International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Cyber Security in Russia Arkadiy Kremer Russian

International Telecommunication Union

ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004

Cyber Security in Cyber Security in RussiaRussiaArkadiy Kremer

Russian Association of Networks and Services Chairman of the Executive

Committee

2

ITU-T


AGENDA

o Infocommunication development and growth of cyber crime

o Information security infrastructure in Russia

o Russian information security projects

3

ITU-T


Internet users in regions of Russia

Northern region15 % 2,3 ml

Moscow18 % 2,7 mln

Central region17 % 2,5 mln

Ural5 % 0,8 mln

South region11 % 1,7 mln

Volga region18 % 2,4 mln

Far East4 % 0,7 mln

Siberia 13 % 1,9 mln

Russia 100% (14,9 mln)

4

ITU-T


Mobile subscribers growth in Russia

19,28

42,3

49,6

0

10

20

30

40

50

mln

2003(January)

2004(March)

2004(June)

5

ITU-T


Growth of registered computer crimes in Russia

1375

3320

6049

10920

7141

0

2000

4000

6000

8000

10000

12000

2000 2001 2002 2003 2004(1-st half)

6

ITU-T


10%15%

33%

24%

18%

Business espionage

Tapping telephone conversations

Gaining secret information

Copying software

Illegal access to databases

*According to the main information center of the Ministry of Internal Affairs

Targets of computer crimes

7

ITU-T


45%

15%

14%

11%2% 3% 5%

Virus attacksDDoS attacksInterception to the system outsideUnauthorized access from withinCommercial information theftFinancial fraudIntegrity violation of data and/or networks

*According to the main information center of the Ministry of Internal Defense

Types of computer crimes

8

ITU-T


AGENDA




9

ITU-T


o Communication operators

o Developers

o Public authorities

o Associations

Security infrastructure

10

ITU-T


Communication operators

o Organization of warnings of information security incidents

o Supporting personal database records

o Cooperation with clients in case of incidents

o Cooperation with public authorities

11

ITU-T


Developers

o Development of security infrastructure

o Monitoring of modern trends

o Providing attractive financial schemes

o Assistance in education

12

ITU-T


NUMBER of VB100% AWARDS since November 2001 till August

2004Product Country Number of

awards

1. Eset NOD32 Slovakia 13

2. Sophos Anti-Virus UK 12

3. Computer Associates Vet US 11

4. Symantec AntiVirus US 11

5. DialogueScience Dr.Web Russia 10

6. Kaspersky AntiVirus Russia 10

7. Trend Micro PC-Cillin Taiwan 10

8. McAfee (NAI) VirusScan US 9

9. Norman AntiVirus Sweden 9

10.

VirusBuster Hungary 9

13

ITU-T


Public authorities

o Work out requirements for information security

o Manage of the work of providing information security

o Support educational activity

o Facilitate international cooperation

14

ITU-T


International cooperation

o In compliance with the UN General Assembly Resolution № 58/32 of December 8, 2003 Federal Expert Group was organized on international information security (Russian representative is a Chairman of the Group)

o The Group includes representatives of 15 countries: Great Britain, China, Russia, France, Belarus, Brazil, Germany, India, Jordan, Malaysia, Mali, Mexico, South Korea and the Republic of South Africa

15

ITU-T



o On the Summit of ministers of justice and internal affairs of the G-8 Countries (May 2004) a joint communiqué was adopted approving prepared materials and initiatives, including:

- widening of practice of investigations using information and communication technologies - distribution of the best practice of security infrastructure

16

ITU-T



o A special work group of Regional Commonwealth in the field of Communications was created (June 2004) for providing information security of the interconnected communication systems of the CIS (Commonwealth of Independent States) This group includes representatives of Azerbaijan, Armenia, Kazakhstan, Russia, Ukraine, Uzbekistan

17

ITU-T


Russian Association of Networks and Services (RANS) is a public and governmental organization

RANS is developing normative and legal documents in the area of implementation and utilization of information and telecommunication technologies and information security

Associations

18

ITU-T


МВД России

RANS members

In total 122 members

ЦНИИС НИИР ФСБ России ИГП РАН

19

ITU-T


AGENDA




20

ITU-T


Russian information security projects

o Memorandum of prevention of the viruses and spam distribution

o Comparative analysis of information security legislation in different countries

o Information security framework for public network

o Standardization processes watchingAll these projects are developed on the instruction of the Ministry for information technologies and communication of the Russian Federation

All working reports are published on www.rans.ru

21

ITU-T


Memorandum of prevention of the viruses and spam

distribution

The Memorandum has been worked out with the participation of both governmental institutions and commercial companies

o

The Memorandum intends to accumulate efforts of all those interested in setting up a powerful barrier on the way of propagation of harmful programs and spam

o

22

ITU-T


Virus infected messages detected

M o n th s, Se p t'0 3 to Se p t'0 4

0

10

20

30

40

50

Infe

cte

d m

ess

ag

es,

%%

Virus infected m essages detected

Virus detection and filtering in incoming mail at Yandex.mail, Sept’03 through Sept’04

23

ITU-T


Spam messages detected and filtered out

M o n th s, Se p t'0 3 to Se p t'0 4

0

20

40

60

80

100

SP

AM

me

ssa

ge

s, %

%

S pam m essages detected and filte red out

24

ITU-T


SPAM and virus filtering software on Russian market

Spam and virus filtering software is used to check incoming e-mail at:o major free public web-mail serviceso large corporationso private computers

25

ITU-T



distribution

Perfection of the normative basis

Educational activities

Developing hardware and software environment

Defining tasks for system and communication operators, hardware vendors, and public authorities

Working out the security policies

Main goals:

o

o

o

o

o

26

ITU-T


Main results:

Security profile “Means of prevention unauthorized mail”

Security profile “Antiviral security infrastructure”

Draft legal and normative act “Computer viruses. Basic terms and definitions”


distribution

o

o

o

27

ITU-T


Main results:

Draft law of counteraction to spreading SPAM

Educational program for further training of information security specialists

Training manual «Information resources security against virus threats and spam»

Memorandum of prevention to the viruses and spam

distribution

o

o

o

28

ITU-T


Comparative analysis of information security legislation

in different countries

Main results:o It is essential to organize a mutual work

of technologists and lawyers for harmonizing the fast changing language of technologies and conservative language of law

o It is necessary to provide an information security public management

29

ITU-T


Information security of public network is a balance between customers’, operators’ and public authorities’ security in the information sphere of the network

Information sphere is a totality of information, information infrastructure, entities which provide information collection, formation, dissemination and use, and also a system of regulating of the relationships brought about by the network use

o

o

Information security framework of public network

30

ITU-T


Draft normative and legal acts are being worked out on terms and definitions and on basic information security level

The basic information security level includes: - procedures for monitoring and discovering - taking adequate countermeasures

o

o

Information security framework of public network

31

ITU-T


Standardization process watching

o Research of standardization processes with relation to their business application is an important element of working out recommendations for open systems’ procurement

32

ITU-T


Thank you!

Arkadiy Kremer

Russian Association of Networks and Services

Chairman of the Executive Committee

[email protected]://www.rans.ru

Documents

International Telecommunication Union ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004 Cyber Security in Russia Arkadiy Kremer Russian