Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011.

Slides:



Advertisements
Similar presentations
A Guide to Localizing the Hyogo Framework for Action
Advertisements

EUROPEAN CIVIL PROTECTION A Community approach to the prevention of natural and man-made disasters Com(2009)82 DG ENVIRONMENT Civil Protection Unit.
ICT research priorities and recommendations for strategy development in the WBC Ulrike Kunze / PT-DLR, Germany Consultation session on recommendations.
IGF Hyderabad 2008 Dimensions of Cyber Security & Cyber Crime Michael Lewis, Carnegie Mellon University & Deputy Director, Q-CERT.
Armand Racine Consultant Chemicals Branch
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
A strategy for a Secure Information Society –
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts
SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.
1 Bishkek November 17, Goulsara Pulatova RegionalCoordinator UNISDR Secretariat Office in Central Asia 2nd Regional Consultative.
Homeland Security Information Network-Emergency Management (HSIN-EM) Fire Service Community Overview Technologies for Critical Incident Preparedness Conference.
Computer Emergency Response Teams
1 Kentuckys Public Safety Awareness Initiative Program Coordination and Partnerships August 23, 2005.
EMS Checklist (ISO model)
1Comprehensive Disaster Risk Management Framework National Disaster Management Systems 111 Institutional Arrangements and Organizational Structures Session.
+ African Legal Support Facility Negotiations of natural resource contracts : Role of ALSF 2013 African Legal Support Facility Stephen Karangizi Director,
1 9-Jun-14 Meeting with the insurance companies We protect the consumers We promote the markets We honor the law.
Evaluating administrative and institutional capacity building
International Course on Development and Disasters with Special Focus on Health February 10 – 21, 2003: St Anns, Jamaica CDERA Experience in Institutional.
IS-700.A: National Incident Management System, An Introduction
Achieve Benefit from IT Projects. Aim This presentation is prepared to support and give a general overview of the ‘How to Achieve Benefits from IT Projects’
Date or reference University Fire Safety Committee Delivered by Mike O’Connor MSc FCIOB.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
1 René BESSIN Promoting Regional Trade in Meat and Livestock-related products in ECOWAS THE WORLD BANK.
KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.
CIRT/CERT Baseline Capabilities
GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
David A. Brown Chief Information Security Officer State of Ohio
© 2003 Carnegie Mellon University slide 1 Building CSIRT Capabilities and the State of the Practice Georgia Killcrece CSIRT Development Team CERT ® Training.
DHS, National Cyber Security Division Overview
“Building Effective Public Participation in Environmental Impact Assessment in a Transboundary Context” in Bulgaria Institute for Ecological Modernisation.
Security Controls – What Works
(Geneva, Switzerland, September 2014)
Computer Security: Principles and Practice
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Stephen S. Yau CSE , Fall Security Strategies.
Part of a Broader Strategy
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
INITIAL PLANNING CONFERENCE FOR ARF DiREx 2015
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.
Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.
NFPA 1600 Disaster/Emergency Management and Business Continuity Programs.
Future Regional Trends, Regional Direction and Cooperation Global Cybersecurity Agenda Pillars.
Session 161 National Incident Management Systems Session 16 Slide Deck.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT APAN Bangkok.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Preparation of Drought Vulnerability Assessment Study to Develop Iraq National Framework for Integrated Drought Risk Management (DRM) PAVING THE WAY FOR.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Security and resilience for Smart Hospitals Key findings
Building Global CSIRT Capabilities Barbara Laswell, Ph. D
Vision and Reality for delivering a secure and healthy naming service
Crisis management related research at
Integrated Management System and Certification
About the NIS directive
Cyber Security coordination in Europe CERT-EU’s perspective
8 Building Blocks of National Cyber Strategies
AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele
2017 Health care Preparedness and Response Draft Capabilities
European Commission Initiatives for eGovernment
Oman Experience on Telecommunications Emergency Plan
Trust and Security Unit
Computer Emergency Response Team
Computer Security Cooperation in Europe
Presentation transcript:

Evolution of CSIRTs: how to engage Critical Infrastructures and cooperate beyond borders Giza, 19th December 2011

