Upload
c0c0n-international-cyber-security-and-policing-conference
View
584
Download
5
Tags:
Embed Size (px)
DESCRIPTION
Public Private Partnership - Combating CyberCrime by Mohamed Shihab - Advisor (Technical) IMPACT at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
Citation preview
Combating CyberCrime
Public Private Partnership
Mohamed Shihab
2
“No geographical borders, no boundaries and tremendous destructive
power”
Growing Cybersecurity Threats
• ICTs have become an integral part of information society. • ICT networks are regarded as basic national infrastructure.• ICTs are also exposing our societies to the threat of cyberattacks.• Vulnerability of national infrastructures increases as the use of ICTs
take root.• Cyber attacks on ICTs are borderless and can be launched from virtually
anywhere.• As global reliance on ICTs grows, so does vulnerability to attacks on
critical infrastructures through cyberspace.
3
Key Cybersecurity Challenges
Lack of adequate and interoperable national or regional legal frameworks
Lack of secure software and ICT-based applications Lack of appropriate national and global organizational structures to
deal with cyber incidents Lack of information security professionals and skills within
governments; lack of basic awareness among users Lack of international cooperation between industry experts, law
enforcements, regulators, academia & international organizations to address a global challenge
4
5Source : Symantec. http://uk.norton.com/content/en/uk/home_homeoffice/html/cybercrimereport/
6
No limitsCybercrime
The number of cyber threats are growingA combination of the “tools” can be a powerful “weapon”
7
Cost of War
$737 Million to $1.1 billion
$80 to $120 million
Cost of a stealth bomber?
Cost of a stealth fighter?
$1 to $2 millionCost of a cruise missile?
$300 to $50,000Cost of using cyber space as a weapon?
8
FACT FILECountry : CyberiaTerrain : Island, with beautiful beachesDensity : 3,064 /km2
Ethnic Groups : CyberiansOfficial Language : Binary, JAVA and C-------------------------------------------------------------------Country is well known for tourism and trading. Houses one of the most prominent harbour in the world. One of the finest technology driven countries in the world with state of the art infrastructure.
A Case StudyCyberia
9
One fine day............
DdOSHarbour Server Down
Internet Congested
Air traffic controller not responding
???
10
Panic Starts.......
Status
We cannot contain the
attack
All attacks from
overseas
We do not have diplomatic ties
Stock market is crashing... It’s havoc
outside
Where is the actual attacker?
11
48hrs later.......
In the future all wars will be preceded by:• Chaos• Panic• Disinformation• Disruption of services
12
EstoniaLiving Examples
Wave 1: Government SPAM Cyber Vandalism
Wave 2: Servers Government SPAM
Wave 3: Banks Education Wave 2 ctd..
Wave 4: ISP Media Banks Wave 3 ctd..
13
GeorgiaLiving Examples
Stage 1: Bot Harvesting
Wave 1: Government / Media
Stage 2: Training / Recruiting
Wave 2: Financial Institutions Business Establishments Educational Institutions Government / Media
Stage 3: Continued Attack
Wave 3: Networks SCADA SPAM Wave 2 ctd..
Stage 4: Physical Attack
14
WE HAVE PROBLEMS
Cross Border Crime Lack of Knowledge
Lack of Resources No Direction
New Problems
Management Challenges
Delays in Response
No legal framework
Organisations working in silos
Crimes have become organised
Need proactive solutionsCapital intensive solutions
No emergency telephone numbers
Lack of international collaborationNeed better early warning system Addressing different type of attacks
The suspect is in another country. What do I do?
I wish somebody had foreseen that this was
coming
I wonder if it is possible to have more intelligence
on this situation
How can I notify this threat to others?
I need more data for my research! I wonder if somebody else is working
on the same thing
Click icon to add picture
Click icon to add picture
Cybercrime vs Conventional Crime
16
Crime Comparison
- Nearly all crimes were local- Evidence never far from the crime
scene- Language and communication
restrictions- Not internationally co-ordinated- Often isolated to a region
Internet crimes span multiple jurisdictions Organised Ever-evolving and complex Evidence across borders No proper cyber laws It is not targetted on a specific individual
alone anymore. Need not have specialised knowledge
Conventional Cyber
17
18
IMPACT
20
21
22
CIRT GRC Services Capacity Building 144 CountriesGlobal Response Centre Centre for Policy & International Cooperation Centre for Training & Skills DevelopmentCentre for Security Assurance & Research
A combined effort to tackle growing cybercrime
ITU-IMPACT
25
Working Together
Bridging the digital divide in cyber crime
UNODC
INTERPOL
Academia
Research
Private Org.
Government
At UN level if we try to avert cyberwar we can achieve:• Early mediation• Build a global security council• Credible body• Trusted source of information• A reliable global body to express the problems
26
27
Taking a look at Cyberia again...
Provide Point of Contacts with different CountriesEstablish contact with ITU-IMPACT partners for instant remedyProvide heads up information on possible threatsCo-ordinate a collaborative effort to tackle the attackDevelop human capacity within CyberiaSetup Incident Response Team within Cyberia
28
Bridging the Resources
Cybersecurity services/expertise
Expertise Technology Skills Resources Experience
Think TanksAcademiaInternational OrganisationsIndustry Experts
193 Countries UN Agencies
ITU-IMPACT’s Global Alliances
4 Pillars of IMPACT
30
Global Response Centre• Network Early Warning System
(NEWS) Cyber threat reference centre
Aggregation of cyber threats across the globe
Collaboration with global industry partners
• Electronically Secure Collaborative Application Platform for Experts (ESCAPE) Key experts and personnel from
partner countries (law enforcement, regulators, country focal, cybersecurity experts, etc)
Facilitate & coordinate with partner countries during cyber attack
31
Centre for Security Assurance & Research
• Security Assurance:
• IMPACT Government Security Scorecard (IGSS)
• CIRT-Lite (Computer Incident Response Team)
• Professional services (vulnerability assessment, security audits, etc)
• Research:
• Facilitation & coordination of cybersecurity research
• Bringing together the research community and the industry
32
Workshops & CIRT DeploymentObjectives:
- To assist partner countries’ assessment of its readiness to implement a National
CIRT. - IMPACT reports on key issues and analysis, recommending a phased
implementation plan for National CIRT.
