Combating CyberCrime

Public Private Partnership

Mohamed Shihab

2

“No geographical borders, no boundaries and tremendous destructive

power”

Growing Cybersecurity Threats

• ICTs have become an integral part of information society. • ICT networks are regarded as basic national infrastructure.• ICTs are also exposing our societies to the threat of cyberattacks.• Vulnerability of national infrastructures increases as the use of ICTs

take root.• Cyber attacks on ICTs are borderless and can be launched from virtually

anywhere.• As global reliance on ICTs grows, so does vulnerability to attacks on

critical infrastructures through cyberspace.

3

Key Cybersecurity Challenges

Lack of adequate and interoperable national or regional legal frameworks

Lack of secure software and ICT-based applications Lack of appropriate national and global organizational structures to

deal with cyber incidents Lack of information security professionals and skills within

governments; lack of basic awareness among users Lack of international cooperation between industry experts, law

enforcements, regulators, academia & international organizations to address a global challenge

4

5Source : Symantec. http://uk.norton.com/content/en/uk/home_homeoffice/html/cybercrimereport/

6

No limitsCybercrime

The number of cyber threats are growingA combination of the “tools” can be a powerful “weapon”

7

Cost of War

$737 Million to $1.1 billion

$80 to $120 million

Cost of a stealth bomber?

Cost of a stealth fighter?

$1 to $2 millionCost of a cruise missile?

$300 to $50,000Cost of using cyber space as a weapon?

8

FACT FILECountry : CyberiaTerrain : Island, with beautiful beachesDensity : 3,064 /km2

Ethnic Groups : CyberiansOfficial Language : Binary, JAVA and C-------------------------------------------------------------------Country is well known for tourism and trading. Houses one of the most prominent harbour in the world. One of the finest technology driven countries in the world with state of the art infrastructure.

A Case StudyCyberia

9

One fine day............

DdOSHarbour Server Down

Internet Congested

Air traffic controller not responding

???

10

Panic Starts.......

Status

We cannot contain the

attack

All attacks from

overseas

We do not have diplomatic ties

Stock market is crashing... It’s havoc

outside

Where is the actual attacker?

11

48hrs later.......

In the future all wars will be preceded by:• Chaos• Panic• Disinformation• Disruption of services

12

EstoniaLiving Examples

Wave 1: Government SPAM Cyber Vandalism

Wave 2: Servers Government SPAM

Wave 3: Banks Education Wave 2 ctd..

Wave 4: ISP Media Banks Wave 3 ctd..

13

GeorgiaLiving Examples

Stage 1: Bot Harvesting

Wave 1: Government / Media

Stage 2: Training / Recruiting

Wave 2: Financial Institutions Business Establishments Educational Institutions Government / Media

Stage 3: Continued Attack

Wave 3: Networks SCADA SPAM Wave 2 ctd..

Stage 4: Physical Attack

14

WE HAVE PROBLEMS

Cross Border Crime Lack of Knowledge

Lack of Resources No Direction

New Problems

Management Challenges

Delays in Response

No legal framework

Organisations working in silos

Crimes have become organised

Need proactive solutionsCapital intensive solutions

No emergency telephone numbers

Lack of international collaborationNeed better early warning system Addressing different type of attacks

The suspect is in another country. What do I do?

I wish somebody had foreseen that this was

coming

I wonder if it is possible to have more intelligence

on this situation

How can I notify this threat to others?

I need more data for my research! I wonder if somebody else is working

on the same thing

Click icon to add picture

Click icon to add picture

Cybercrime vs Conventional Crime

16

Crime Comparison

- Nearly all crimes were local- Evidence never far from the crime

scene- Language and communication

restrictions- Not internationally co-ordinated- Often isolated to a region

Internet crimes span multiple jurisdictions Organised Ever-evolving and complex Evidence across borders No proper cyber laws It is not targetted on a specific individual

alone anymore. Need not have specialised knowledge

Conventional Cyber

17

18

IMPACT

20

21

22

CIRT GRC Services Capacity Building 144 CountriesGlobal Response Centre Centre for Policy & International Cooperation Centre for Training & Skills DevelopmentCentre for Security Assurance & Research

A combined effort to tackle growing cybercrime

ITU-IMPACT

25

Working Together

Bridging the digital divide in cyber crime

UNODC

INTERPOL

Academia

Research

Private Org.

Government

At UN level if we try to avert cyberwar we can achieve:• Early mediation• Build a global security council• Credible body• Trusted source of information• A reliable global body to express the problems

26

27

Taking a look at Cyberia again...

Provide Point of Contacts with different CountriesEstablish contact with ITU-IMPACT partners for instant remedyProvide heads up information on possible threatsCo-ordinate a collaborative effort to tackle the attackDevelop human capacity within CyberiaSetup Incident Response Team within Cyberia

28

Bridging the Resources

Cybersecurity services/expertise

Expertise Technology Skills Resources Experience

Think TanksAcademiaInternational OrganisationsIndustry Experts

193 Countries UN Agencies

ITU-IMPACT’s Global Alliances

4 Pillars of IMPACT

30

Global Response Centre• Network Early Warning System

(NEWS) Cyber threat reference centre

Aggregation of cyber threats across the globe

Collaboration with global industry partners

• Electronically Secure Collaborative Application Platform for Experts (ESCAPE) Key experts and personnel from

partner countries (law enforcement, regulators, country focal, cybersecurity experts, etc)

Facilitate & coordinate with partner countries during cyber attack

31

Centre for Security Assurance & Research

• Security Assurance:

• IMPACT Government Security Scorecard (IGSS)

• CIRT-Lite (Computer Incident Response Team)

• Professional services (vulnerability assessment, security audits, etc)

• Research:

• Facilitation & coordination of cybersecurity research

• Bringing together the research community and the industry

32

Workshops & CIRT DeploymentObjectives:

- To assist partner countries’ assessment of its readiness to implement a National

CIRT. - IMPACT reports on key issues and analysis, recommending a phased

implementation plan for National CIRT.

