Transcript Document
CIRT - Computer Incident Response Team
NATIONAL CIRT OF MONTENEGRO
GOVERNMENT OF MONTENEGRO
MINISTRY FOR INFORMATION SOCIETY AND
TELECOMMINUCATIONS
Doc.Dr ADIS BALOTA, dipl.ing.el
DEPUTY MINISTER AND MANAGER OF CIRT TEAM
MINISTRY FOR INFORMATION SOCIETY AND TELECOMMINUCATIONS
CYBER SECURITY CHALLENGES OF THE 21ST
CENTURY
Protection of the critical national infrastructure
Rapid growth of the cyber attack, criminal and terrorism
Inefficient international corporation and legislation
Constant progress in complexity of cyber attack
Generally insufficient level of development of cyber security awareness and
cyber security culture
CYBER CRIME
Cyber Crime or E-crime, or HTC includes criminal activities in which computers and
other IT equipment and computer networks are subjects, tools, objects or scene of a
crime
Directed
against
networks
Directed
against
computers
Others
Cyber
terrorism
Spam
Computer
Crime
Cyber
wars
Frauds
Harassmen
t
Offensive
Content
EXAMPLES OF CYBER CRIME
Nigerian letter, fake massages
Fake web sites
Fishing – gathering of confidential
information's
Farming – redirection to fake web addresses
Scams – coping of credit cards
Piracy
Distribution of pornographic materials
NEW TYPES OF COMPUTER CRIME
New types of computer crime that have developed in the last 10 years:
Computer trespass (USA)
Cyber bullying
Cyber defamation
Economic and industrial espionage by means of computer technology
Murder on Internet
Internet harassment
Encouragement to a suicide by Internet
Internet wars (1st Internet war: East Timor-Indonesia; Web War One: Estonia 2007
2008 South Ossetia-Russia Internet war, 2010 China Telekom, 2010 Stuxnet worm)
Online predators
Organized crime
White-collar criminal
Virtualization
STATISTICS
55 % of personal PC is infected with spyware
7% of companies are using the latest version of service pack
of the Operating System
25 % computers are zombies
33 % companies allows Instant Messaging
52 % companies the network is the last line of defense
14 % users are reading spam and 4 % are buying the
advertised products (!)
21 % of span is pornography
20 % of users in Great Britain are buying spam products
SYMANTEC REPORT ON CYBERCRIME FOR 2012.
15%
110 billion € loss for 2012.
556 million victims in 2012. More than
the entire population of EU.
1,5 million victims every second
66 % of online adults have been the
victim of cybercrime in their lifetime
OTHER
42%
FRAUD
26% REPAIRS
THEFT OR LOSS
17%
LEGAL FRAMEWORK
Information Security Law of Montenegro
Administrative Agreement between Government
of Montenegro and ITU
Readiness Assessment Report
“National CIRT Project” Documentation
User Requirement Specification
CIRT Policies
Detailed study on Government Agencies roles against cyber criminal
Cooperation Protocols
ESTABLISHMENT OF CIRT.ME
• Member of project “establishment the national CIRT.ME:
Government of Montenegro – Ministry for Information Society
and Telecommunications
ITU – International Telecommunication Union
IMPACT –International Multirate Partnership
against cyber threats
The prerequisite for establishment of the National CIRT of Montenegro was
the administrative agreement signed between the Government of
Montenegro and the ITU on 29th of July 2011th .
SERVICES OF CIRT.ME
Prevention, treatment and elimination of consequences of computer security
incidents on the Internet and other information systems security risks:
Security alerts and warnings
User education, raising security awareness in the field of information
security
CIRT CONSTITUENCY
State agencies,
The state administration,
Local authorities,
Legal persons with public authorities,
Other private or legal persons who have access to or handle
data
ROLES AND RESPONSIBILITIES
National
Cybersecurity
Strategies /
Policies
Security
Assurance
International
Cooperation
Cyber
Forensics
Services
National
CIRTs can
Drive &
Promote
Cybersecurity
Research
National
Public Key
Infrastructure
(PKI) / Digital
Signature
Governance /
Legislations
Cybersecurity
Awareness
Training &
Education
Critical
Information
Infrastructure
Protection
TRAINING AND EDUCATION
• Two representatives attended “Developing and Implementing a CIRT Team” in
Malaysia.
• IMPACT experts held Incident Response training in Montenegro for 12
representatives from different Government Agencies
• Cybersecurity trainings in Japan
• EC-Council (CEH) vouchers for CIRT members
• Regional Forum on Cyber security for
Europe (Bulgaria)
IMPLEMENTATION
-
Implementation stage started in February 2012
-
Publishing of www.cirt.me website and RTIR ticketing system, April 2012
THE POSITION OF NATIONAL CIRT
ANS
Prime
Minister
Ministry of
Defense
Ministry of
Internal Affairs
ISP
Mobile
Operators
MIST
Police
Department
Banks
National
CIRT
Ministry of
Justice
Post office of
Montenegro
National Security
EPCG
Authority
Other
Institutions
Other
Departments
ITU/IMPACT
ENISA
FIRST
TRUSTED
INTRODUCER
NATIONAL
CERT/CIRT TEAMS
COOPERATION WITH GOVERNMENT
AGENCIES
National CIRT has started the process of establishing local CIRT teams in
Montenegro.
National CIRT will develop special relations with key Government Institutions
recognized in the cyber security field:
Ministry of Defense,
Ministry of Internal Affairs,
Ministry of Justice,
National Security Agency
Directorate for the Protection of Classified Information
etc
COOPERATION WITH PRIVATE SECTOR
In order for the CIRT to fulfill it’s duties, it’s very important to develop and
maintain good relations with the Private sector.
Key Institutions:
ISP,
Mobile Operators,
Banking Sector,
Electric Power Industry,
Montenegro Post office
Other institutions
INTERNATIONAL COOPERATION
Some of the key international organizations which are relevant in the cyber
security field:
•
•
•
•
•
•
ITU
IMPACT
ENISA
TRUSTED Introducer
FIRST
CERT/CIRT Networks
INTERNATIONAL CORPORATION CONT.
Full membership in FIRST since February 2013. godine
Regional Corporation: Slovenian SI-CERT i Croatian Carnet CERT
Terena, Trusted Introduces, CIRT.ME listed
The advantages of membership in international organizations:
-Assistance in resolving incidents
-Training
-Possibilities to use forensics capabilities
-Direct communications with CERT/CIRT teams around the world
-Access to security information database
EXAMPLES FROM THE FIELD – CIRT.ME
Attacks on web sites
Financial/bank frauds
Internet frauds
Theft of identity on the social networks
Sexual harassment in the cyber space
Farming – Banks from MN and India
Compromised IP addres from .me domain
Child pornography
CONCLUSION
Future activities:
Establishment of the National Council for Cyber Security
Constant upgrade of conditions for efficient CIRT functions
- Legislation
- Training
- Tools
- Secure the financial needs
Local and International Corporation
Kaspersky
NAV
Expand the quantity and quality of the service