CIRT Computer Incident Response Team NATIONAL CIRT OF
- Slides: 22
CIRT - Computer Incident Response Team NATIONAL CIRT OF MONTENEGRO GOVERNMENT OF MONTENEGRO MINISTRY FOR INFORMATION SOCIETY AND TELECOMMINUCATIONS Doc. Dr ADIS BALOTA, dipl. ing. el DEPUTY MINISTER AND MANAGER OF CIRT TEAM MINISTRY FOR INFORMATION SOCIETY AND TELECOMMINUCATIONS
CYBER SECURITY CHALLENGES OF THE 21 ST CENTURY q Protection of the critical national infrastructure q Rapid growth of the cyber attack, criminal and terrorism q Inefficient international corporation and legislation q Constant progress in complexity of cyber attack q Generally insufficient level of development of cyber security awareness and cyber security culture
CYBER CRIME q Cyber Crime or E-crime, or HTC includes criminal activities in which computers and other IT equipment and computer networks are subjects, tools, objects or scene of a crime Directed against networks Others Cyber terroris m Directed against computer s Spam Computer Crime Cyber wars Frauds Harassmen t Offensiv e Content
EXAMPLES OF CYBER CRIME q Nigerian letter, fake massages q Fake web sites q Fishing – gathering of confidential information's q Farming – redirection to fake web addresses q Scams – coping of credit cards q Piracy q Distribution of pornographic materials
NEW TYPES OF COMPUTER CRIME New types of computer crime that have developed in the last 10 years: Computer trespass (USA) q Cyber bullying q Cyber defamation q Economic and industrial espionage by means of computer technology q Murder on Internet q Internet harassment q Encouragement to a suicide by Internet q Internet wars (1 st Internet war: East Timor-Indonesia; Web War One: Estonia 2007 q 2008 South Ossetia-Russia Internet war, 2010 China Telekom, 2010 Stuxnet worm) q Online predators q Organized crime q White-collar criminal q Virtualization q
STATISTICS q 55 % of personal PC is infected with spyware q 7% of companies are using the latest version of service pack of the Operating System q 25 % computers are zombies q 33 % companies allows Instant Messaging q 52 % companies the network is the last line of defense q 14 % users are reading spam and 4 % are buying the advertised products (!) q 21 % of span is pornography q 20 % of users in Great Britain are buying spam products
SYMANTEC REPORT ON CYBERCRIME FOR 2012. 15% q 110 billion € loss for 2012. q 556 million victims in 2012. More than the entire population of EU. q 1, 5 million victims every second q 66 % of online adults have been the victim of cybercrime in their lifetime OTHE 42% FRAUD 26% REPAIRS THEFT OR LOSS 17%
Legal Framework Training & Education Hardware/Software Cooperation
LEGAL FRAMEWORK q Information Security Law of Montenegro q Administrative Agreement between Government q of Montenegro and ITU q Readiness Assessment Report q “National CIRT Project” Documentation q User Requirement Specification q CIRT Policies q Detailed study on Government Agencies roles against cyber criminal q Cooperation Protocols
ESTABLISHMENT OF CIRT. ME • Member of project “establishment the national CIRT. ME: q Government of Montenegro – Ministry for Information Society and Telecommunications q ITU – International Telecommunication Union q IMPACT –International Multirate Partnership against cyber threats q The prerequisite for establishment of the National CIRT of Montenegro was the administrative agreement signed between the Government of Montenegro and the ITU on 29 th of July 2011 th.
SERVICES OF CIRT. ME q Prevention, treatment and elimination of consequences of computer security incidents on the Internet and other information systems security risks: q Security alerts and warnings q User education, raising security awareness in the field of information security CIRT CONSTITUENCY q q q State agencies, The state administration, Local authorities, Legal persons with public authorities, Other private or legal persons who have access to or handle data
ROLES AND RESPONSIBILITIES National Cybersecurity Strategies / Policies Cyber Forensics Services Security Assurance International Cooperation National CIRTs can Drive & Promote Cybersecurity Research National Public Key Infrastructure (PKI) / Digital Signature Governance / Legislations Cybersecurity Awareness Training & Education Critical Information Infrastructure Protection
TRAINING AND EDUCATION • Two representatives attended “Developing and Implementing a CIRT Team” in Malaysia. • IMPACT experts held Incident Response training in Montenegro for 12 representatives from different Government Agencies • Cybersecurity trainings in Japan • EC-Council (CEH) vouchers for CIRT members • Regional Forum on Cyber security for Europe (Bulgaria)
IMPLEMENTATION - Implementation stage started in February 2012 - Publishing of www. cirt. me website and RTIR ticketing system, April 2012
THE POSITION OF NATIONAL CIRT ANS Prime Minister Ministry of Defense Ministry of Internal Affairs MIST Police Department National CIRT Ministry of Justice ISP Mobile Operator s Banks Post office of Montenegro National EPCG Security Authority Other Department s ITU/IMPACT Other Institution s ENISA FIRST TRUSTED INTRODUCE R NATIONAL CERT/CIRT TEAMS
COOPERATION WITH GOVERNMENT AGENCIES National CIRT has started the process of establishing local CIRT teams in Montenegro. National CIRT will develop special relations with key Government Institutions recognized in the cyber security field: q Ministry of Defense, q Ministry of Internal Affairs, q Ministry of Justice, q National Security Agency q Directorate for the Protection of Classified Information q etc
COOPERATION WITH PRIVATE SECTOR In order for the CIRT to fulfill it’s duties, it’s very important to develop and maintain good relations with the Private sector. Key Institutions: q. ISP, q. Mobile Operators, q. Banking Sector, q. Electric Power Industry, q. Montenegro Post office q. Other institutions
INTERNATIONAL COOPERATION Some of the key international organizations which are relevant in the cyber security field: • • • ITU IMPACT ENISA TRUSTED Introducer FIRST CERT/CIRT Networks
INTERNATIONAL CORPORATION CONT. q Full membership in FIRST since February 2013. godine q Regional Corporation: Slovenian SI-CERT i Croatian Carnet CERT q Terena, Trusted Introduces, CIRT. ME listed q The advantages of membership in international organizations: -Assistance in resolving incidents -Training -Possibilities to use forensics capabilities -Direct communications with CERT/CIRT teams around the world -Access to security information database
EXAMPLES FROM THE FIELD – CIRT. ME q q q q Attacks on web sites Financial/bank frauds Internet frauds Theft of identity on the social networks Sexual harassment in the cyber space Farming – Banks from MN and India Compromised IP addres from. me domain Child pornography
CONCLUSION Future activities: q Establishment of the National Council for Cyber Security q Constant upgrade of conditions for efficient CIRT functions q- Legislation q- Training q- Tools q- Secure the financial needs q Local and International Corporation q Kaspersky q NAV q Expand the quantity and quality of the service
National cirt
Cirt definition
Singapore computer emergency response team
Incident objectives that drive incident operations
Incident-response-technologies
Principles of incident response and disaster recovery
Ibm x-force incident response
Incident response technologies
Splunk vs wireshark
Odot incident response
Personal narrative incident response reflection
Incident response playbooks
Osquery
Gems estate management
Police organization and management
Principles of incident response and disaster recovery
Four stages of a major incident
Openioc format
Incident response trailer
Rsa witness
Uscg imat
Patient safety incident reporting form
Nifc sit report
