1. Establishing national (governmental) CERTs in CIS Countries
Dr Jacek Gajewski
Silk (NATO), BSI (EC), ENISA PSG
BSI Opening
Baku, Oct 2009

2. What is CERT?
Computer Emergency Response Team is an organization that is responsible for receiving, reviewing, and responding to computer or network security breach.
Additionally: alerts, advisory, trainings, awareness raising…
BSI Opening
Baku, Oct 2009

3. Where CSIRTs exist?
BSI Opening
Baku, Oct 2009

4. NATO CERT creation project
In 2007 NATO started project to create CERTs in CIS & CEE
AF, AM, AZ, BY, GE, KG, KZ, MD, TJ, TM, UA, UZ
AL-BG-MK (just started)
NATO created CERTs as sub-structure of Academic Networks (e.g. AzEduNet/AZRENA)
BSI Opening
Baku, Oct 2009

5. CERT creation project
Each newly created CSIRT got free „starting kit”:
Equipment bundle
Training of 1-3 CERT officers (based on ENISA’s Step-by-Step guide)
Small stipend for CERT officers in initial period of operation
BSI Opening
Baku, Oct 2009

6. ENISA’s Step by Step Guide
ENISA has created a „A Step-by-Step Guide on how to set up a CSIRT”, which on 85 pages contains detailed instructions how to set up and run CERT.
For the usage in CIS countries CEENet has translated this guide to Russian
BSI Opening
Baku, Oct 2009

7. Guide in Russian Пошаговое руководство по созданию CSIRT
Включая примеры и контрольные таблицы
в форме проектного плана.
Приложение
A. Список дополнительной литературы
B. Список CSIRT-сервисов
C. Примеры
D. Образцы материалов CSIRT-курсов
BSI Opening
Baku, Oct 2009

8. Creation of gov. CERTs
Within ENISA brokerage programme (eg. HU helped RO, FI helped SA, etc.)
In case of CIS countries a ‘middleman’ is needed, e.g. Poland will help to create CERT-Moldova
Governmental initiative to create joint gov CERT for CIS countries – meeting in Astana,
BSI Opening
Baku, Oct 2009

9. Creation of gov. CERT in Azerbaijan
Informal contacts with representatives of Azerbaijan MoC&IT about creation of national CERT (Min. Ali Abbasov, Vice-min Elmir Velizadeh)
Dr Bayramova took part in CERT Creation training in Moldova and knows ENISA people responsible for CERT brokerage activity
BSI Opening
Baku, Oct 2009

10. DDoS Laboratory & Security Audits
Central DDoS Laboratory to be set, open to all partners, with possibility of remote operation via NETLAB
CERTs will be trained and equipped to be able to perform Security Audits of other networks and organizations
Training of many new CERT officers
Project sent to NATO; high level meeting on
BSI Opening
Baku, Oct 2009

11. CERT Cooperation Model
In case of emergency of massive attack, no single CERT can cope
Help of other CERTs is usually offered, but often in un-coordinated way, too late, not in areas where it is really wanted
MICC Project to create a model of coordinated mutual support of CERTs in case of massive DDoS attack against one of partners sent to EC
BSI Opening
Baku, Oct 2009

12. CERT’s international cooperation in extreme situation
CERT-GE is part of GRENA. As there were no other CERT teams in Georgia, during recent events CERT-GE undertook obligation to operate as national CERT, worked two weeks in 24h mode and coordinated attacks mitigation.
CERT-GE contacted Georgian ISPs and other organizations, created a mailing list in order to facilitate communication and exchange of all needed information.
As this information was huge and geographical distribution of attacks was quite wide, it was impossible to make quick analysis and proper reaction. CERT-GE contacted CERT-Polska (Poland) which offered its help in preventing and filtering attacks; they distributed information on attacks to more than 180 CERT teams and other security related bodies all over the world. Two members of CERT-EE arrived to to Tbilisi to help on place.
This example demonstrates that the most important actions for handling incidents are quick information exchange and international cooperation between CERTs and other organizations involved in cyber security.
Baku, Oct 2009
BSI Opening

13. Gajewski (at) CEENet (dot) org
THANK YOU !
Jacek Gajewski
Gajewski (at) CEENet (dot) org
BSI Opening
Baku, Oct 2009