Upload
sean-hoover
View
216
Download
0
Tags:
Embed Size (px)
Citation preview
International Telecommunication Union
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Cyber Security in Cyber Security in RussiaRussiaArkadiy Kremer
Russian Association of Networks and Services Chairman of the Executive
Committee
2
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
AGENDA
o Infocommunication development and growth of cyber crime
o Information security infrastructure in Russia
o Russian information security projects
3
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Internet users in regions of Russia
Northern region15 % 2,3 ml
Moscow18 % 2,7 mln
Central region17 % 2,5 mln
Ural5 % 0,8 mln
South region11 % 1,7 mln
Volga region18 % 2,4 mln
Far East4 % 0,7 mln
Siberia 13 % 1,9 mln
Russia 100% (14,9 mln)
4
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Mobile subscribers growth in Russia
19,28
42,3
49,6
0
10
20
30
40
50
mln
2003(January)
2004(March)
2004(June)
5
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Growth of registered computer crimes in Russia
1375
3320
6049
10920
7141
0
2000
4000
6000
8000
10000
12000
2000 2001 2002 2003 2004(1-st half)
6
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
10%15%
33%
24%
18%
Business espionage
Tapping telephone conversations
Gaining secret information
Copying software
Illegal access to databases
*According to the main information center of the Ministry of Internal Affairs
Targets of computer crimes
7
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
45%
15%
14%
11%2% 3% 5%
Virus attacksDDoS attacksInterception to the system outsideUnauthorized access from withinCommercial information theftFinancial fraudIntegrity violation of data and/or networks
*According to the main information center of the Ministry of Internal Defense
Types of computer crimes
8
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
AGENDA
o Infocommunication development and growth of cyber crime
o Information security infrastructure in Russia
o Russian information security projects
9
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
o Communication operators
o Developers
o Public authorities
o Associations
Security infrastructure
10
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Communication operators
o Organization of warnings of information security incidents
o Supporting personal database records
o Cooperation with clients in case of incidents
o Cooperation with public authorities
11
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Developers
o Development of security infrastructure
o Monitoring of modern trends
o Providing attractive financial schemes
o Assistance in education
12
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
NUMBER of VB100% AWARDS since November 2001 till August
2004Product Country Number of
awards
1. Eset NOD32 Slovakia 13
2. Sophos Anti-Virus UK 12
3. Computer Associates Vet US 11
4. Symantec AntiVirus US 11
5. DialogueScience Dr.Web Russia 10
6. Kaspersky AntiVirus Russia 10
7. Trend Micro PC-Cillin Taiwan 10
8. McAfee (NAI) VirusScan US 9
9. Norman AntiVirus Sweden 9
10.
VirusBuster Hungary 9
13
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Public authorities
o Work out requirements for information security
o Manage of the work of providing information security
o Support educational activity
o Facilitate international cooperation
14
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
International cooperation
o In compliance with the UN General Assembly Resolution № 58/32 of December 8, 2003 Federal Expert Group was organized on international information security (Russian representative is a Chairman of the Group)
o The Group includes representatives of 15 countries: Great Britain, China, Russia, France, Belarus, Brazil, Germany, India, Jordan, Malaysia, Mali, Mexico, South Korea and the Republic of South Africa
15
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
International cooperation
o On the Summit of ministers of justice and internal affairs of the G-8 Countries (May 2004) a joint communiqué was adopted approving prepared materials and initiatives, including:
- widening of practice of investigations using information and communication technologies - distribution of the best practice of security infrastructure
16
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
International cooperation
o A special work group of Regional Commonwealth in the field of Communications was created (June 2004) for providing information security of the interconnected communication systems of the CIS (Commonwealth of Independent States) This group includes representatives of Azerbaijan, Armenia, Kazakhstan, Russia, Ukraine, Uzbekistan
17
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Russian Association of Networks and Services (RANS) is a public and governmental organization
RANS is developing normative and legal documents in the area of implementation and utilization of information and telecommunication technologies and information security
Associations
18
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
МВД России
RANS members
In total 122 members
ЦНИИС НИИР ФСБ России ИГП РАН
19
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
AGENDA
o Infocommunication development and growth of cyber crime
o Information security infrastructure in Russia
o Russian information security projects
20
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Russian information security projects
o Memorandum of prevention of the viruses and spam distribution
o Comparative analysis of information security legislation in different countries
o Information security framework for public network
o Standardization processes watchingAll these projects are developed on the instruction of the Ministry for information technologies and communication of the Russian Federation
All working reports are published on www.rans.ru
21
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Memorandum of prevention of the viruses and spam
distribution
The Memorandum has been worked out with the participation of both governmental institutions and commercial companies
o
The Memorandum intends to accumulate efforts of all those interested in setting up a powerful barrier on the way of propagation of harmful programs and spam
o
22
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Virus infected messages detected
M o n th s, Se p t'0 3 to Se p t'0 4
0
10
20
30
40
50
Infe
cte
d m
ess
ag
es,
%%
Virus infected m essages detected
Virus detection and filtering in incoming mail at Yandex.mail, Sept’03 through Sept’04
23
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Spam messages detected and filtered out
M o n th s, Se p t'0 3 to Se p t'0 4
0
20
40
60
80
100
SP
AM
me
ssa
ge
s, %
%
S pam m essages detected and filte red out
24
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
SPAM and virus filtering software on Russian market
Spam and virus filtering software is used to check incoming e-mail at:o major free public web-mail serviceso large corporationso private computers
25
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Memorandum of prevention of the viruses and spam
distribution
Perfection of the normative basis
Educational activities
Developing hardware and software environment
Defining tasks for system and communication operators, hardware vendors, and public authorities
Working out the security policies
Main goals:
o
o
o
o
o
26
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Main results:
Security profile “Means of prevention unauthorized mail”
Security profile “Antiviral security infrastructure”
Draft legal and normative act “Computer viruses. Basic terms and definitions”
Memorandum of prevention of the viruses and spam
distribution
o
o
o
27
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Main results:
Draft law of counteraction to spreading SPAM
Educational program for further training of information security specialists
Training manual «Information resources security against virus threats and spam»
Memorandum of prevention to the viruses and spam
distribution
o
o
o
28
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Comparative analysis of information security legislation
in different countries
Main results:o It is essential to organize a mutual work
of technologists and lawyers for harmonizing the fast changing language of technologies and conservative language of law
o It is necessary to provide an information security public management
29
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Information security of public network is a balance between customers’, operators’ and public authorities’ security in the information sphere of the network
Information sphere is a totality of information, information infrastructure, entities which provide information collection, formation, dissemination and use, and also a system of regulating of the relationships brought about by the network use
o
o
Information security framework of public network
30
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Draft normative and legal acts are being worked out on terms and definitions and on basic information security level
The basic information security level includes: - procedures for monitoring and discovering - taking adequate countermeasures
o
o
Information security framework of public network
31
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Standardization process watching
o Research of standardization processes with relation to their business application is an important element of working out recommendations for open systems’ procurement
32
ITU-T
ITU-T Cybersecurity Symposium - Florianópolis, Brazil, 4 October 2004
Thank you!
Arkadiy Kremer
Russian Association of Networks and Services
Chairman of the Executive Committee
[email protected]://www.rans.ru