1.

Slides:



Advertisements
Similar presentations
Czech approach to Regulatory Impact Assessment Prof. Michal Mejstřík Chairman of Regulatory Impact Assessment Board (RIAB) of the Czech Government Legislative.
Advertisements

Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
IAEA RER/9/111: Establishing a Sustainable National Regulatory Infrastructure for Nuclear and Radiation Safety Regional Workshop on Drafting Regulations.
The French approach to CIIP ENISA workshop. Coordination of CIP in France ANSSI 2 A cross-ministerial issue The General Secretariat for Defense and National.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
“Reform of the Child Care System: Taking Stock and Accelerating Action” South East Europe 3 – 6 July 2007, Sofia.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Speaker: Tamar Shapatava
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
Strategy and Policy Unit: Current Activities and Future Tasks
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
The Italian Institutional Design for Administrative Simplification HIGH LEVEL REGIONAL SEMINAR ON “STRATEGIES, TOOLS AND CAPACITIES FOR ADMINISTRATIVE.
Integration of Regulatory Impact Assessment into the decision making process in the Czech Republic Aleš Pecka Department of Regulatory Reform and Public.
REPUBLIC OF ALBANIA PUBLIC PROCUREMENT AGENCY 9th Public Procurement Knowledge Exchange Platform May, 28-31, 2013 Skopje
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
© RRT1 Regulatory Developments of Electronic Communications during 2009 in Lithuania.
Info Day on New Calls and Partner Café Brussels, 10 February 2011 How to apply: Legal Framework – Beneficiaries – Application and Selection Procedure.
NATIONAL AGENCY FOR VOCATIONAL EDUCATION AND TRAINING, BULGARIA The 4th meeting of the SEEVET-Net July, 2011 Chisinau, Moldova.
CSO engagement in policy process Hille Hinsberg State Chancellery Government Communication Officer
1 National Electronic Commerce Strategies The Malaysian Experience Ho Siew Ching Ministry of International Trade and Industry Malaysia Expert Meeting on.
Course: European Criminal Law SS 2009 Hubert Hinterhofer.
Review on development of SDI as a basis of E-government in Croatia Ivan Landek, assistant director State Geodetic Administration of RoC International Workshop.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.
A.ABDULLAEV, Director of the Public Fund for Support and Development of Print Media and Information Agencies of Uzbekistan.
Key Barriers for the ICT Research Sector in Serbia, and Recommendations for Future EU- Serbia Collaboration Miodrag Ivkovic, ISS Milorad Bjeletic, BOS.
1 European Lifelong Guidance Policy Network National Guidance Forum of the Czech Republic Open Session Career Guidance Council in Lithuania Aleksandra.
Kick-off Meeting Belgrade, 4-5 December 2008 Network of Centres for Project Development and Management.
State of implementation of the decision III/6f regarding Ukraine (MOP 2, June, , 2008, Riga, Latvia)
PRESENTATION TO THE NCOP ON THE CONVENTION ON INTERNATIONAL INTERESTS IN MOBILE EQUIPMENT BILL, MARCH 2007.
Defence Standardization, Codification and Government Quality Assurance Authority Defence Standardization Department Introduction into defence standardization.
SEA in the Czech Republic Prague, 24 September 2008.
National Information Communication Technologies Strategy Vasif Khalafov “National strategy” working group - Web -
National Protection and Rescue Directoratewww.duzs.hr Presented by: Mr. Damir Trut, Deputy Director25 February 2008, Bled-Slovenia.
ISACA Ireland Cyber Security Policy 9 February 2016.
Leading State Inspector Ivan Rovkach Department of Nuclear and Radiation Safety Ministry of Emergency Situations of the Republic of Belarus(GOSATOMNADZOR)
Lecturer: Lina Vladimirovna Zhornyak, associated professor.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 32 – Financial control Bilateral screening:
Deputy Head of Federal Accreditation Service Sergey V. Migin Approximation of accreditation systems of European Union and Russia.
CYBER SECURITY Ministry of Trade, Tourism and Telecommunication Nebojsa Vasiljevic
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 15 – Energy – Upstream Hydrocarbons.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 - Foreign, security and defence.
Reforms in the Albanian Public Procurement System 7 th Regional Public Procurement Forum Tbilisi, Georgia May 16-19, 2011 PUBLIC PROCUREMENT AGENCY 1.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
SETTING SECURITY AND DEFENSE R&T POLICY Sofia, UNWE, June 28, 2007 Nikolay Pavlov Centre for National Security and Defense Research – Bulgarian Academy.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 27 – Environment Bilateral screening:
„ZONE 2010“ Opening Exercise Col. Eng. Ivan Koleňák MoI-Directorate General of the Fire Rescue Service of the Czech Republic.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign and Security Policy.
University of Piraeus Research Centre (UPRC) Assistant Professor Nineta Polemi “PREVENTION, PREPAREDENESS AND CONSEQUENCE MANAGEMENT OF.
TAIEX-REGIO Workshop on Applying the Partnership Principle in the European Structural and Investment Funds Bratislava, 20/05/2016 Involvement of Partners.
PRESENTATION OF MONTENEGRO
MINISTRY OF THE INTERIOR OF MONTENEGRO
PRESENTATION OF MONTENEGRO
French Port Cybersecurity Initiative
Public-private cooperation
STRESS TESTS and TAIWAN PEER REVIEW PROCESS
Cybersecurity in Belarus a general overview of support areas
Establishing the Infrastructure for Radiation Safety Preparatory Actions and Initial Regulatory Activities.
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
The usage of ICT in the election process in Bulgaria
Institutional changes The role of Bilateral Oversight Boards
The European Union response to cyber threats
Hungarian Association of NGOs for Development and Humanitarian Aid
REPUBLIC OF CROATIA MINISTRY OF ENVIRONMANTAL AND NATURE PROTECTION
Presentation transcript:

