How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.

Slides:

Advertisements

Similar presentations

Its a new digital world with new digital dangers….

Advertisements

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

IMPROVING THE INTERNATIONAL COMPARABILITY OF STATISTICS PRODUCED BY CSIRTs Developing Cybersecurity Risk Indicators panel 26 th Annual FIRST Conference.

SCADA Security, DNS Phishing

Jinhyun CHO Senior Researcher Korea Internet and Security Agency.

Internet Development in Chinese Mainland Wang Enhai

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

CCSA REPORT Zemin YANG, Secretary General GSC-18 Meeting, July 2014, Sophia Antipolis, France Document No: GSC(14)18_013 Source: China Communications.

Network Security of The United States of America By: Jeffery T. Pelletier.

1. 2 A High Tech Crime Investigation Lessons learned by the National High Tech Crime Center Hans Oude Alink, project leader NHTCC November 2005.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

(Geneva, Switzerland, September 2014)

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Matteo Cavallini – ULS MEF/Consip Digital Agenda Assembly – Cybersecurity: barriers and incentives Matteo Cavallini Cybersecurity: State of the Art and.

1 China Internet Network Information Center （ CNNIC ） Administrative Practice of.CN Domain Names.

Norman SecureSurf Protect your users when surfing the Internet.

Capacity Development Workshop on Public Information Management System and Policy in Korea on cyber attacks Jeong Min, Lee KISA.

Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure.

Cyber Security Issues in South Korea and CSIRTs Cooperation September 17, 2014 Eunju Pak

JPCERT/CC May Fixed-Point Auto Data Collecting System Getting more accurate Scan and Prove data to provide more accurate network traffic analysis.

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

APCERT : APNIC Meeting 2014’ International Collaboration for Regional Cybersecurity Risk Reduction - APCERT Collaboration with Stakeholders Yurie Ito Chair,

Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

Copyright © 2008 APCERT APCERT Activity Updates Asia Pacific Computer Emergency Response Team Jia-Chyi Wu Deputy Director, TWNCERT On behalf of APCERT.

Internet Security Aspects Dr. Gulshan Rai Director Indian Computer Emergency Response Team (CERT-In) Department of Information Technology.

Network Abuse Handling in CNNIC and JPNIC Terence Zhang, CNNIC Izumi Okutani, JPNIC.

Internet Drivers License CSS411/BIS421 Computing Technology & Public Policy Mark Kochanski Spring 2010.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level June 10 th, 2009Event details (title,

Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.

AP Security Framework Suguru Yamaguchi JPCERT/CC.

World summit on the information society 1 Pierre Gagné International Telecommunication Union March 2004 WSIS Follow-up Building the Information Society:

Fostering worldwide interoperabilityGeneva, July 2009 How to counter web-based attacks on the Internet in Korea Heung Youl YOUM Chairman of Korea.

Copyright © 2010 APCERT Graham Ingram AusCERT SC member of APCERT AP* Retreat, Gold Coast 23 rd August 2010.

Security, For DNS and by DNS ZHOU Yonglin Beijing, Dec 6 th, 2009.

DOCUMENT #:GSC15-PLEN-06 FOR:Presentation SOURCE:CCSA AGENDA ITEM:4.3 Recent Progress of CCSA ’s Standardization Activities.

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

Recent Cyber Attacks and Countermeasures September 2006.

Cyber-security policy to encourage CSIRTs activities Yasuhiro KITAURA Ministry of Economy, Trade and Industry, JAPAN.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 Fighting cybercrime in 2009 Magnus Kalkuhl, Senior Virus Analyst Kaspersky Lab ITU-T.

Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and anti- virus.

Conficker Update John Crain. What is Conficker? An Internet worm  Malicious code that is self-replicating and distributed over a network A blended threat.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

Hurdles in implementation of cyber security in India.

Recent Trends of ITS in China Xiaojing WANG Director, China National ITS Center Chief Engineer, RIOH of Ministry of Transport Oct. 7, 2015 Workshop of.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

Status report on CJK NGN Working Group April 9, th CJK Standard Meeting Taesang Choi Chairman of CJK NGN Working Group.

CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1.

TLP:Green FIRST/TF-CSIRT Technical Colloquium January 25 th – 27 th, 2016 Prague, CZ TLP:Green.

Update on APCERT Asia Pacific Computer Emergency Response Team Thomas Ng, SingCERT (On behalf of APCERT)

The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT APAN Bangkok.

