Event: Cyber resilience and the role of CSIRTs/ISAC in Capacity Building
1. 1
Cyber Resilience and role of CSIRTs/ISAC
in Capacity Building
Adli Wahid
Senior Internet Security Specialist, APNIC
adli@apnic.net
2. 2
The Security Eco-System
• Many Players
• (National) CSIRTs & ISACS is
important but can not do
everything
• Organisations and individuals
help strengthen overall security
• We need to work with others too
due to complex
interdependencies
– Routing, DNS , Cloud services,
ISPs, Software Vendors
3. 33
Challenges in becoming resilient
• Lack of awareness – what is the problem?
o Lack of urgency
• Lack of capabilities
o We don’t know how to do this
o Not able to apply threat intelligence into security controls
o Lack of resources (budget, people)
o Fundamental
https://unsplash.com/@adliwahid
4. 44
Increasing Preparedness
• Capacity Building
• Upskilling the community so that they can do security
& benefit from sharing by the community of CSIRTs/
• Do Security
o Perform Risk Assessment
o Apply security controls
• Challenges in Capacity Building
– Different skill sets required in the security team
(one person?)
– Security Foundation Knowledge
https://unsplash.com/@adliwahid
5. 55
Security Monitoring with Elasticsearch
(Logstash, Kibana, beats etc)
• Concepts
– Collect logs / system related information in central location
– Develop rules for observability
– Alerting via rules (detection)
– Useful for investigation
– Know what you own / have
– Fix other weaknesses – patches, backups, authentication, blind spots
• Tooling – open source or commercial
• Challenges
– Foundation
– Tooling – multiple tools, require integration and learning
• Not just Elasticsearch, Logstash & beats
– Skill set –
• Unix/System Administration (putting things together, maintenance, planning)
• Scripting / Programming for building workflow and querying APIs
• Data analysis
• Investigations
– Takes time to develop
• The Training is just the beginning!
APNIC Community Honeynet Project: Activities from AP Region June – December 2020
6. 66
Rethink Capacity Building
• Not just what but how
• Education & Capacity building for defenders,
everywhere
– Not just the ‘critical sectors’
• Role CSIRT/ISACs, of community to support, scale
and sustain
• Resources and activities
– https://blog.apnic.net
• Funding / Support for open source tools
• Congratulations to CSIRT.id from APNIC