1

Current State of Cyber Security In the Czech Republic 2

Cyber Security System in the Czech Republic Draft legislation Content Cyber Security System in the Czech Republic Draft legislation Practical example – DoS Attacks in March 2013 3

Cyber Security System in the Czech Republic 4

Recent development in cyber security Ministry of Interior 2010 Memorandum on National Cyber Security Incident Response Team with the CZ.NIC Association 2011 Strategy for Cyber Security 2011-2015 and accompanying Action plan National Security Authority 2011 Decision of the Government n. 781 of 19th October 2011 - NSA appointed as authority responsible for the field of cybernetic security active participation in NATO exercise „Cyber Coalition 2011“ March 2012 MoU with NATO on Cyber Defense signed 2012 Legislative intent of Law on cyber Security approved by the Government (30th May 2012) Amendment of Strategy and Action plan September 2012 Start of operation of the Governmental CERT (IOC) November 2012 Participation on „Cyber Coalition 2012“ exercise 5

Entities Active in Cyber Security Several teams recognized by the international CERT/CSIRT community i the Czech Republic Operated by private or academic entities Crucial are GovCERT at the NSA CZ and National CERT (CSIRT.CZ) operated by CZ.NIC Association as well as Military CERT operated by MoD 6

Responsibilities of the NSA in the field of Cyber Security Decision of the Government n. 781 of 19th October 2011 NSA appointed as authority responsible for the field of cybernetic security Establishment of Council for Cybernetic Security NSA Director has to present draft law on cyber security to Government NSA Director has to establish a fully operational National Cyber Security Centre till 31st December 2015 and as its part establish Governmental CERT 7

Cooperation with entities in the Czech Rep. Cooperation and consultation with governmental bodies and public administration 2012 survey NSA director’s working group of experts NCSC director’s working group of CIO’s Cooperation with expert’s community Cooperation with universities Cooperation with other CERT / CSIRT teams - as national as international 8

International Cooperation NATO – participation at the Cyber Coalition exercise 2011 (as observer) and CC12 (as full participant) MAR 2012 – Signature of MoU with NATO on Cyber Defense Information and experience sharing meetings with institutions in partner countries AFCEA – cooperation on the „Dictionary of Cybernetic Security“ ENISA – representation of the Czech Republic in ENISA since JAN 2013 9

Draft legislation 10

Basic Principles Regulation by law – need to oblige both public and private entities (operators of critical infrastructure) Individual responsibility of the operator for security of its network (protection against external attack and against misuse of its network for attacks on other networks) Division of cyberspace to areas of competence of Governmental CERT (critical information infrastructure) and National CERT Cost effective, not infringing into rights of the private entities in an excessive manner 11

Governmental CERT Has in its competence: IS of Public Governance Operators of Critical Information Infrastructure (in cooperation with Czech Telecommunication Office – fulfillment of license conditions regarding communication operators) Basic duties of operators: - Establishment of permanent communication channels with NSA; - Protection of ICT systems according to NSA regulations; - Incident reporting and implementing measures recommended by the NSA 12

National CERT Operated by private entity on the basis of public-law contract with the NSA Mediates information sharing, particularly for private entities, academic sphere, self- government, non-profit organizations, not falling into competence of the Governmental CERT 13

