and CNI protection The mandate for the national / governmental CIRT should clearly define the scale and scope of its activities

Service Portfolio Requirements and Recommendations CIRT services should be clearly defined in line with its mandate and strategy Reduce the vulnerability of its constituency’s critical networks to cyber attacks and support effective responses to such attacks when they do occur. Effective incident handling capabilities Provide services to reduce the vulnerability of networks to cyber–attacks Provide services to support an effective response to cyber–attacks Appropriate internal processes should also be implemented to support the external services.

Operation Requirements and Recommendations Must be able to respond to incidents developing across borders since cyber-security incidents happen on a global scale Must have a reputation and competence in order to have the credibility which underpins its operational effectiveness. Ensure that CIRT is sufficiently staffed with the required technical competence Secure and resilient communication and information infrastructure Located within physically secure premises and staff should be appropriately screened

Co-operation Requirements and Recommendations Effective cooperation between CIRTs at all levels is required Requires trust and mutual respect between the bodies involved Effective in building relationships National CIRT should be enabled to invest time and resources in building cooperative relationships Establish a clear framework for cooperation with national law enforcement agencies and stakeholders All cooperative relationships should be supported by agreement 1 - to facilitate the exchange of the information and knowledge needed to reduce vulnerability and provide effective responses to cyber incidents 3 - both on bilateral and multilateral basis.

ITU-IMPACT ALERT (Applied Learning for Emergency Response Team)

Introduction to ALERT (Applied Learning for Emergency Response Team) Carried out on the 1st of December 2011 in Yangon, Myanmar Focused exercise for four countries – Cambodia, Laos, Myanmar and Vietnam Three scenarios were developed for the participants: Analysing SPAM Analysing defacement of a Website Analysing Malware and taking control of the Command and Control Server Supported by F-Secure and Trend Micro

Objective Evaluate the readiness of National CIRT in handling incident response Enhance the CIRT’s incident response capabilities Strengthening the national and international cooperation between countries in ensuring continued collective effort against cyber threats.

Conducting the Drill Organiser sent the incident scenario to the participants in an email. Participant performed their investigation/analysis on the incident and come out with the solution. The participants submitted the solution in an advisory back to the organiser via email.

Drill Setup Mail Server All formal communication between the organizer and participants went through this mail server IRC Server Informal communication such as questions or tips regarding the drill to solve the scenario Ad-hoc notifications from the organizer Collaborate with other participating CIRT teams Linux Server Linux server was made available to the participants to perform their analysis.

References http://www.enisa.europa.eu/act/cert/support/baseline-capabilities http://www.enisa.europa.eu/act/cert/support/files/baseline-capabilities-of-national-governmental-certs-policy-recommendations http://www.enisa.europa.eu/act/cert/support/files/baseline-capabilities-for-national-governmental-certs http://cert.org

Thank you www.facebook.com/impactalliance