2 In the last years the number, type and impact of security incident is increasing  Internet distributed denial of service attack. 6 of the 13 root servers that form the foundation of the Internet were affected, two badly  Suxnet worm infect industrial control system with a worldwide geographic distribution  A series of cyber attacks that swamped websites of Estonian parliament, banks, ministries, newspapers and broadcasters  A series of coordinated cyber attacks against major government, media, and financial websites in South Korea and the USA  Major videogames companies under attacks Security Incident timeline /20092/ /2011  Main SSL Certificate has been violated  Massive DNS cache poisoning attack that affected millions of users in Brazil  Titan Rain, a series of coordinated attacks on US army, navy and missile units systems / /2011 2/2011  Cyber-attack hits Canadian government computers 2007  Operation Aurora, sophisticated and targeted attack international organizations  Cyber-attack hits Canadian government computers

3 Relevant CERTs was born to prevent and response to incident… European CERTs Map 2011

4 …they extended their services from being a only reaction force to a more complete security service provider, including preventive and quality services.. Reactive ServicesProactive ServicesArtifact Handling Alerts and warning Incident Handling Incident Analysis Incident Response Support Incident Response Coordinator Incident Response on site Vulnerability Handling Vulnerability Analysis Vulnerability Response Vulnerability Response Coordination Announcements Technology Watch Security Audits or Assessments Configuration and Maintenance of Security Development of Security Tools Intrusion Detection Services Security-Related Information Dissemination Artifact Analysis Artifact Response Artifact Response Coordination Security Quality Management Risk Analysis Business Continuity and Disaster Recovery Security Consulting Awareness Building Education/Training Product Evaluation or Certification CERT Services

5 …and at national, regional and international level are started CERTs cooperation initiatives but no one only for national private sector CIRCA National forum of cooperation from public and private sector CIRCA National forum of cooperation from public and private sector O-IRT-o the Dutch o-IRT-o initiative associates CERT teams including 31 organizations from public and private sector O-IRT-o the Dutch o-IRT-o initiative associates CERT teams including 31 organizations from public and private sector Polish Abuse Forum Abuse Forum assembles a group of CERTs and security teams of Polish ISP and ICP (Incident Content Providers) Polish Abuse Forum Abuse Forum assembles a group of CERTs and security teams of Polish ISP and ICP (Incident Content Providers) Main cooperation initiatives CERT-Verbund the initiative associates German security and incident response teams from various sectors CERT-Verbund the initiative associates German security and incident response teams from various sectors UKCERTS the British UKCERTs alliance is an informal forum of CERTs from different sectors UKCERTS the British UKCERTs alliance is an informal forum of CERTs from different sectors CEENet Central and Eastern European Association comprised of 23 national research/education networks CEENet Central and Eastern European Association comprised of 23 national research/education networks EGC a group of CERTs with governmental constituencies and national responsibilities in their countries. EGC a group of CERTs with governmental constituencies and national responsibilities in their countries. APCERT a CERTs coalition that ensures network security and incident response activities in the Asia Pacific Region. APCERT a CERTs coalition that ensures network security and incident response activities in the Asia Pacific Region. NORDUnet CERT assembles Scandinavian CERTs within the NORDUnet (cooperation of Nordic national research networks) NORDUnet CERT assembles Scandinavian CERTs within the NORDUnet (cooperation of Nordic national research networks) TERENA TF-CSIRT a task force organised under the TERENA TERENA TF-CSIRT a task force organised under the TERENA FIRST the biggest international forum of CERTs and other security teams FIRST the biggest international forum of CERTs and other security teams National initiativesRegional/international initiatives

6 Indeed today CERTs have still lack of engagement, services, investment, mutual aid and coordination As is To Be No engagement No involvement in Incident Response Lack of coordination at the international level Only one-way services Lack of information sharing Lack of mutual aid No shared incident management policies and procedures No shared incident management strategies and framework No engagement No involvement in Incident Response Lack of coordination at the international level Only one-way services Lack of information sharing Lack of mutual aid No shared incident management policies and procedures No shared incident management strategies and framework Engagement Involvement in Incident Response Coordination at the international level Inter-sector and intra-sector cooperation Two-ways services Information sharing and shared situational awareness Incident management mutual aid Shared incident management policies and procedures Shared incident management framework Engagement Involvement in Incident Response Coordination at the international level Inter-sector and intra-sector cooperation Two-ways services Information sharing and shared situational awareness Incident management mutual aid Shared incident management policies and procedures Shared incident management framework CERTs improvement needs

