CERT cooperation with ISP’s on Cybersecurity C ă t ă lin P ă trașcu CERT-RO 29 October 2015 RONOG 2 Meeting1
Who is CERT-RO? 29 October 2015 RONOG 2 Meeting2 CERT-RO is the Romanian National Computer Security Incident Response Team an independent structure, with expertise in the field of cyber security, that has the capacity to prevent, analyze, identify and respond to cyber security incidents threatening Romanian national cyber-space coordinated by the Ministry for Information Society and fully financed by the state budget
What does CERT-RO do? Acts as a National Point of Contact, collecting cyber security alerts from different stakeholders regarding vulnerabilities and incidents (IP’s, domains, URLs, IoC’s) Incident response activities (first response, investigations, mitigation, technical support, data dissemination and coordination) Operates an Early Warning System (EWS) on cyber-security incidents, based on the alerts received and data gathered from own detection sensors Technical Audits, Pentests, Foreniscs, Technical Workshops 29 October 2015 RONOG 2 Meeting3
CERT-RO statistic on alerts received in October 2015 RONOG 2 Meeting4
Last years trend 29 October 2015 RONOG 2 Meeting – 43.2 million alerts processed 2014 – 78.7 million alerts processed Approximated 82% growth
We need to do something There are almost 3 years since CERT-RO notifies ISP’s in RO about different malicious/suspicious resources/activities - Botnets (IP’s of infected systems, or even C2 servers) - Vulnerabilities (NTP, Open resolver etc.) - Malicious URL’s (malware, phishing etc.) - DDoS Attacks Maybe we should do something more then “one-way s” 29 October 2015 RONOG 2 Meeting6
Use a standard for information sharing? 29 October 2015 RONOG 2 Meeting7 STIX
Use a platform for information sharing? 29 October 2015 RONOG 2 Meeting8 Information sharing in real time?
End user notification? 29 October 2015 RONOG 2 Meeting9 We already started to work on that with one ISP in RO
Help users to fight botnets 29 October 2015 RONOG 2 Meeting10
THANK YOU! 29 October 2015 RONOG 2 Meeting11 QUESTION S ? C ă t ă lin P ă trașcu CERT-RO