Upload
manelmedina
View
397
Download
0
Tags:
Embed Size (px)
Citation preview
1
Risks of Cybercrime in Europe
Prof. Manel MedinaHead of Unit CERT Operational
support at ENISA
2
Content
Overall ENISA Activities
Cybersecurity Risk EnvironmentOrganisation/Attacker Risk pattern
What is your Favourite Threat?
Specific ENISA contributionFight against cybercrime:
• Cooperation barriers• Best practices
Workshops and training: Toolkits
New EU Directive
3
Overall ENISA activities
WS1: ENISA as Facilitator for improving Cooperation
• Breach notification guidelines for article 13.a:• development of min security requirements for ISPs & Telcos• First breach notification received by ENISA in September.
• Cyber Exercises:• planning and managing the EU–US exercise• planning Cyber Europe 2012
• Seminars on national CIIP exercises (9 done, 4 more)• Good practice guide on National contingency plans
(2012Q1)• The EU Institutional CERT support (CERT EU) – On Track• Workshops & meetings organized: 18 done + 8 planned• 27 deliverables
415/04/2023
• Secure smartphone• Good Practices and Guidelines for ICS and SCADA:
smart-grids, maritime, eco systems.• Supply Chain Integrity (SCI)• Browser Security paper as input to W3C process• Cloud procurement security• Study on use of advanced cryptographic techniques
(12 MS, >50% EU citizens)• Contribution in the Expert Group on the Internet of Things• Early warning for NIS preliminary results• 6 WS and meetings organised• 19 Deliverables
5
WS2: ENISA as Competence Center for Securing Current &
Future Technologies
15/04/2023
WS3: ENISA as Promoter of Privacy & Trust
• Economics of Security community established• Launched activities:
• Economic Efficiency of Security Breach Notification Schemes• Monetising privacy pilot• Trust and reputation models activity• Minimum disclosure activity
• Security Month:• Inventory on recent awareness security events across Europe & USA• Security awareness video clips supplied to DHS.
• EU-US Expert Sub-Group on Awareness raising• 5 expert groups meetings and WS organised• 10 Deliverables
615/04/2023
Stakeholder Relations & Project Support Activities
Stakeholder Relations:• Increased information sharing with several EU bodies:
JRC, CEN, Europol, EDA, CEPOL, EMSA, …• Inventory of CERTs in EU (Nat./Governmental & others)• Country Reports validated by the NLOs and published• Formal requests management process activated
Project Management & Support Activities:• NIS in Education• Horizontal Risk management methodology: EMSA, life-log
…
715/04/2023
Extra Activities
• Continue to support the CERT EU pre-configuration team as a support for the EU institutions CERT
• Present preliminary results at 8th EFMS (EC/A3 Request)• EP3R:
• engagement of public and private stakeholders in EP3R• engagement of national PPPs in EP3R• 5 deliverables & 3 WS
• EU-US Exercise:• defining public affairs strategy, evaluation, monitoring, training• 2 Deliverables & 4 WS
• EU-US sub group on PPPs (ICS/SCADA)• 4 Deliverables & 4 WS
• Supply Chain Integrity (SCI)815/04/2023
9
Cybercrime Risk environment
Risk Patterns
Categories of attacks: Organisation viewEconomic Espionage
Cybercrime
Military/Governmental Espionage
Cyber warfareDiverse players
Amateurs, petty criminalsOrganized crime National security services Others…
11
Lulz Security
12Anonymous
Attacker Risk Analysis:Economic cost/benefit balance
Mb+ Pb > Ocp + OcmPaPc
Organisation/Institutional/Social Support:• jail risk
Return of InvestmentFull-fledged economy
Credit-card numbers, passwords, mules DIY virus-kits with money back guarantee
Cyber attacks: a real risk
13
14Operation Shady RAT
18
What’s your favourite Threat?
Attacker: few loss & high benefit
Defender: High loss & High costs
Defender Approach:Identify attacker pattern (motivation, many?)
