Current/Planned ITU-IMPACT Services Anuj Singh/Marco Obiso Burkina Faso October 2013

advertisement
Current/Planned ITU-IMPACT Services
Anuj Singh/Marco Obiso
Burkina Faso
October 2013
Planned Offerings – ITU-IMPACT
2014-2016
• Some of the highlights
– Anti-Virus Exchange (AVEX)
– Child Online Protection Information Exchange
(COPX)
– Legal Activities
– National Cybersecurity Strategy (NCS)
– Cyber-drill (ALERT)
– Implementing National Computer Incident
Response Teams (CIRT)
2
Anti-Virus Exchange Platform
AVEX
Introduction
•
•
•
•
A closed access system for exchange of virus information
Provides a repository of antivirus signatures and meta information in a reliable and interactive manner.
Provide information on virus’s, malwares along with its remedial measures.
Provides an set of API for antivirus providers to publish information to the system automatically.
4
AVEX
Behind the program
•
•
•
•
•
Information comes into AVEX comes from a trusted network of ITU‐IMPACT industry partners mostly from the AV industry.
All the users contributing to the system have to be pre approved by a group of reviewers.
AVEX provides an API set which allows the contributors to push information directly to the system from their applications.
The information accessibility is decided based on the privileges of the user.
ITU‐IMPACT partner countries can query the AVEX database through ESCAPE.
5
AVEX
Functionalities
•
AVEX comes with a host of in built functionalities. Some of the major capabilities built into AVEX include
SEARCHABLE MALWARE DATASET
ANTIVIRUS VENDOR API
AVEX v1.0 AGGREGATION ENGINE
ESCAPE INTEGRATION
6
AVEX
Future upgrades
•
Some of the future upgrade would include:
IMPROVED API SETS
MALWARE SAMPLE REPOSITORIES
UPGRADED SEARCH FUNCTIONALITIES
HONEYNET INTEGRATION
7
AVEX
Benefits
•
•
•
•
•
•
Unbiased service for sharing information on malwares along with its respective detection tools, removal tools and characteristics.
Facilitates a trusted platform between AV Vendors to share information on latest malwares.
Provides ITU‐IMPACT partner countries with an option for accessing the information through the ESCAPE platform.
Acts as an aggregator compiling results from multiple providers.
Real time updates of virus, malware signatures and blacklists.
Real time global service operation statistics.
8
RS1
COP
X
Child Online Protection Information Exchange
Slide 9
RS1
Rishi Singh, 14/6/2013
Problems
Current Issues
•
There is an increasing number of unwanted content on the internet
– Child Pornography, Self harm, Radicalisation, Suicide etc.
•
Hardly any attempts made to collect the list of available objectionable
material and distribute it to actionable agencies.
•
No capabilities/solutions with limited capabilities exist to deter the
perpetrators or to decrease objectionable material on the internet.
•
Majority of the actions taken by organization/agencies are in silos.
•
Most of the actionable information does not reach the right agencies.
10
Solutions
Existing Initiatives
And many more….
11
What is Required?
Core Capabilities
•
Ability to bring multiple organisations together to contribute.
•
Make information available to all empowered agencies to take action.
•
Allow distribution of information and capacity building material to agencies:
–
Law enforcement agencies/Regulatory authorities/Judiciary/Special interest groups
•
Automation of key routines to ensure speedy delivery.
•
Consensus of all concerned agencies of the objectionable material.
12
Introduction
COPX - Thought Process
•
A deterrent for offenders.
•
Developing a global coalition to protect the interest of children online.
•
Providing a secure platform for information sharing.
•
Building a centralised repository for COP materials.
•
Facilitate international collaboration.
•
Building global acceptance and participation on COP initiatives.
