Presentation is loading. Please wait.

Presentation is loading. Please wait.

IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.

Published byGavin Weaver Modified over 10 years ago

Similar presentations

Presentation on theme: "IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT."— Presentation transcript:

1 IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT

2 2 General Trends Users on Internet Computers Devices Vulnerabilities Exploits Financial Incentives Criminal Activity & a multitude of sinister threats!

3 3 The Economics of CyberCrime Barriers to entry are minimal resources are essentially free (!) technical requirements are modest Low risk, high reward! Opportunities grow with continued E-volution of services Returns are tantalizingly large Prosecution is difficult Investigation is costly in time & resources Challenging to trace and attribute Coordination of investigations across borders is difficult And what is a crime in some countries is not in others And innovation seems to be prevalent on the dark side – consider botnets! Cybercrime is a growth industry!

4 4 Agreed – the Internet is good but it was not designed for security What do we mean by security? Integrity? Privacy? Safety? The parable of the three blind men and the elephant Better to be proactive than reactive … but we live in interesting times … prepare for the worst … incidents happen! Assume loss of a USB … or that clear text is essentially public Everyone is already doing something … do it better! In accordance with the growing body of experience & best practices Use relevant and useful standards and policies adapt approach to national / local situation Many have come before … utilize their experience, insights, recommendations … complement, not conflict … mutually reinforce contribute to the Cyber Security Network!

5 5 When Things Go Wrong, Who Do You Call? Do people know what to do in a crisis? Would they recognize it when it happens? Are escalation thresholds and procedures established? When should (or not) law enforcement get involved? Are roles defined? Issues of authority, responsibility, & liability Do trusted relations exist? Must be established in advance of actual need! Such questions should be asked at all levels Individual Organizational national

6 6 One Component of Improved Cyber Security A Computer Security Incident Response Team Can exist within an organization, a sector, or at a national, regional, or sector level Should be proactive more than reactive Also known as a CERT – a Computer Emergency Response Team The original is the CERT/CC at the Software Engineering Institute of Carnegie Mellon University

7 7 Front-Line Response Help Desk IT Department Network Ops end-user An organizational CSIRT to formalize organizational incident response Push Alerts, Updates, Patches Receive Reports Respond to Incidents! Observe Escalation Procedures Report as needed to national center first responder Who do they call?

8 8 National CSIRT a necessary but not sufficient component of a national cyber security strategy Organizational CSIRT National Coordination Center Government CSIRT Sector-specific CSIRT ISP CSIRT Private Citizens! Bank CSIRT Ministry CSIRT Oil co. CSIRT Organizational CSIRT Scope-of-Service Incident Coordination & Reporting Incident Analysis & Forensics Outreach, Awareness, & Training Critical Infrastructure Protection Identify Points-of-Contact Exchange Encryption Keys Establish NDAs & MoUs The National Cyber-Security Network

9 9 The Cyber Security Network National CSIRT Regional-CERT external organizations FIRST ITU end users organizational CSIRTs At each level, organizations have relations with external partners and professional societies The CSN Law Enforcement

10 10 Coordinating a National Approach to Cybersecurity Develop a National Cybersecurity Strategy – identify and engage the stakeholders Create Incident Management & Coordination Capability – consider the CSIRT model Identify constituents & counterparts – national, regional, international Establish trusted relations & secure mechanisms for collaboration Conduct regular, targeted events to build skills, test systems and escalation procedures, & share experience

11 11 Review Incidents & Improve Response 11:0022:00 DDoS Start Org Calls National Team 01:00 Change IP ISP Filter 11:00 TCP Dump Data Collection 14:00 Start TCP dump data analysis 17:00 Apply Filtering Rules 10:00 ISP Data Collection and analysis time Packets/sec Volume Goals: Early detection Reduce impact Compress timeline Test escalation Sample DDOS incident attack traffic, over time Discover attack Is actively monitored

12 12 Aftermath Questions What can be done to improve detection and response? When did the attack actually start? When did it stop? Was there a discernible pattern that might help future early detection strategies? Review the impact of mitigation strategies – what worked? What didnt? Review the sequence of deploying the mitigation strategies – was order important? Was the proper escalation procedure observed? Were the right partners involved?

13 13 General Questions Are first-responders identified and properly trained? Are there default strategies that can be designed in advance and rapidly deployed for different types of incidents? If so, what is the threshold / trigger for their activation? Are escalation procedures defined? Are forensically-safe mitigation and analysis methods used? What are the respective roles and responsibilities of targeted site / ISP / CSIRT? Are there liability issues involved, regarding intervention and advice? Such questions should be resolved by the cool light of day rather than in the heat of the moment when time is of the essence!

14 14 Align & Partner many good initiatives exist

15 15 Provocations How much security do we need / want? What kind of security (transactional, privacy, safety)? How are controls implemented without damaging the nature of the Internet? How much anonymity (if any!) ? Who holds data? Under what guidelines (duration, access, distribution)? Is the Internet as constituted suitable for children? If not, what should be done? Awareness? Tools?

16 16 Questions – at the end! & this afternoon

Download ppt "IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.

AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.

International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Chapter 14 Fraud Risk Assessment.

Chapter 14 Fraud Risk Assessment.
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.

© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Dr. Pradnya Saravade Dy.

Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Dr. Pradnya Saravade Dy.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.

1 Case Study ESTABLISHING NATIONAL CERT By Saleem Al-Balooshi Etisalat - AE.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Geneva, Switzerland, 15-16 September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.
OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

OU INFORMATION SECURITY & RISK MANAGEMENT ISA – February 4, 2015.

Similar presentations

Ads by Google