Public Private Partnership - Combating CyberCrime by Mohamed Shihab - Advisor (Technical) IMPACT at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html
2. Growing Cybersecurity Threats
“No geographical borders, no boundaries and tremendous destructive power”
• ICTs have become an integral part of information society.
• ICT networks are regarded as basic national infrastructure.
• ICTs are also exposing our societies to the threat of cyberattacks.
• Vulnerability of national infrastructures increases as the use of ICTs take root.
• Cyber attacks on ICTs are borderless and can be launched from virtually
anywhere.
• As global reliance on ICTs grows, so does vulnerability to attacks on critical
infrastructures through cyberspace.
2
3. Key Cybersecurity Challenges
Lack of adequate and interoperable national or regional legal frameworks
Lack of secure software and ICT-based applications
Lack of appropriate national and global organizational structures to deal with
cyber incidents
Lack of information security professionals and skills within governments; lack of
basic awareness among users
Lack of international cooperation between industry experts, law enforcements,
regulators, academia & international organizations to address a global challenge
3
7. Cost of War
Cost of a stealth bomber? $737 Million to $1.1 billion
Cost of a stealth fighter? $80 to $120 million
Cost of a cruise missile? $1 to $2 million
Cost of using cyber space as a weapon? $300 to $50,000
7
8. Cyberia
A Case Study
FACT FILE
Country : Cyberia
Terrain : Island, with beautiful beaches
Density : 3,064 /km2
Ethnic Groups : Cyberians
Official Language : Binary, JAVA and C
-------------------------------------------------------------------
Country is well known for tourism and trading. Houses
one of the most prominent harbour in the world. One of
the finest technology driven countries in the world with
state of the art infrastructure.
8
9. ???
Harbour DdOS
Server Down
Internet
Air traffic controller
Congested
not responding
One fine day............
9
10. We cannot
contain the
attack
Status
We do not have
diplomatic ties
All attacks
from
overseas Stock market is
Where is the actual crashing... It’s havoc
attacker? outside
Panic Starts.......
10
11. In the future all wars will be preceded by:
• Chaos
• Panic
• Disinformation
• Disruption of services
48hrs later.......
11
12. Living Examples
Estonia
Wave 4: ISP
Wave 1: Government Wave 2: Servers Wave 3: Banks Media
SPAM Government Education Banks
Cyber Vandalism SPAM Wave 2 ctd.. Wave 3 ctd..
12
13. Living Examples
Georgia
Stage 4: Physical Attack
Stage 1: Bot Harvesting Stage 2: Training / Recruiting Stage 3: Continued Attack
Wave 2: Financial Institutions Wave 3: Networks
Wave 1: Government / Media Business Establishments SCADA
Educational Institutions SPAM
Government / Media Wave 2 ctd..
13
14. Cross Border Crime Lack of Knowledge
Lack of Resources No Direction
No legal framework Management Challenges
New Problems
Capital intensive solutions
Need proactive solutions
No emergency telephone numbers
Organisations working in silos Delays in Response
Lack of international collaboration Crimes have become organised
Need better early warning system Addressing different type of attacks
I wonder if it is possible to How can I notify this
The suspect is in have more intelligence threat to others?
another country. What on this situation
do I do?
I wish somebody had I need more data for my research! I
foreseen that this was wonder if somebody else is working
coming on the same thing
14
16. Crime Comparison
Internet crimes span multiple jurisdictions
Nearly all crimes were local
Organised
Evidence never far from the crime
scene Ever-evolving and complex
Language and communication Evidence across borders
restrictions No proper cyber laws
Not internationally co-ordinated It is not targetted on a specific individual
Often isolated to a region alone anymore.
Need not have specialised knowledge
16
23. Global Response Centre
Centre for Policy & International Cooperation
CIRT GRC Services Capacity Building
Centre for Training & Skills Development
Centre for Security Assurance & Research
25. Working Together Academia
Research
UNODC
At UN level if we try to avert cyberwar we can achieve:
• Early mediation
• Build a global security council
• Credible body
• Trusted source of information
INTERPOL
• A reliable global body to express the problems Private Org.
Government
25
27. Provide Point of Contacts with different Countries
Establish contact with ITU-IMPACT partners for instant remedy
Provide heads up information on possible threats
Taking a look at Cyberia again...
Co-ordinate a collaborative effort to tackle the attack
Develop human capacity within Cyberia
27
Setup Incident Response Team within Cyberia
30. Global Response Centre
• Network Early Warning System
(NEWS)
Cyber threat reference centre
Aggregation of cyber threats across the
globe
Collaboration with global industry
partners
• Electronically Secure Collaborative
Application Platform for Experts
(ESCAPE)
Key experts and personnel from partner
countries (law enforcement, regulators,
country focal, cybersecurity experts,
etc)
Facilitate & coordinate with partner
countries during cyber attack
30
31. Centre for Security Assurance & Research
• Security Assurance:
• IMPACT Government Security
Scorecard (IGSS)
• CIRT-Lite (Computer Incident
Response Team)
• Professional services
(vulnerability assessment,
security audits, etc)
• Research:
• Facilitation & coordination of
cybersecurity research
• Bringing together the research
community and the industry
31
32. Workshops & CIRT Deployment
Objectives:
- To assist partner countries’ assessment of its readiness to implement a National CIRT.