- In later stages the national CIRT will also be provided with enabling tools.

- Conducted workshops for 33 countries globallyNo.

Partner Countries Assessment Status

1 Afghanistan Completed in October 2009

2 Uganda, Tanzania, Kenya & Zambia Completed in April 2010

3 Nigeria, Burkina Faso, Ghana, Mali, Senegal & Ivory Coast Completed in May 2010

4 Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010

5 Serbia, Montenegro, Bosnia & Albania Completed in November 2010

6 Cameroon, Chad, Gabon, Congo & Sudan Completed in December 2010

7 Senegal, Gambia, Togo, Niger Completed in November 2011

8 Lao P.D.R Completed in November 2011

9Cambodia, Myanmar, Vietnam (Assessment for CMV national CIRTs)

Completed in October and November 2011

10 Armenia Completed in November 2011

11 South America and Arab region 2012

33

CIRT Deployment

CIRT Lite for National deployment Regional CIRT deployment

34

Cybersecurity Assessment

ITU-IMPACT conducted cybersecurity assessment for Afghanistan : October 2009

Session conducted in Kabul, Afghanistan

35

Cybersecurity Assessment

ITU-IMPACT conducted cybersecurity assessment for East Africa (Kenya, Tanzania, Uganda and Zambia) : 26th – 29th April 2010

Session conducted in Kampala, Uganda

36

Cybersecurity Assessment

ITU-IMPACT conducted cybersecurity assessment for West Africa (Burkina Faso, Côte d'Ivoire, Ghana, Nigeria, Mali and Senegal) : 17th – 21st May 2010

Session conducted in Ouagadougou, Burkina Faso

37

Cybersecurity Assessment

ITU-IMPACT conducted cybersecurity assessment for Bhutan & Bangladesh : 1st – 11th June 2010

38

Cybersecurity Assessment

ITU-IMPACT conducted cybersecurity assessment for Nepal & Maldives: 14th – 25th June 2010

39

Cybersecurity Workshop /Assessment

40

Providing world class capability & capacity programmes

Centre for Training & Skills Development

• Specialised training programs

• IMPACT SecurityCore

• IMPACT Network Forensics

• IMPACT Forensics Investigation for Law Enforcement

• IMPACT Malware Analysis

• Scholarship - partnership with global certification body

• EC-Council (US$1 mil grant)

• SANS Institute (US$1 mil grant – completed)

• Global certification courses

• (ISC)2

• EC-Council

41

Training & Skills Development

Courses conducted for partner countries and in collaboration with IMPACT’s partners

42

Training & Skills DevelopmentIMPACT-Microsoft Network Forensics & Investigation Course: 6th – 9th April 2010 (Brunei)

Closed session for law enforcement agencies – 4 countries participated

43

Training & Skills DevelopmentIMPACT Network Forensics Course: 3rd – 7th May 2010 (IMPACT Global HQ)

Class conducted for 22 participants from 5 countries

44

Training & Skills DevelopmentIMPACT-SANS IPv6 Training: 26th May 2010 (IMPACT Global HQ)

Training conducted by Dr Johannes Ullrich (SANS Internet Storm Center) – 72 participants

45

Centre for Policy & International Cooperation

• Policy:

• Workshops and seminars

• Policy advisory & best practices

• e-Newsletter

• International cooperation:

• Partner country coordination

• Partnership, cooperation and collaboration with industry, academia, think tanks & international organisations

• Child Online Protection (COP)

IMPACT – ISRA Collaboration

46

GRC has been collaborating with ISRA (Information Security Research Association) since June 2012

ISRA provides IMPACT with regular feeds for the GRC Portals.

Feeds contain information regarding:

ISRA looks at the vulnerabilities in various government websites, attack plans and patterns from different countries around the world on voluntary basis.

ISRA teams verify those initial findings of insecure systems by checking the live systems and then upload this verified data to its database.

This information is then sent to IMPACT via email service on a weekly basis using excel files. GRC publishes this weekly information for its member countries so that they can patch and

secure the system before hackers exploit the systems and damage them.

Collaboration Interest for both sides:ISRA through this collaboration is looking for a safe and secure cyber space where they can report their vulnerability findings and IMPACT already had those platforms in the form of NEWS and ESCAPE with the target users in place.

47

Areas of Co-operationPartnership with Interpol

• Establishing key contact point in member states• Exchange of information• Capacity building programs for law enforcement officials• Consultation of key initiatives for the law enforcement agencies• Joint development efforts on enhancing forensic capabilities of

member states

48

IMPACT’s Partners

Industry

International Organisations

Academia(200+) Child Online ProtectionAlliance

49

Public/Private PartnershipAreas of Co-operation

• Access to key security industry players• Establishing key contact point in member states• Exchange of information• Capacity building programs for law enforcement officials• Establishing a framework for protecting children online• Jointly establishing a Centre of Excellence :

• Research on tools/technologies• Capacity building programs for Law enforcement officials from

other regions as well as international agencies• Implementation of best practices and solution sets in the field of

CyberSecurity for key agencies • Annual regional/international workshop for LEAs on CyberSecurity

IMPACTJalan IMPACT63000 CyberjayaMalaysia

T +60 (3) 8313 2020F +60 (3) 8319 2020E contactus@impact-alliance.orgimpact-alliance.org © Copyright 2011 IMPACT. All Rights Reserved.

Thank youwww.facebook.com/impactalliance