International Telecommunication Union
Cyber Security in Russia
Arkadiy Kremer
Russian Association of Networks and Services
Chairman of the Executive Committee
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
AGENDA
ITU-T
o Infocommunication development and
growth of cyber crime
o Information security infrastructure in
Russia
o Russian information security projects
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
2
Internet users in regions of
Russia
ITU-T
Russia 100% (14,9 mln)
Ural
5%
0,8 mln
Northern region
15 % 2,3 ml
Moscow
18 %
2,7 mln
Central
region
17 %
2,5 mln
South region
11 %
1,7 mln
Volga region
18 %
2,4 mln
Siberia
13 %
1,9 mln
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Far East
4%
0,7 mln
3
Mobile subscribers growth in
Russia
ITU-T
49,6
mln
42,3
50
40
30
19,28
20
10
0
2003
(January)
2004
(March)
2004
(June)
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
4
Growth of registered computer
crimes in Russia
ITU-T
10920
12000
7141
10000
6049
8000
6000
4000
3320
1375
2000
0
2000
2001
2002
2003
2004
(1-st half)
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
5
Targets of computer crimes
18%
ITU-T
10%
15%
24%
33%
Business espionage
Tapping telephone conversations
Gaining secret information
Copying software
Illegal access to databases
*According to the main information center of the Ministry of Internal Affairs
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
6
Types of computer crimes
ITU-T
2% 3%
5%
11%
45%
14%
15%
Virus attacks
DDoS attacks
Interception to the system outside
Unauthorized access from within
Commercial information theft
Financial fraud
Integrity violation of data and/or networks
*According to the main information center of the Ministry of Internal Defense
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
7
AGENDA
ITU-T
o Infocommunication development and
growth of cyber crime
o Information security infrastructure in
Russia
o Russian information security projects
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
8
Security infrastructure
ITU-T
o Communication operators
o Developers
o Public authorities
o Associations
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
9
Communication operators
ITU-T
o Organization of warnings of information
security incidents
o Supporting personal database records
o Cooperation with clients in case of
incidents
o Cooperation with public authorities
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
10
Developers
ITU-T
o Development of security infrastructure
o Monitoring of modern trends
o Providing attractive financial schemes
o Assistance in education
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
11
NUMBER of VB100% AWARDS
since November 2001 till August
2004
ITU-T
Product
Country
Number of
awards
Slovakia
13
2. Sophos Anti-Virus
UK
12
3. Computer Associates Vet
US
11
4. Symantec AntiVirus
US
11
5. DialogueScience Dr.Web
Russia
10
6. Kaspersky AntiVirus
Russia
10
7. Trend Micro PC-Cillin
Taiwan
10
US
9
Sweden
9
Hungary
9
1. Eset NOD32
8. McAfee (NAI) VirusScan
9. Norman AntiVirus
10. VirusBuster
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
12
Public authorities
ITU-T
o Work out requirements for information
security
o Manage of the work of providing
information security
o Support educational activity
o Facilitate international cooperation
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
13
International cooperation
ITU-T
o In compliance with the UN General
Assembly Resolution № 58/32 of December
8, 2003 Federal Expert Group was organized
on international information security
(Russian representative is a Chairman of the
Group)
o The Group includes representatives of 15
countries: Great Britain, China, Russia,
France, Belarus, Brazil, Germany, India,
Jordan, Malaysia, Mali, Mexico, South
Korea and the Republic of South Africa
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
14
International cooperation
ITU-T
o On the Summit of ministers of justice and
internal affairs of the G-8 Countries (May
2004) a joint communiqué was adopted
approving prepared materials and
initiatives, including:
- widening of practice of investigations
using information and communication
technologies
- distribution of the best practice of
security infrastructure
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
15
International cooperation
ITU-T
o A special work group of Regional
Commonwealth in the field of
Communications was created (June 2004) for
providing information security of the
interconnected communication systems of
the CIS (Commonwealth of Independent
States)
This group includes representatives of
Azerbaijan, Armenia, Kazakhstan, Russia,
Ukraine, Uzbekistan
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
16
Associations
ITU-T
Russian Association of Networks and Services
(RANS) is a public and governmental
organization
RANS is developing normative and legal
documents in the area of implementation and
utilization of information and