- IMPACT reports on key issues and analysis, recommending a phased implementation plan
for National CIRT.
- In later stages the national CIRT will also be provided with enabling tools.
- Conducted workshops for 33 countries globally
No. Partner Countries Assessment Status
1 Afghanistan Completed in October 2009
2 Uganda, Tanzania, Kenya & Zambia Completed in April 2010
3 Nigeria, Burkina Faso, Ghana, Mali, Senegal & Ivory Coast Completed in May 2010
4 Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010
5 Serbia, Montenegro, Bosnia & Albania Completed in November 2010
6 Cameroon, Chad, Gabon, Congo & Sudan Completed in December 2010
7 Senegal, Gambia, Togo, Niger Completed in November 2011
8 Lao P.D.R Completed in November 2011
9 Cambodia, Myanmar, Vietnam (Assessment for CMV national CIRTs) Completed in October and November 2011
10 Armenia Completed in November 2011
11 South America and Arab region 2012
32
33. CIRT Deployment
CIRT Lite for National deployment Regional CIRT deployment
33
35. Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for East Africa (Kenya, Tanzania, Uganda and
Zambia) : 26th – 29th April 2010
Session conducted in Kampala, Uganda
35
36. Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for West Africa (Burkina Faso, Côte
d'Ivoire, Ghana, Nigeria, Mali and Senegal) : 17th – 21st May 2010
Session conducted in Ouagadougou, Burkina Faso
36
40. Centre for Training & Skills Development
Providing world class capability & capacity programmes
• Specialised training programs
• IMPACT SecurityCore
• IMPACT Network Forensics
• IMPACT Forensics Investigation for Law
Enforcement
• IMPACT Malware Analysis
• Scholarship - partnership with global
certification body
• EC-Council (US$1 mil grant)
• SANS Institute (US$1 mil grant –
completed)
• Global certification courses
• (ISC)2
• EC-Council
40
41. Training & Skills Development
Courses conducted for partner countries and in collaboration with IMPACT’s partners
41
42. Training & Skills Development
IMPACT-Microsoft Network Forensics & Investigation Course: 6th – 9th April 2010 (Brunei)
Closed session for law enforcement agencies – 4 countries participated
42
43. Training & Skills Development
IMPACT Network Forensics Course: 3rd – 7th May 2010 (IMPACT Global HQ)
Class conducted for 22 participants from 5 countries
43
44. Training & Skills Development
IMPACT-SANS IPv6 Training: 26th May 2010 (IMPACT Global HQ)
Training conducted by Dr Johannes Ullrich (SANS Internet Storm Center) – 72 participants
44
45. Centre for Policy & International
Cooperation
• Policy:
• Workshops and seminars
• Policy advisory & best practices
• e-Newsletter
• International cooperation:
• Partner country coordination
• Partnership, cooperation and
collaboration with industry,
academia, think tanks &
international organisations
• Child Online Protection (COP)
45
46. IMPACT – ISRA Collaboration
GRC has been collaborating with ISRA (Information Security Research Association) since June
2012
ISRA provides IMPACT with regular feeds for the GRC Portals.
Feeds contain information regarding:
ISRA looks at the vulnerabilities in various government websites, attack plans and patterns
from different countries around the world on voluntary basis.
ISRA teams verify those initial findings of insecure systems by checking the live systems and
then upload this verified data to its database.
This information is then sent to IMPACT via email service on a weekly basis using excel files.
GRC publishes this weekly information for its member countries so that they can patch and
secure the system before hackers exploit the systems and damage them.
Collaboration Interest for both sides:
ISRA through this collaboration is looking for a safe and secure cyber space where they can report
their vulnerability findings and IMPACT already had those platforms in the form of NEWS and
ESCAPE with the target users in place.
46
47. Partnership with Interpol
Areas of Co-operation
• Establishing key contact point in member states
• Exchange of information
• Capacity building programs for law enforcement officials
• Consultation of key initiatives for the law enforcement agencies
• Joint development efforts on enhancing forensic capabilities of member states
47
48. IMPACT’s Partners
International
Organisations
Academia
Alliance (200+) Child Online Protection
Industry
48
49. Areas of Co-operation
Public/Private Partnership
• Access to key security industry players
• Establishing key contact point in member states
• Exchange of information
• Capacity building programs for law enforcement officials
• Establishing a framework for protecting children online
• Jointly establishing a Centre of Excellence :
• Research on tools/technologies
• Capacity building programs for Law enforcement officials from other regions
as well as international agencies
• Implementation of best practices and solution sets in the field of
CyberSecurity for key agencies
• Annual regional/international workshop for LEAs on CyberSecurity
49
Hypothetical country comes under a massive DDOS attackCritical services go downMayhem ensues.Government tries to contain attackNo expertise found within the countryAll attacks originated from overseasNo diplomatic relations with countries hosting the source IPsAttack runs its due course – Damage done – Millions lost, Lost faith in government, general panicTakes months to rebuild – confidence, infrastructure etc.
IMPACT’s partners globally; Industry, International Organisations, Academia and COPIMPACT and INTERPOL is currently reviewing the MoU to be signed which will see a landmark agreement being inked very soon to have INTERPOL on board the ITU-IMPACT coalition and subsequently working with the law enforcement globally.