ITU-IMPACT
Regional Cybersecurity Forum - CLMV
Philip Victor (philip.victor@impact-alliance.org)
Director, Policy & International Cooperation
December 2013
INTRODUCTION
OVERVIEW ON CYBERCRIME
!2
Cyber Attacks – Asia Pacific
http://www.ciol.com/ciol/news/
202744/singapore-india-japanthreat-cyber-attacks
!3
Global Coalition
Industry
Experts
International Bodies
Academia
Think
Tank
ITU-IMPACT’s Global Alliances
Expertise
Technology
Skills
Resources
Experience
Cybersecurity services
193 Partner Countries
UN
System
!4
ITU-IMPACT Collaboration
The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing
arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union
(ITU) – bringing together governments, academia and industry experts to enhance the global community’s
capabilities in dealing with cyber threats.
ITU & IMPACT signs a Memorandum of Understanding in
2008. IMPACT becomes the physical home of ITU’s Global
Cybersecurity Agenda to operationalise cybersecurity
services across 193 countries.
ITU & IMPACT signs a Cooperation Agreement in May
2011. IMPACT becomes the cybersecurity executing arm of
the United Nations’ specialised agency, ITU. IMPACT now will expand its services to the UN System.
Cybersecurity Services Deployed
147 Countries have joined the Coalition
ITU-IMPACT
Global Partnership
Industry
International
Organisations
Civil Society
Academia
(200+)
ITU-IMPACT
Services
Technical Services
• Network Early Warning
System (NEWS)
• Collaborative Platform for
Experts (ESCAPE)
• IMPACT Government
Security Scorecard (IGSS)
• Computer Incident
Response Team (CIRT)
• Vulnerability and Web
Assessment
• Penetration Testing
Non-technical
• Advisory Services on Policy
and Regulatory Issues to
Partner Countries
• Partner Country
Coordination
• Partner Engagement
(Industry, Academia, Intl.
Organisations)
• Child Online Protection
Capacity Building
• Partner Country
Cybersecurity Assessment
• Training
• Workshops
• Seminars
• High level briefings
• Cyber drills
Activities and Milestones
2008 - 2013
CYBERSECURITY
OUR EXPERIENCE
Requests from countries
to provide assistance in
developing a national
level cybersecurity
strategy
We started receiving
requests for
providing assistance
in the
implementation
NCS
CIRT
ALERTS
2009
Resources
Required
LEGAL
CNIP
Initially countries
started by
requesting us for
alerts and early
warnings
Started responding to
requests from countries to
provide assistance for
cybercrime legal
frameworks review.
Requests from
countries for
assisting them in
the protection of
their critical
infrastructures
2010
Expectations
2011
2012
2013
!10
ITU-IMPACT Updates
•
CIRT assessment & implementation conducted for over 45 countries
•
Cyber drill conducted for CIRT/CERTs in 70 countries over 4 regions
•
Trained over 1600 cybersecurity professionals and practitioners over 80 countries
•
Deployed over 300 scholarships to over 40 countries
!11
CIRT Readiness Assessment, Deployment & Implementation
CIRT readiness Assessment Completed: Afghanistan, Uganda,
Tanzania, Kenya, Zambia, Nigeria, Burkina Faso, Ghana, Mali, Ivory
Coast, Maldives, Bhutan, Nepal, Bangladesh, Serbia, Montenegro,
Bosnia & Herzegovina, Albania, Cameroon, Chad, Gabon, Congo,
Sudan, Cambodia, Laos, Myanmar, Vietnam, Armenia, Senegal, Niger,
Togo, Gambia, Dominican Republic, Ecuador, Honduras, St. Kitts &
Nevis, St. Vincent & the Grenadines, Grenada, Barbados, Trinidad &
Tobago, Lebanon, Lesotho, Mauritania, Djibouti, Botswana, Jamaica,
St. Lucia, Lesotho, Mauritania
CIRT Implementation Completed: Montenegro, Zambia,
Kenya, Burkina Faso & Uganda
Planned 2012/2013: Tanzania, Ivory Coast, Togo, Barbados,
Trinidad & Tobago, Burundi
!12
Cyber Drill
ALERT (Applied Learning for Emergency Response Team)
• Designed to maintain and strengthen international cooperation between partner countries
and ensure a continued collective efforts against cyber threats and exercises designed to
enhance communication and incident response capabilities.