Critical information infrastructure Government State of cybernetic emergency Prime Minister CS Commission Reporting of incidents NSA Director National CERT/CSIRT Implementation of security measures Implementation of counter-measures National Cyber Security Center Cooperation; Information sharing ISPs Governmental CERT/CSIRT Important ISPs Critical information infrastructure ISs of public governance Important ISs 14

Next steps May 2013 Interministerial consultation procedure to the draft Law on Cyber Security June 2013 Submission of the draft to the Government Září 2013 Submission of the draft to the Government December 2013 Report on the state of cyber security for the Governmkent (including private entities) beginning 2015 Law on Cyber Security in force NLT 31/12/2015 Fully operational National Cyber Security Center 15

EU Strategy on Cyber Security Issued by the Commission in February 2013 Main tasks: Reaching cyber resilience Significant reduction of cyber crime Development of policy and capabilities of cyber defence in the framework of Common Security and Defence Policy (CSDP) Development of industrial and technological capabilities of cyber security Coherent EU policy regarding cyberspace The Czech Republic already fulfils most of the goals (Cyber Security Strategy, governmental/national CERT) 16

EU Directive on Network and Information Security (NIS) Proposed by the Commission in February 2013 To reach high level of cyber security across the EU Cooperation of the Member States in this field Harmonization of standards in the field of cyber security and facilitation of information exchange among relevant actors 17

The draft in line with our policy and we welcome it EU Directive on Network and Information Security (NIS) – Czech comments The draft in line with our policy and we welcome it The Law on Cyber Security shall implement it into Czech legislation We have only partial comments: To limit the scope on critical infrastructure To allow greater flexibility for the member states (p.e. to allow more CERTs with nation-wide responsibility) 18

Practical example DoS Attacks in March 2013 19

The Course of the Attacks I Monday 4th March – the attack targeted news servers; The servers involved were the largest and most visited news servers in the Czech Republic. Tuesday 5th March – the mainpage and login page of Seznam.cz, the largest portal and search engine in the Czech Republic with more than 150 000 daily registered users, was targeted. Seznam.cz was unavailable from 10:00 a.m. to 11:30 a.m. The attack reoccurred around 1:30 p.m. and resulted in intermittent unavailability of servers. 20

The Course of the Attacks II Wednesday 6th March – The attack targeted web servers of all major banks resulting in unavailability of their webpages and internet banking services from cca 9:30 to 11:00 a.m. The e-commerce service and some ATMs of Česká spořitelna bank were not operational for a short period of time as well. The second wave of attacks on the servers of Česká spořitelna bank came at 2:00 p.m. Thursday 7th March – the attack started at 9:30 a.m. and targeted servers of two (of three in total) major mobile telecom operators (Telefonica O2 and T-Mobile). Telefonica eliminated the attack around 10:00 a.m., T-Mobile around 11:00 a.m. Various other services were affected by the attacks as well (including the servers of the state governance) due to shared infrastructure. However, no critical infrastructure got involved. 21

Types of Attacks The attacks utilized so called “three-way handshaking” feature of the Transmission Control Protocol (TCP) According to TCP, the server wishing to establish contact with another server sends him the SYN (synchronization) message. The contacted server replies with SYN-ACK (synchronization – acknowledgement) message and the connection is finally established by the ACK message of the first server. 22

Types of Attacks – SYN Flood The first attack (carried out on Monday and Tuesday) was a so called “SYN flood” type of attack. Large number of SYN messages is sent to the targeted server which replies with SYN-ACK messages. However, the ACK message never comes and since the targeted server has to allocate certain capacity for the expected connection, its resources are soon depleted. 23

Types of Attacks – DRDoS The second type of attack (carried out on Wednesday and Thursday) was Distributed Reflection Denial of Service (DRDoS) type of attack. The attacker sends SYN messages with spoofed IP address of the target to the third-party servers (reflectors). They reply with SYN-ACK messages to the target server and overload its capacities. 24

Conclusions No damage, but a lot of media attention. No one claimed responsibility and also the motive remains unknown. The tracking of packets during the attack showed that they came from the RETN network operated mostly on the territory of the Russian Federation. Further tracking was not possible according to the RETN operator. The attacks were the first of similar scope on the territory of the Czech Republic and proved to be valuable exercise of cyber security cooperation and capabilities of the private, state and academic entities. The cooperation and information sharing considerably improved during the attacks and resulted in improved response to the attacks which was probably the reason why the attacker ceased activities after four days. 25

Lessons learned The legal basis for sharing important operational data among various companies and institutions active in cyber-security has to be established. The entities have to pay attention to the design of their IT infrastructure from the security perspective and include it in their crisis plans. The network of points of contact in the most important companies and institutions has to be established and updated. 26

End of Presentation Questions? 27