- In later stages the national CIRT will also be provided with enabling tools.
- Conducted workshops for 33 countries globallyNo.
Partner Countries Assessment Status
1 Afghanistan Completed in October 2009
2 Uganda, Tanzania, Kenya & Zambia Completed in April 2010
3 Nigeria, Burkina Faso, Ghana, Mali, Senegal & Ivory Coast Completed in May 2010
4 Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010
5 Serbia, Montenegro, Bosnia & Albania Completed in November 2010
6 Cameroon, Chad, Gabon, Congo & Sudan Completed in December 2010
7 Senegal, Gambia, Togo, Niger Completed in November 2011
8 Lao P.D.R Completed in November 2011
9Cambodia, Myanmar, Vietnam (Assessment for CMV national CIRTs)
Completed in October and November 2011
10 Armenia Completed in November 2011
11 South America and Arab region 2012
33
CIRT Deployment
CIRT Lite for National deployment Regional CIRT deployment
34
Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for Afghanistan : October 2009
Session conducted in Kabul, Afghanistan
35
Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for East Africa (Kenya, Tanzania, Uganda and Zambia) : 26th – 29th April 2010
Session conducted in Kampala, Uganda
36
Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for West Africa (Burkina Faso, Côte d'Ivoire, Ghana, Nigeria, Mali and Senegal) : 17th – 21st May 2010
Session conducted in Ouagadougou, Burkina Faso
37
Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for Bhutan & Bangladesh : 1st – 11th June 2010
38
Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for Nepal & Maldives: 14th – 25th June 2010
39
Cybersecurity Workshop /Assessment
40
Providing world class capability & capacity programmes
Centre for Training & Skills Development
• Specialised training programs
• IMPACT SecurityCore
• IMPACT Network Forensics
• IMPACT Forensics Investigation for Law Enforcement
• IMPACT Malware Analysis
• Scholarship - partnership with global certification body
• EC-Council (US$1 mil grant)
• SANS Institute (US$1 mil grant – completed)
• Global certification courses
• (ISC)2
• EC-Council
41
Training & Skills Development
Courses conducted for partner countries and in collaboration with IMPACT’s partners
42
Training & Skills DevelopmentIMPACT-Microsoft Network Forensics & Investigation Course: 6th – 9th April 2010 (Brunei)
Closed session for law enforcement agencies – 4 countries participated
43
Training & Skills DevelopmentIMPACT Network Forensics Course: 3rd – 7th May 2010 (IMPACT Global HQ)
Class conducted for 22 participants from 5 countries
44
Training & Skills DevelopmentIMPACT-SANS IPv6 Training: 26th May 2010 (IMPACT Global HQ)
Training conducted by Dr Johannes Ullrich (SANS Internet Storm Center) – 72 participants
45
Centre for Policy & International Cooperation
• Policy:
• Workshops and seminars
• Policy advisory & best practices
• e-Newsletter
• International cooperation:
• Partner country coordination
• Partnership, cooperation and collaboration with industry, academia, think tanks & international organisations
• Child Online Protection (COP)
IMPACT – ISRA Collaboration
46
GRC has been collaborating with ISRA (Information Security Research Association) since June 2012
ISRA provides IMPACT with regular feeds for the GRC Portals.
Feeds contain information regarding:
ISRA looks at the vulnerabilities in various government websites, attack plans and patterns from different countries around the world on voluntary basis.
ISRA teams verify those initial findings of insecure systems by checking the live systems and then upload this verified data to its database.
This information is then sent to IMPACT via email service on a weekly basis using excel files. GRC publishes this weekly information for its member countries so that they can patch and
secure the system before hackers exploit the systems and damage them.
Collaboration Interest for both sides:ISRA through this collaboration is looking for a safe and secure cyber space where they can report their vulnerability findings and IMPACT already had those platforms in the form of NEWS and ESCAPE with the target users in place.
47
Areas of Co-operationPartnership with Interpol
• Establishing key contact point in member states• Exchange of information• Capacity building programs for law enforcement officials• Consultation of key initiatives for the law enforcement agencies• Joint development efforts on enhancing forensic capabilities of
member states
48
IMPACT’s Partners
Industry
International Organisations
Academia(200+) Child Online ProtectionAlliance
49
Public/Private PartnershipAreas of Co-operation
• Access to key security industry players• Establishing key contact point in member states• Exchange of information• Capacity building programs for law enforcement officials• Establishing a framework for protecting children online• Jointly establishing a Centre of Excellence :
• Research on tools/technologies• Capacity building programs for Law enforcement officials from
other regions as well as international agencies• Implementation of best practices and solution sets in the field of
CyberSecurity for key agencies • Annual regional/international workshop for LEAs on CyberSecurity
IMPACTJalan IMPACT63000 CyberjayaMalaysia
T +60 (3) 8313 2020F +60 (3) 8319 2020E [email protected] © Copyright 2011 IMPACT. All Rights Reserved.
Thank youwww.facebook.com/impactalliance