7 Responding to issues and in accordance with common points of national strategies, GCSEC intent to create a Cyber Incident Response Coordination Capabilities (CIRC2) involving private sector Common key Points and Recommendations national cyber security strategy Relevant Sectors to involve in the first stage Energy Company Transportation Company Finance Company Telco Company

8 information sharing on threats, vulnerabilities, warnings, alerts, methodologies and tools for incident management Definition of shared incident management policies and procedures Mutual aid to directly enforce the CIRC2 member’s capabilities of incident response Contribution to definition of national and international regulatory and policy framework Objectives of CIRC2 are information sharing, mutual aid, definition of shared policies/procedures, contribution to regulatory framework, private cooperation Representation in international context and facilitation of coordination between public and private stakeholders CIRC2 Objectives

9 Only in the second stage, the CIRC2 could be transformed in an effective Incident Response Joint Team of Private Sector To became an effective IR Joint Team, the IR Capability should take several actions as: establish the legal form of the organization (e.g. consortium) define the mission and the range and level of services that IRT will offer (e.g. proactive or reactive services) define a funding model identify an organizational model define interactions/interfaces define incident response processes implement secure information systems and network infrastructures identify required resources IRT Energy Company IRT Transportation Company IRT Finance Company Incident Response Joint Team (Private Sector) During the second stage of the project, a capability assessment of each IRT will be performed by GCSEC, in order to align them to the best practice Public National Italian Response Team Out of scope Comments

10 CIRC2 is based on a model composed of organization, processes and tools Organization Processes Tools CIRC2 Model

11 Legal entity Funding Model Non disclosure agreements (NDAs) Mutual Aid and Assistance Agreement … Organizational model and structure Reporting structure, authority Roles and responsibilities Staff … Information sharing policy Incident classification and communication policy Trust communication policy Resource management policies Incident handling guidelines Risk management policy Interoperability policy … The model includes strategies, legal and administrative framework, organizational model and policies… Mission, vision, goals, objectives, constraints Participation strategy (members and other National Stakeholders) and minimum capability’s level Risk Management strategies Trust Model … Strategies Legal & admin framework Organization model Policies Organization main aspects Illustrative

12 Information sharing process Mutual aid and assistance process Communication and coordination process Risk management process Incident reporting process Incident classification process Incident coordinated response process Performance measurement process Shared resources (personnel, equipment, facilities, supplies, and other) management process Escalation process Emergency management process Post incident evaluation process Lessons learned and improvement process Incident management exercise process … … management processes of CIRC2 … Processes main aspects Illustrative

13 Information sharing platform Technological instruments to support trust Early warning system Instruments for secure communications Incident forensics tools Other tools …all tools needed for cooperation, information sharing and incident management Tools main aspects Illustrative

14 Each member will draw benefits from participation in the CIRC2 More effectively and efficiently some processes that if they had implemented individually (e.g. forensics and post incident analysis) Information knowledge and information sharing Better incident response through mutual aid and assistance Incident exercises and awareness building across private sector Shared technologies and common automated platform for security vulnerabilities identification and communication, alerts and warning Cost reduction Resource sharing and staff exchange More effectively and efficiently some processes that if they had implemented individually (e.g. forensics and post incident analysis) Information knowledge and information sharing Better incident response through mutual aid and assistance Incident exercises and awareness building across private sector Shared technologies and common automated platform for security vulnerabilities identification and communication, alerts and warning Cost reduction Resource sharing and staff exchange CIRC2 member benefit

15 Other organizations/governments can benefit CIRC2 project Be informed on CIRC2 development Support requirements definition Join the Pilot project Be informed on CIRC2 development Support requirements definition Join the Pilot project How to participate

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.