Transcript Document
CIRT - Computer Incident Response Team NATIONAL CIRT OF MONTENEGRO GOVERNMENT OF MONTENEGRO MINISTRY FOR INFORMATION SOCIETY AND TELECOMMINUCATIONS Doc.Dr ADIS BALOTA, dipl.ing.el DEPUTY MINISTER AND MANAGER OF CIRT TEAM MINISTRY FOR INFORMATION SOCIETY AND TELECOMMINUCATIONS CYBER SECURITY CHALLENGES OF THE 21ST CENTURY Protection of the critical national infrastructure Rapid growth of the cyber attack, criminal and terrorism Inefficient international corporation and legislation Constant progress in complexity of cyber attack Generally insufficient level of development of cyber security awareness and cyber security culture CYBER CRIME Cyber Crime or E-crime, or HTC includes criminal activities in which computers and other IT equipment and computer networks are subjects, tools, objects or scene of a crime Directed against networks Directed against computers Others Cyber terrorism Spam Computer Crime Cyber wars Frauds Harassmen t Offensive Content EXAMPLES OF CYBER CRIME Nigerian letter, fake massages Fake web sites Fishing – gathering of confidential information's Farming – redirection to fake web addresses Scams – coping of credit cards Piracy Distribution of pornographic materials NEW TYPES OF COMPUTER CRIME New types of computer crime that have developed in the last 10 years: Computer trespass (USA) Cyber bullying Cyber defamation Economic and industrial espionage by means of computer technology Murder on Internet Internet harassment Encouragement to a suicide by Internet Internet wars (1st Internet war: East Timor-Indonesia; Web War One: Estonia 2007 2008 South Ossetia-Russia Internet war, 2010 China Telekom, 2010 Stuxnet worm) Online predators Organized crime White-collar criminal Virtualization STATISTICS 55 % of personal PC is infected with spyware 7% of companies are using the latest version of service pack of the Operating System 25 % computers are zombies 33 % companies allows Instant Messaging 52 % companies the network is the last line of defense 14 % users are reading spam and 4 % are buying the advertised products (!) 21 % of span is pornography 20 % of users in Great Britain are buying spam products SYMANTEC REPORT ON CYBERCRIME FOR 2012. 15% 110 billion € loss for 2012. 556 million victims in 2012. More than the entire population of EU. 1,5 million victims every second 66 % of online adults have been the victim of cybercrime in their lifetime OTHER 42% FRAUD 26% REPAIRS THEFT OR LOSS 17% LEGAL FRAMEWORK Information Security Law of Montenegro Administrative Agreement between Government of Montenegro and ITU Readiness Assessment Report “National CIRT Project” Documentation User Requirement Specification CIRT Policies Detailed study on Government Agencies roles against cyber criminal Cooperation Protocols ESTABLISHMENT OF CIRT.ME • Member of project “establishment the national CIRT.ME: Government of Montenegro – Ministry for Information Society and Telecommunications ITU – International Telecommunication Union IMPACT –International Multirate Partnership against cyber threats The prerequisite for establishment of the National CIRT of Montenegro was the administrative agreement signed between the Government of Montenegro and the ITU on 29th of July 2011th . SERVICES OF CIRT.ME Prevention, treatment and elimination of consequences of computer security incidents on the Internet and other information systems security risks: Security alerts and warnings User education, raising security awareness in the field of information security CIRT CONSTITUENCY State agencies, The state administration, Local authorities, Legal persons with public authorities, Other private or legal persons who have access to or handle data ROLES AND RESPONSIBILITIES National Cybersecurity Strategies / Policies Security Assurance International Cooperation Cyber Forensics Services National CIRTs can Drive & Promote Cybersecurity Research National Public Key Infrastructure (PKI) / Digital Signature Governance / Legislations Cybersecurity Awareness Training & Education Critical Information Infrastructure Protection TRAINING AND EDUCATION • Two representatives attended “Developing and Implementing a CIRT Team” in Malaysia. • IMPACT experts held Incident Response training in Montenegro for 12 representatives from different Government Agencies • Cybersecurity trainings in Japan • EC-Council (CEH) vouchers for CIRT members • Regional Forum on Cyber security for Europe (Bulgaria) IMPLEMENTATION - Implementation stage started in February 2012 - Publishing of www.cirt.me website and RTIR ticketing system, April 2012 THE POSITION OF NATIONAL CIRT ANS Prime Minister Ministry of Defense Ministry of Internal Affairs ISP Mobile Operators MIST Police Department Banks National CIRT Ministry of Justice Post office of Montenegro National Security EPCG Authority Other Institutions Other Departments ITU/IMPACT ENISA FIRST TRUSTED INTRODUCER NATIONAL CERT/CIRT TEAMS COOPERATION WITH GOVERNMENT AGENCIES National CIRT has started the process of establishing local CIRT teams in Montenegro. National CIRT will develop special relations with key Government Institutions recognized in the cyber security field: Ministry of Defense, Ministry of Internal Affairs, Ministry of Justice, National Security Agency Directorate for the Protection of Classified Information etc COOPERATION WITH PRIVATE SECTOR In order for the CIRT to fulfill it’s duties, it’s very important to develop and maintain good relations with the Private sector. Key Institutions: ISP, Mobile Operators, Banking Sector, Electric Power Industry, Montenegro Post office Other institutions INTERNATIONAL COOPERATION Some of the key international organizations which are relevant in the cyber security field: • • • • • • ITU IMPACT ENISA TRUSTED Introducer FIRST CERT/CIRT Networks INTERNATIONAL CORPORATION CONT. Full membership in FIRST since February 2013. godine Regional Corporation: Slovenian SI-CERT i Croatian Carnet CERT Terena, Trusted Introduces, CIRT.ME listed The advantages of membership in international organizations: -Assistance in resolving incidents -Training -Possibilities to use forensics capabilities -Direct communications with CERT/CIRT teams around the world -Access to security information database EXAMPLES FROM THE FIELD – CIRT.ME Attacks on web sites Financial/bank frauds Internet frauds Theft of identity on the social networks Sexual harassment in the cyber space Farming – Banks from MN and India Compromised IP addres from .me domain Child pornography CONCLUSION Future activities: Establishment of the National Council for Cyber Security Constant upgrade of conditions for efficient CIRT functions - Legislation - Training - Tools - Secure the financial needs Local and International Corporation Kaspersky NAV Expand the quantity and quality of the service