13
COPX
International Organizations
Others
PORTAL
DATABASE
ITU Regional Centers
Country Regulators
14
COPX
15/10/2013
Countries
Special Interest
Groups
Industry Partners
Member states
International
Organisations
Special interest
groups
Consumers
IMPACT
International
Organisations
Reviewers
ITU
Contributors
Facilitators
Eco System
Member states
Regulators
Law Enforcement
Agencies
Special Interest
Groups
15 15
COPX
Facilitators
Eco System
Contributors
15/10/2013
Reviewers
Consumers
16 16
Roles
Participating Organisations
INTERNATIONAL
ORGANISATIONS
COUNTRY
• Provide inputs to
the system
• Provide inputs to
the system
• Take the
responsibilities of
validating
information
• Take responsibility
over information
• Encourage
interaction on the
platform
• Provide statistics
and Information
• Participate in take
down operations
• Participate in
discussion and
information sharing
ITU-IMPACT
• Provide a secure
infrastructure
• Facilitate the
participation of
agencies
• Ensure the stability
of the platform
• Provide translation
services to
materials.
17
ITU-IMPACT Legal Activity
ITU-IMPACT Legal Activity
Introduction
•
It is our goal to make sure that partner countries have a legal framework
that enables them deploy maximum cybersecurity.
•
For that purpose we conduct a legal activity in six steps:
Assessment
Stakeholder
Consultation
Drafting
Capacity Building
Implementation
International
Cooperation
19
National Cybersecurity Strategy
Overview
Introduction
The Importance of National Cybersecurity
Important functions of society
rely on Internet and ICTs
Internet and ICTs have become
essential drivers for
economic growth
But increased reliance equals increased
vulnerabilities and threats
Attacker sophistication and
professionalism growing
Multiple malicious actors target
individuals, industries,
and governments
33
Introduction
The Scope of National Cybersecurity
Master plan
Cybersecurity
policies
Initiatives and
research
Resources
Information
Handling &
Sharing
mechanism
Risk prioritization
Compliance
Certification
Evaluation of
procedures and
process
Awareness
Capacity Building
How to approach
Acceptance
International
Cooperation
34
Introduction
Motivations for National Cybersecurity Strategies
Motivations
To Achieve
• Enhanced governmental
co-ordination at policy and operational levels
Strategic level
Organisational level
Operational level
• Reinforced public-private
co-operation
• Improved international
co-operation
• Benefits of the economic aspects of
cybersecurity
• Benefits of a multi stakeholder dialogue
35
National Cybersecurity Strategy
Scope and Vision
National Cybersecurity Strategy
Legal &
Regulatory
Technical &
Procedural
Capacity
Building
Cooperation
Policy &
Compliance
Government security
Protection of Critical
Infrastructure
Response
Mechanism
National
Coordination
Awareness
Fight against
cybercrime
Private Sector
Cooperation
International
Cooperation
Education
Research and
Development
Forensic Capabilities
Risk Management
36
National Cybersecurity Strategy
Structure
National Cybersecurity Strategy
Legal &
Regulatory
Technical &
Procedural
Capacity
Building
Cooperation
Policy &
Compliance
NCA
National Cybersecurity
Agency
National
CIRT
CNIIP CoE
Forensics Centre
Research Centre
Certification Centre
37
National Cybersecurity Strategy
Assessment Methodology
Five day on-site assessment and workshop exercise by
two IMPACT experts with the purpose to:
• Review the current ICT and cybersecurity readiness and requirements of the country.
• Review the cybersecurity stakeholders in the country.
• Analyse the capabilities of setting up a National Cybersecurity Agency with the
subsequent National CIRT, CNIIP CoE, Forensics Centre, Research Centre, and
Certification Centre.
• Propose an organisational structure for the NCS.
• Propose an initial roadmap for the NCS.
• Conduct trainings for capacity building in operation, maintenance, and coordination of
the NCA with relevant agencies.
38
National Cybersecurity Strategy
Assessment Methodology
The Assessment Report will include:
Proposals:
Reviews:
•
ICT and
Cybersecurity
readiness
•
Project governance framework including
identification of members of Steering Committee
and Advisory Groups
•
Identification of
cybersecurity
stakeholders
•
Scope, vision, and timeframe of the NCS
•
Risk assessment approach
Identification of
cybersecurity actors
and critical sectors
•
Initial project roadmap and priorities
•
Evaluation framework for the NCS
•
39
Cyber Drill (ALERT)
Applied Learning for Emergency Response Teams
41
Cyber Drill
ITU Regional Forum on Cybersecurity
Introduction
•
Three-day event.
•
First day, workshops on current issues such as:
• Botnets, Mobile Security, Child Online Protection, etc.
•
Next two days,
•
Cyber drill -- ALERT (Applied Learning for Emergency Response Team).