• The cyber drill simulation runs through a scenario with each participating country divided
into two roles, representing a player and an observer.
• Over 70 countries have participated in the Cyber drills conducted by ITU-IMPACT.
• Cyber drills conducted:
1. Dec 2011 – Asia Region
2. July 2012 – Arab Region
3. Oct 2012 – Europe & CIS Region
4. Aug 2013 – Americas Region
5. Oct 2013 – Arab Region
Planned Cyber drills
•
CLMV – December 2013
•
Americas 2nd Quarter 2014
•
Africa 3rd Quarter 2014
!13
Child Online Protection
COP
a) ITU-IMPACT has been identified as the implementer for the ITU COP
framework
b) ITU-IMPACT has also focused on the development of tools, policies,
procedures and materials specific to COP
c) ITU-IMPACT are currently developing a framework for information exchange
- COPX
Moving forward - COP National Strategy Framework:
a) ITU-IMPACT will conduct the next COP National Strategy Framework
Workshop in Oman in October 2013.
b) Eastern Europe
c) Arab
d) Americas
Collaboration with INTERPOL
Memorandum of Understanding
IMPACT and INTERPOL have signed a Memorandum of Understanding (MoU) to exchange information,
expertise as well as to enhance both organisations’ knowledge base in the field of cybersecurity.
The MoU will see collaboration in the following areas:
• To promote capacity building in the area of cybersecurity.
• To share and exchange information on digital forensics, malware and information relevant to
cybersecurity.
• To assist in cybercrime investigation.
Secretary General of INTERPOL, Ronald Noble with IMPACT’s Chairman,
Datuk Mohd Noor Amin
Witnessed by Noburu Nakatani,
Executive Director, INTERPOL and
Dr Hamadoun Touré, Secretary General of ITU
IMPACT – Over the Years
147
0
2008
No of Partner Countries
2013
• From very humble beginnings ITU-IMPACT today has become the largest UN
backed Cybersecurity Coalition in the world.
• Today we serve the Cybersecurity needs of nearly 2/3rd of the ITU member states
• We have achieved much but we realise that there is much more that needs to be
done
!16
Planned Offerings – ITU-IMPACT
2014-2016
• Some of the highlights
o Child Online Protection Information Exchange
(COPX)
o Anti-Virus Exchange (AVEX)
o Legal Activities
o National Cybersecurity Strategy (NCS)
o Cyber-drill (ALERT)
o Implementing National Computer Incident
Response Teams (CIRT)
Key On-Going Projects
•
December 2013
–
–
–
•
January 2014
–
–
–
•
CIRT Implementation (2 weeks) – Ivory Coast
CIRT Assessment (1 week) – Cyprus
Capacity Building (Incident Handling, Forensics & Pen Test) – Zambia
February 2014
–
–
–
•
CIRT Assessment & Capacity building (2 weeks) – Sierra Leone (LDC project)
Cyber Drill & Cybersecurity Workshop (3 days) – CLMV countries
Child Online Protection Workshop – Malaysia (3 days)
Oman SME & CNIIP training
INTERPOL-ITU-IMPACT Forensics & Investigation training – Law Enforcement & CERTs in Asia
Pacific
CIRT Assessment & Capacity Building (2 weeks) – Guinea (LDC project)
Not confirmed dates:
–
–
–
–
National CIRT Implementation: Jamaica, Tanzania, Ghana, Barbados, Trinidad & Tobago, Burundi
LDC project: Vanuatu, Gambia & Haiti
CIRT Phase 2 & 3 and Honeynet deployment : Kenya, Zambia & Sudan
Law enforcement training – Cameroon & Togo
12/7/13
Thank you
www.facebook.com/impactalliance
philip.victor@impact-alliance.org
IMPACT
Jalan IMPACT
63000 Cyberjaya
Malaysia
T +60 (3) 8313 2020
F +60 (3) 8319 2020
E contactus@impact-alliance.org
impact-alliance.org
© Copyright 2013 IMPACT. All Rights Reserved.