Jeju, 13 – 16 May 2013Standards for Shared ICT Recent Progress of CCSA’s Standardization Activities Hequan WU Chairman of the Council, CCSA Document No:

Cyber Crime in China: Current Situation and Countermeasures He Xing Cyber Crime Investigation Division Ministry of Public Security, China.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

BY: AUSTIN NEIGH. WHAT IS CYBER WARFARE? Hacking that is politically motivated to conduct sabotage or espionage Form of information warfare Typically.

Recent Progress of CCSA’s Standardization Activities

WTSA-12 Resolutions addressing security

WTSA-12 Resolutions addressing security

Report on the Situation of Information and Communication Technology Accessibility in China by Cui Huiping Director General of Information Technology Center.

Cybersecurity in Belarus a general overview of support areas

APCERT Activities Asia Pacific Computer Emergency Response Team

Romanian National Cyberspace - Quick facts -

Internet Worm propagation

Recent Progress of CCSA’s Standardization Activities

Computer Emergency Response Team

Introduction to Internet Worm

Presentation transcript:

How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

Internet Development in China By the end of June 2010, The number of Internet users was about 420 million, counting for 31.8% of total population. Broadband users was nearly 364 million Mobile Internet users was nearly 277 million The commercial applications showed remarkable increase. The users of online-shopping, online-payment, online-banking were 142 million, 128 million and 122 million, counting for 33.8%, 30.5%, 29.1% of total Internet user. Online video users was about 265 million Benefitting from mobile phone development, the online- reading users reached 188 million. 3 Geneva, 6-7 December 2010Addressing security challenges on a global scale Source: MIIT and CNNIC

Internet Security Situation in China: Malicious code activity In the first half of 2010, CNCERT monitored: Trojans activity: control servers counting by IP ： 247,235 compromised hosts counting by IP ： 3,966,329 IRC-Bot activity: control server counting by IP ： 6,451 compromised host counting by IP ： 3,148,046 In the whole year of 2009, about 28 million Conficker worm infected computers were in China.

Internet Security Situation in China: Website defacement In the first half of 2010, CNCERT monitored: – Number of all defaced website: 14,907 ， decreased 21.75% than the same period of 2009 。 – Defaced government website ： 2,574, increased % than the same period of 2009

Internet Security Situation in China: More… DDOS attacks Phishing Smart Phone malware – ‘DuMusicPlay’ infection: nearly 1 million in first week of Sep. – ‘Mobile Skull’ infection: nearly 560 thousand in same week. 6 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

About CNCERT Full name: National Computer network Emergency technical Response Team Coordination Center of China CNCERT/CC is a National level CERT organization, which is responsible for the coordination of activities among all Computer Emergency Response Teams within China concerning incidents on national public networks. It provides computer network security services and technology support in the handling of security incidents for national public networks, important national application systems and key organizations, involving detection, prediction, response and prevention. It collects, verifies, accumulates and publishes authoritative information on the Internet security issues. It is also responsible for the exchange of information, coordination of action with International Security Organizations.

About CNCERT CNCERT has 31 branches around the nation, located at each capital of provinces. CNCERT is a leading organization on cyber security industry. Also take the role of network and information security committee of Internet Society of China. CNCERT is a full member of FIRST and APCERT.

Connections and working mechanism Supporting government – Ministry of Industry and Information Technology who is in charge of the Internet and telecommunication infrastructure security and coordinating the safeguarding of online government information system, and social critical information systems CNCERT: Collecting security info. of ICT field and issue advisories, coordinating ISPs, DNRs to clean malware control servers, monitoring attacks to government online systems, etc. – Other governments CNCERT: following the cross-department working mechanism, provides technical supports like vulnerability evaluation, incident handling,… etc. 9 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

Uniting Industries and initiatives Industrial Self- discipline 10 Addressing security challenges on a global scaleGeneva, 6-7 December 2010 CNVD- China National Vulnerability DatabaseANVA – Anti Network Virus Association

CNCERT played key role on cyber safeguarding of national events 2008 Beijing Olympics Shanghai EXPO 2010 Nation Leaders’ Online Talks2010 Guangzhou Asian Games

Actively join international cooperation – Join FIRST and APCERT and relevant events – Sign MOU with CERTs in other countries or regions, who have common interest on incident handling and information sharing. – Carry out joint activity during critical period or incident. Notice potential conflicts on Internet during hot foreign affairs Waledac botnet handling: Microsoft initiated Waledac campaign in US. Feb 2010, according to MS’s request, CNCERT quickly stopped 16 malicious domain names registered in China. 12 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

ACKNOWLEDGEMENT Many thanks to ITU-T secretariat, workshop chairman and coordinators for your kind invitation and helps. Many thanks to the development of Internet and telecommunication technology by which I can join you remotely. Yes, that is what our cyber security guys are fighting for! CONTACT zyl AT cert DOTorg DOTcn