CNCERT Conference 2017: Capacity development in the Asia Pacific
•Als PPTX, PDF herunterladen•
1 gefällt mir•413 views
APNIC Security Specialist Adli Wahid presented on APNIC's security outreach and capacity development activities at the CNCERT Conference 2017 in Qingdao, China from 22 to 24 May 2017.
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Ähnlich wie CNCERT Conference 2017: Capacity development in the Asia Pacific
Ähnlich wie CNCERT Conference 2017: Capacity development in the Asia Pacific (20)
Mehr von APNIC
Mehr von APNIC (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
CNCERT Conference 2017: Capacity development in the Asia Pacific
- 1. Supporting Security Capability Development in the Asia Pacific Region 2nd CNCERT International Cooperation Forum & Qingdao FIRST-TC 2017 Adli Wahid Security Specialist
- 2. Agenda 1. Security development in the AP region 2. Share some of our work 3. Opportunities for collaboration 3
- 3. The AP Region • 56 Economies • Sub-regions • Different languages & culture • Infrastratucture 4
- 4. Cyber Security Asia Pacific Region • Economies are at different levels of maturity – Infrastructure – Awareness – Subject Matter Expert • Challenges – Access to Expertise (local or elsewhere) – Access to Information – Growth of Internet & Users 5
- 5. Security Snapshot of 2016 – 2017 • Establishment of new CERTs – Bhutan, Tonga & New Zealand • National Cyber Security Strategies announced & revised • Notable Incidents o Ransomware / Malware o DDoS – Mirai botnet, Amplification Attacks o Targeted Attack - SWIFT, Election related 6
- 6. History of Collaboration • APCERT Platform • Beyond security response support • Share experience, knowledge • Engagement beyond the CERT/CSIRT community 7
- 7. Capability Development & Engagement 8
- 8. Security Resilience 9 Security by Design Security in Deployment Security in Operation Security in Breach
- 9. Ecosystem 10 Network Operators / Service Providers Law Enforcement / Judiciary Policy Makers End Users / Consumers National CERTs/CSIRT s | Cyber Security Agency Hardware / Software Vendors
- 10. APNIC Security Approach • Multistakeholder • Activities o Awareness Raising / Outreach o Training / Technical Assistance o Mentorship • Collaboration o Community Honeynet Project o Many Regional and Global Partners o APCERT, FIRST, INTERPOL, APWG, JICA, KISA 11 http://www.apnic.net/roa
- 11. Initiatives 1. Multi-stakeholder Cyber Security Seminar 2. CERT/CSIRT Development 3. Training, Technical Assistance & E-learning 4. Community Honeynet Project 12
- 12. Highlights 13
- 13. APNIC Engagement Summary (2016) 14 1% 14% 9% 7% 5% 9% 9% 15% 31% APNIC Events Global Technical Coordination Regional Technical Development Intergovernmental Internet Governance Member Outreach NOG Security Training / Technical Assistance 18% 31% 12% 21% 18% South Asia South East Asia East Asia Oceania Global 186 Engagements in 2016
- 14. Security Outreach 15 • Security training and participation at 27 NOG and CERT events • Training and support for creation of new Tonga CERT • Exploring opportunities to support CSIRTs & LEAs in the Pacific Regions • FIRST Tech Colloquia with APRICOT 2016, SANOG 28, APNIC 42 • 62 security-tagged blog posts published Adli Wahid
- 15. Self-paced E-learning Course • APNIC Academy – https://academy.apnic.net • Introduction to Cyber Security o Collaboration with JICA o Self-paced learning - 5 Modules o Certification upon course completion • Launched at the End of March 2017 o 1000+ enrollments o 200+ completion 16
- 16. Linking Security Communities • Collaboration with FIRST.org & APCERT members to organise FIRST-TC at Network Operators Group (NOGs) meetings & APRICOT o Platform to share case studies, best practices & tools o Linking people together • FIRST Fellowship Program o Enabling teams from developing / least developed countries to join the community o Teams from FIRST.org : Mongolia, Bangladesh, Myanmar & Vietnam (2017) 17
- 17. Interpol & LEA communities • 2-day Internet Investigation Training – January 2017 @ Interpol Global Complex of Innovation (Singapore) – For ASEAN Internet LEA Officers • Focus – Internet Infrastructure Fundamentals – Internet Governance – Internet Abuse / Cyber Crime – Practical Exercises – Collaboration with regional & international stakeholders 18
- 18. CERT/CSIRT support • Japan International Cooperation Agency (JICA) – Training for CERTs/CSIRTs from Myanmar, Laos, Vietnam, Cambodia, Timor Leste – Hosted in Indonesia • Korea Information Security Agency (KISA) – Asia Pacific Information Security Conference – 5 day training for CERTs/CSIRTs from developing economies in Seoul • CSIRTs development in the Pacific Island 19 JICA Training KISA Training
- 19. Tonga o CERT Established in July 2016 o Supported by many organisations o CERT Australia – Study Visit o APWG – Cyber Safety Campaigns o ISIF – Funding for enhancements o APCERT members support o Team Cymru & ShadowSever Foundation 20 Training @ APNIC Feb/2017 TongaCERT Discussion May 2016
- 20. Bhutan • Multi-stakeholder Cyber Security Workshop • Organised by BtCIRT • Topics o Cyber Security Issues o Best Current Practices o How to collaboration • A few more planned this year (Laos, PNG and many more) 21
- 21. https://blog.apnic.net 22 • Inclusive source of APNIC community news and views – 352 posts including 80 guest posts in 2016 • Strong readership growth continues – monthly average unique views 16,560 in 2016 (9,741 in 2015) • Community submissions welcome!
- 22. Conclusion • 2017 – need to move faster & work smarter – CSIRT Development in Pacific Island Region • Let’s Collaborate o Outreach o Engage & strengthen the wider communities o Leverage on each other’s strength o Promote each other’s work 23 apnic.foundation
- 24. Thank you
Hinweis der Redaktion
- General awareness is needed; coordination required,
- These two pie charts provide an overview of APNIC’s face-to-face engagement activity around the region and the world The majority of APNIC’s work is in the region – 82% - with the majority of face-to-face activity being training related, followed by security engagements
- APNIC was extremely active in the security field in 2016. We know this is very important to Members, and that was confirmed in the APNIC Survey The knowledge and contacts developed by APNIC’s participation in the security community were brought back to share within the APNIC community – a great example is the hosting of FIRST TC meetings at APNIC conferences but also SANOG and a FIRST-supported training session at PACNOG 19 APNIC is proud to have played a role in helping Tonga establish CERT.to, and this has sparked interest from other Pacific Island states on developing their own security response capabilities To continue to boost APNIC’s security efforts, a second security specialist will be recruited this year
- I hope that we all know about the APNIC Blog by now. If not, it is well worth you making it one of your regular Internet news sites. These days it’s becoming a hub for community news and views, with great articles from people here in this community and further afield There’s normally 1-2 new stories each day on the blog, so please do check it out. Also - The number of guest posts from the community almost doubled last year, so thanks to all of you who have helped. And if you have an idea for a post that you think the community would like to read, get in touch with Tony, Robbie or Siena in the APNIC comms team. And I do want to thanks and congratulate that team for a real success here.
- Hopefully this report has given you a good snapshot of the year that was, but to stay in touch with what’s happening at APNIC and within the community, visit the blog or any one of APNIC’s social media accounts to learn more
- Thanks very much for your time and attention!