telecommunication technologies and
information security
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
17
RANS members
ЦНИИС НИИР МВД России ФСБ России ИГП РАН
ITU-T
In total 122 members
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
18
AGENDA
ITU-T
o Infocommunication development and
growth of cyber crime
o Information security infrastructure in
Russia
o Russian information security projects
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
19
Russian information security
projects
ITU-T
o
o
o
o
Memorandum of prevention of the viruses
and spam distribution
Comparative analysis of information security
legislation in different countries
Information security framework for public
network
Standardization processes watching
All these projects are developed on the instruction of the
Ministry for information technologies and communication of
the Russian Federation
All working reports are published on www.rans.ru
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
20
Memorandum of prevention of
the viruses and spam distribution
ITU-T
o The Memorandum has been worked out with
the participation of both governmental
institutions and commercial companies
o The Memorandum intends to accumulate
efforts of all those interested in setting up a
powerful barrier on the way of propagation
of harmful programs and spam
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
21
Virus infected messages detected
Virus infected messages detected
50
ITU-T
Infected messages, %%
40
30
20
10
0
Months, Sept'03 to Sept'04
Virus detection and filtering in incoming mail at
Yandex.mail, Sept’03 through Sept’04
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
22
Spam messages detected and
filtered out
Spam messages detected and filtered out
ITU-T
100
SPAM messages, %%
80
60
40
20
0
Months, Sept'03 to Sept'04
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
23
SPAM and virus filtering software
on Russian market
ITU-T
Spam and virus filtering software is used to
check incoming e-mail at:
o major free public web-mail services
o large corporations
o private computers
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
24
Memorandum of prevention of
the viruses and spam distribution
ITU-T
Main goals:
o Perfection of the normative basis
o Educational activities
o Developing hardware and software
environment
o Defining tasks for system and communication
operators, hardware vendors, and public
authorities
o Working out the security policies
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
25
Memorandum of prevention of
the viruses and spam distribution
ITU-T
Main results:
o Security profile “Means of prevention
unauthorized mail”
o Draft legal and normative act “Computer
viruses. Basic terms and definitions”
o Security profile “Antiviral security
infrastructure”
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
26
Memorandum of prevention to
the viruses and spam distribution
ITU-T
Main results:
o Draft law of counteraction to spreading SPAM
o Training manual «Information resources
security against virus threats and spam»
o Educational program for further training of
information security specialists
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
27
Comparative analysis of
information security legislation in
different countries
ITU-T
Main results:
o It is essential to organize a mutual work of
technologists and lawyers for harmonizing
the fast changing language of technologies
and conservative language of law
o It is necessary to provide an information
security public management
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
28
Information security framework
of public network
ITU-T
o Information security of public network is a
balance between customers’, operators’ and
public authorities’ security in the information
sphere of the network
o Information sphere is a totality of
information, information infrastructure,
entities which provide information collection,
formation, dissemination and use, and also a
system of regulating of the relationships
brought about by the network use
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
29
Information security framework
of public network
ITU-T
o Draft normative and legal acts are being
worked out on terms and definitions and on
basic information security level
o The basic information security level includes:
- procedures for monitoring and discovering
- taking adequate countermeasures
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
30
Standardization process
watching
ITU-T
o
Research of standardization processes
with relation to their business
application is an important element of
working out recommendations for open
systems’ procurement
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
31
ITU-T
Thank you!
Arkadiy Kremer
Russian Association of Networks and Services
Chairman of the Executive Committee
Kremer@mail.rans.ru
http://www.rans.ru
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
32