Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Cert adli wahid_iisf2011
1. Ministry of Science,
Technology and Innovation
Computer Emergency Response Team
Co-ordination Centre (CERT/CC)
Adli Wahid
VP Cyber Security Response Service and Head of
Malaysia CERT
CyberSecurity Malaysia
E: adli@cybersecurity.my T: adliwahid
2. Agenda
• Concepts
• The Case of a CERT/CC
• MyCERT Case Study
• Conclusion
3. Incident Response and Handling
• Incident Response is all of the technical
components required in order to analyze and
contain an incident.
– Required skills i.e. networking and log analysis,
computer forensics, malware reverse engineering
• Incident Handling is the logistics,
communications, coordination, and planning
functions needed in order to resolve an
incident in a calm and efficient manner
– Goals: protect and restore
4. Objectives of Incident Handling
1. To mitigate or reduce risks associated to an
incident
2. To respond to all incidents and suspected
incidents based on pre-determined process
3. Provide unbiased investigations on all
incidents
4. Establish a 24x7 hotline/contact – to enable
effective reporting of incidents.
5. Control and contain an incident
Affected systems return to normal operation
Recommend solutions
6. CERT/CSIRTs
• Components
– Constituency
– Mission
– Organization
– Funding
– Services
– Policies and Procedures
• This requires a TEAM
7. CERTs/CSIRTs Services
Reac,ve
Proac,ve
1. Incident
Response
and
Handling
1. Watch
and
Warn
/
Threat
2. Advisories
Monitoring
2. Research
and
Development
3. Training
and
Outreach/Awareness
4. Cyber
Security
Crisis
9. Good vs Evil
Law
Sys
Bot
Enforcem Criminals
Admins
Herders
ent
VS
Providers
CSIRTs
Spammers
Phishers
10. Motivation of a National CSIRT
• Point of contact of incidents reporting
– National (Trusted) PoC for Internal & External
reporting
– Incident co-ordination (with LEs, Other CERTs/
CSIRTs
– Collaboration & Intel Exchanged
• Situational Awareness
• Improving laws and regulations
• Provide assistance to Internet users
• Protection of Critical Infrastructure
11. Different types of Incidents
• The ‘Usual’ Stuff
– Malware
– Denial of Service
– Online Fraud/Scams
– Identity Theft
• Cyber Crisis
– Anonymous Attack
– APT / Targetted Attacks
– Global Outbreaks
12. Handling Local Banks Phishing
Incidents
• Things to do
– Prevent people from visiting phishing site
• Remove Block
– Recover stolen credentials
• Email account
• Database
– Assist Victim to make reports
– Co-ordinate with Bank and Law Enforcement
– Detect Phishing sites faster
• Do It yourself or Get others to feed you
13. Issues & Challenges
• Mandate & Constituencies
– Who should ‘report’ to ‘who’
– Who should handle what
• End-to-End Resolution
– I have reported the incident, can we catch
the bad guy? Can I have my money back
– One stop centre
15. Incident
Malware
Co-‐
Handling
/
Research
ordinaNon
Cyber999
Centre
Centre
16. • MyCERT was established in 1997, deals
mostly with technical teams, CSIRTs, LEs
• Cyber999 launched in 2008, allows the all to
report to MyCERT
• A lot of incidents were affecting the Internet
Users at large
– Phishing, Malware (botnets), Online Fraud,
Harassment
• Cyber999 Provides a one stop centre for
incidents reporting
18. • Launched in 2009
• Previously a ‘watch and warn’ or ‘early
warning function’
• Specializes in malware analysis / tracking
• Activities
– Operates the distributed honeynet project
– Produce tools / services
– Execute the national cyber security exercise
– Issues advisories and alerts , special reports
19. Tools from our Lab
DNSWatch
MYPHPIPS
hOp://www.mycert.org.my/en/resources/security_tools/main/main/detail/768/index.html
20. National Cyber Crisis Exercise
(X-Maya)
• Led by the National Security Council since
2008
• Improve readiness and situational
awareness among CNII agencies
– National Threat Level
– Reporting structure in a crisis
• CyberSecurity Malaysia / MyCERT provide
simulation of the cyber security incidents
for the players
21. Conclusion
• Central co-ordination point is critical
• Help drives other national level initiatives i.e.
awareness, training, critical infrastructure
protection, certification programmes
• Working together is the best way forward