Choose defense policy: People (Authentication), (Personal) Data, (malicious) SW, (consumerisation) HW
Get external support (LEA, n/g CERT, Cloud)
Operation Aurora
23
Night dragon
24
Wikileaks
25
Attacks on governments
26
Nimkey trojan
27
28
29
Specific ENISA contribution
30
Cybercrime project 2011Cooperation between CERTs and Law Enforcement Agencies in the fight against cybercrime
A first collection of practices
Operational, legal and cooperation aspects
Informal expert group
Surveys
6th ENISA Workshop CERTs in Europe
The Fight against Cybercrime (1/7)
31
Cybercrime project 2011 Conclusions:Collaboration between CERTs and LEAs needs to be bilateral
Integrating teams (internship, secondment, …)
Use of both formal and informal communications
Increase opportunities for CERTs and LEAs to meet
National legislation should be made clearer and exceptions should be made for CERTs.
…
The Fight against Cybercrime (2/7)
32
Legal aspects project 2011A flair for sharing – encouraging information exchange between CERTs
A study into the legal and regulatory aspects of information sharing and cross-border collaboration of n/g CERTs in Europe
Informal expert group to support the review of the study
The Fight against Cybercrime (3/7)
33
National/Governmental CERTs
A national CERT:Is Concerned with incidents at the national level, mostly those affecting the CII
Can act as international contact point for incident management
A governmental CERT:Is responsible of NIS of governmental institutions, usually linked to intelligence units
Most EU MS have them, sometimes delegated to Academic CERT.
34
n/g CERTs in Europe
35
Legal aspects project 2011 Conclusions:A number of relevant legal framework identified
Definitions of computer and network misuse
Privacy and data protection legislation
Criminal procedure
Intellectual property rights
Determining applicable law
Some recommendations to policy makers & CERTsGreater info. on differences and clarity between relevant laws
Putting n/gCERTs on a specific legal footing
Providing tools and guidance for CERTs to share information whilst respecting legal obligations
Gather specific advice (e.g. on interpretation of Data Protect)
The Fight against Cybercrime (4/7)
36http://www.enisa.europa.eu/activities/cert/support
The Fight against Cybercrime (5/7)
37
Cybercrime projects 2012
Good practice guide on operational NIS aspects of the fight against cybercrime; and
Good practice guide on legal/regulatory aspects of cybercrime.
7th Cybercrime workshop at EUROPOL
The Fight against Cybercrime (6/7)
38
Cybercrime projects 2012 Main goals:Define key concepts
Describe the technical and legal/regulatory aspects of the fight against cybercrime
Compile an inventory of operational, legal/regulatory and procedural barriers and challenges and possible ways to overcome these challenges
Collect existing good and best practices (technologies to use, information to interchange, etc.)
Develop recommendations
The Fight against Cybercrime (7/7)
39
Zeus trojan
40
CERT toolkitsENISA clearinghouse for incident handling tools (CHIHT):
Types of tools available on our website, that can be used
for cybercrime investigation:
For more tools see link below:
https://www.enisa.europa.eu/activities/cert/support/chiht
41
Annual CERT Workshops (1/2)
6th annual ENISA Workshop CERTs in EuropePrague, Czech Republic, 3-4 October 2011
Supported by the Czech Republic national CERT (CSIRT.CZ)
Jointly organised with EUROPOL
Closed meeting – by invitation only - speakers from MS national CERTs, Police/cybercrime PoCs, Europol, …
Cybercrime topic
42
Annual CERT Workshops (1/2)
7th annual ENISA Workshop CERTs in Europe
This year split in two parts
Hands-on technical training workshopMid-June 2012
Support from Team Cymru
Hosted by University of Malta
Co-located with FIRST event
Workshop focusing on cybercrimeAutumn 2012
Jointly organised with Europol
Closed meeting - by invitation only
Proposal Directive on attacks against information system (1/2)
Aim: To deal more efficiently with growing number of large-scale and highly sophisticated cyber attacks
Will replace current Framework Decision (2005) on attacks against information systems
Novelty: criminalisation of use, production and sale of tools (known as "botnets") to commit large scale attacks
Proposal Directive on attacks against information system (2/2)
Proposal put forward by the European Commission in 2010
Negotiations in the Council (common approach agreed at the 2011 Council)
Deliberations in the European Parliament started (LIBE is the Committee responsible) and indicative plenary sitting date 02/07/2012
European Parliament asked ENISA to share its objective expertise in the field
This Directive might be adopted already this year
http://www.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2010/0273(COD)&lg=en#technicalInformation
47
Conclusions
Hard to evaluate risk
Hard to detect attacks
Many zero day threats still unknown
Need to follow “normal” crime approaches:All criminals use computers to store/transfer data
Need for collaboration: LEA/CERT
PPP (EP3R)
CIIP/CERT