ITU-IMPACT Regional Cybersecurity Forum - CLMV Philip Victor (philip.victor@impact-alliance.org) Director, Policy & International Cooperation December 2013 INTRODUCTION OVERVIEW ON CYBERCRIME !2 Cyber Attacks – Asia Pacific http://www.ciol.com/ciol/news/ 202744/singapore-india-japanthreat-cyber-attacks !3 Global Coalition Industry Experts International Bodies Academia Think Tank ITU-IMPACT’s Global Alliances Expertise Technology Skills Resources Experience Cybersecurity services 193 Partner Countries UN System !4 ITU-IMPACT Collaboration The International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union (ITU) – bringing together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats. ITU & IMPACT signs a Memorandum of Understanding in 2008. IMPACT becomes the physical home of ITU’s Global Cybersecurity Agenda to operationalise cybersecurity services across 193 countries. ITU & IMPACT signs a Cooperation Agreement in May 2011. IMPACT becomes the cybersecurity executing arm of the United Nations’ specialised agency, ITU. IMPACT now will expand its services to the UN System. Cybersecurity Services Deployed 147 Countries have joined the Coalition ITU-IMPACT Global Partnership Industry International Organisations Civil Society Academia (200+) ITU-IMPACT Services Technical Services • Network Early Warning System (NEWS) • Collaborative Platform for Experts (ESCAPE) • IMPACT Government Security Scorecard (IGSS) • Computer Incident Response Team (CIRT) • Vulnerability and Web Assessment • Penetration Testing Non-technical • Advisory Services on Policy and Regulatory Issues to Partner Countries • Partner Country Coordination • Partner Engagement (Industry, Academia, Intl. Organisations) • Child Online Protection Capacity Building • Partner Country Cybersecurity Assessment • Training • Workshops • Seminars • High level briefings • Cyber drills Activities and Milestones 2008 - 2013 CYBERSECURITY OUR EXPERIENCE Requests from countries to provide assistance in developing a national level cybersecurity strategy We started receiving requests for providing assistance in the implementation NCS CIRT ALERTS 2009 Resources Required LEGAL CNIP Initially countries started by requesting us for alerts and early warnings Started responding to requests from countries to provide assistance for cybercrime legal frameworks review. Requests from countries for assisting them in the protection of their critical infrastructures 2010 Expectations 2011 2012 2013 !10 ITU-IMPACT Updates • CIRT assessment & implementation conducted for over 45 countries • Cyber drill conducted for CIRT/CERTs in 70 countries over 4 regions • Trained over 1600 cybersecurity professionals and practitioners over 80 countries • Deployed over 300 scholarships to over 40 countries !11 CIRT Readiness Assessment, Deployment & Implementation CIRT readiness Assessment Completed: Afghanistan, Uganda, Tanzania, Kenya, Zambia, Nigeria, Burkina Faso, Ghana, Mali, Ivory Coast, Maldives, Bhutan, Nepal, Bangladesh, Serbia, Montenegro, Bosnia & Herzegovina, Albania, Cameroon, Chad, Gabon, Congo, Sudan, Cambodia, Laos, Myanmar, Vietnam, Armenia, Senegal, Niger, Togo, Gambia, Dominican Republic, Ecuador, Honduras, St. Kitts & Nevis, St. Vincent & the Grenadines, Grenada, Barbados, Trinidad & Tobago, Lebanon, Lesotho, Mauritania, Djibouti, Botswana, Jamaica, St. Lucia, Lesotho, Mauritania CIRT Implementation Completed: Montenegro, Zambia, Kenya, Burkina Faso & Uganda Planned 2012/2013: Tanzania, Ivory Coast, Togo, Barbados, Trinidad & Tobago, Burundi !12 Cyber Drill ALERT (Applied Learning for Emergency Response Team) • Designed to maintain and strengthen international cooperation between partner countries and ensure a continued collective efforts against cyber threats and exercises designed to enhance communication and incident response capabilities. • The cyber drill simulation runs through a scenario with each participating country divided into two roles, representing a player and an observer. • Over 70 countries have participated in the Cyber drills conducted by ITU-IMPACT. • Cyber drills conducted: 1. Dec 2011 – Asia Region 2. July 2012 – Arab Region 3. Oct 2012 – Europe & CIS Region 4. Aug 2013 – Americas Region 5. Oct 2013 – Arab Region Planned Cyber drills • CLMV – December 2013 • Americas 2nd Quarter 2014 • Africa 3rd Quarter 2014 !13 Child Online Protection COP a) ITU-IMPACT has been identified as the implementer for the ITU COP framework b) ITU-IMPACT has also focused on the development of tools, policies, procedures and materials specific to COP c) ITU-IMPACT are currently developing a framework for information exchange - COPX Moving forward - COP National Strategy Framework: a) ITU-IMPACT will conduct the next COP National Strategy Framework Workshop in Oman in October 2013. b) Eastern Europe c) Arab d) Americas Collaboration with INTERPOL Memorandum of Understanding IMPACT and INTERPOL have signed a Memorandum of Understanding (MoU) to exchange information, expertise as well as to enhance both organisations’ knowledge base in the field of cybersecurity. The MoU will see collaboration in the following areas: • To promote capacity building in the area of cybersecurity. • To share and exchange information on digital forensics, malware and information relevant to cybersecurity. • To assist in cybercrime investigation. Secretary General of INTERPOL, Ronald Noble with IMPACT’s Chairman, Datuk Mohd Noor Amin Witnessed by Noburu Nakatani, Executive Director, INTERPOL and Dr Hamadoun Touré, Secretary General of ITU IMPACT – Over the Years 147 0 2008 No of Partner Countries 2013 • From very humble beginnings ITU-IMPACT today has become the largest UN backed Cybersecurity Coalition in the world. • Today we serve the Cybersecurity needs of nearly 2/3rd of the ITU member states • We have achieved much but we realise that there is much more that needs to be done !16 Planned Offerings – ITU-IMPACT 2014-2016 • Some of the highlights o Child Online Protection Information Exchange (COPX) o Anti-Virus Exchange (AVEX) o Legal Activities o National Cybersecurity Strategy (NCS) o Cyber-drill (ALERT) o Implementing National Computer Incident Response Teams (CIRT) Key On-Going Projects • December 2013 – – – • January 2014 – – – • CIRT Implementation (2 weeks) – Ivory Coast CIRT Assessment (1 week) – Cyprus Capacity Building (Incident Handling, Forensics & Pen Test) – Zambia February 2014 – – – • CIRT Assessment & Capacity building (2 weeks) – Sierra Leone (LDC project) Cyber Drill & Cybersecurity Workshop (3 days) – CLMV countries Child Online Protection Workshop – Malaysia (3 days) Oman SME & CNIIP training INTERPOL-ITU-IMPACT Forensics & Investigation training – Law Enforcement & CERTs in Asia Pacific CIRT Assessment & Capacity Building (2 weeks) – Guinea (LDC project) Not confirmed dates: – – – – National CIRT Implementation: Jamaica, Tanzania, Ghana, Barbados, Trinidad & Tobago, Burundi LDC project: Vanuatu, Gambia & Haiti CIRT Phase 2 & 3 and Honeynet deployment : Kenya, Zambia & Sudan Law enforcement training – Cameroon & Togo 12/7/13 Thank you www.facebook.com/impactalliance philip.victor@impact-alliance.org IMPACT Jalan IMPACT 63000 Cyberjaya Malaysia T +60 (3) 8313 2020 F +60 (3) 8319 2020 E contactus@impact-alliance.org impact-alliance.org © Copyright 2013 IMPACT. All Rights Reserved.