•
A cyber attack simulation in a controlled environment – no live systems
are attacked.
Objectives
•
Capacity building
•
To enhance communication and incident response capabilities.
•
To maintain and strengthen international cooperation between partner
countries and to ensure a continued collective efforts against cyber threats.
42
43
Cyber Drill
Milestones and Plan for 2013
•
Designed to maintain and strengthen international cooperation between partner
countries and ensure a continued collective efforts against cyber threats and
exercises designed to enhance communication and incident response capabilities.
•
The cyber drill simulation runs through a scenario with each participating country
divided into two roles, representing a player and an observer.
•
Over 57 countries have participated in the Cyber drills conducted by ITU-IMPACT.
•
Cyber drills conducted:
Dec 2011 – Asia Region
July 2012 – Arab Region
Oct 2012 – Europe & CIS Region
Aug 2013 – Americas Region
Planned Cyber drills
•
Arab Region 4th quarter 2013
•
Asia-Pacific Region 4th quarter 2013
44
Cyber Drill
Target ALERT Participants
Ten national Computer Incident Response Teams (CIRT).
Minimum three or maximum four technically competent participants from each country’s
CIRT, divided into two roles: Player and Observer.
Player
This mandatory role requires the participant to have technical knowledge as well skills to use
the tools to perform incident analysis on the scenarios.
Observer
This optional role requires the participant to have management and communication skills in
order to observe and assist the players in his team as well as communicate with other
participating teams (as part of international cooperation) during the drill.
Participating
Team
Player #1
Player #2
Player #3
Optional
(Player
#4/Observer)
45
COMPUTER INCIDENT
RESPONSE TEAMS (CIRTs)
CIRTs
Introduction
•
A CIRT assists partner countries in preventing and handling cyber threats by
acting as a single point of contact for reporting security incidents as well as
providing a platform for information sharing.
•
ITU-IMPACT provides CIRT services to its partner countries.
CIRT SERVICES
READINESS
ASSESSMENT
CIRT AUDIT
CIRT
IMPLEMENTATION
51
CIRT Readiness Assessment
Objectives
•
Provides an overall view on the functions of the CIRT.
•
To assess the countries readiness towards establishing a CIRT.
•
To provide the participants with an overall experience of a CIRT
functionality.
•
5 days comprehensive exercise.
•
Mainly dealing with the practical approach with introductions and briefings
on incident handling and operation methodologies.
52
CIRT Implementation
CIRT Implementation
Introduction
•
To assist the government to establish its national CIRT and further develop
its cybersecurity capabilities.
•
To serve as a trusted, central coordination point of contact for cybersecurity.
•
To build up the incident response capability at identifying, defending,
responding and managing cyber threats.
54
CIRT Implementation
Implementation Roadmap
Phase
1
6 months
Phase
2
6-12 months
Phase
3
National
CIRT
55
CIRT Implementation
Phase 2 Overview
Phase 2 of CIRT Implementation will be focusing on
proactive services:
NATIONAL CIRT
PHASE 1
Incident Response Framework
CIRT Mailing List
Incident Management System
(RTIR)
CIRT Portal
Reactive Services
Proactive Services
Security Assessment
Framework
Security Assessment Framework
Centralised Log Management
•
Intrusion Detection System
(NIDS & HIDS)
Network Security Monitoring
Network Security Monitoring
(NSM)
•
PHASE 2
56
CIRT Implementation
Phase 3 Overview
Prevention of further intrusions
• Goal is to reconstruct modus operandi of intruder to prevent further
intrusions.
Assessment of damage
• Goal is to certify system for safe use.
Sandbox
Evidence preservation
Package 2
Reconstruction of an incident
• For criminal proceedings.
• For organization-internal proceedings.
Advance Forensic
CIRT Forensic
Evidence Collection
Reporting format
Malware Analysis
Package 1
CIRT Forensics
Package 3
Mobile Forensic
57
Thank you
www.facebook.com/impactalliance
IMPACT
Jalan IMPACT
63000 Cyberjaya
Malaysia
T +60 (3) 8313 2020
F +60 (3) 8319 2020
E contactus@impact-alliance.org
impact-alliance.org
© Copyright 2013 IMPACT. All Rights Reserved.
Download