2004 I identified that Ireland had no CERT. I felt that this was a major weakness in our security infrastructure at both an economic and national security point of view. In 2004 I took the decision to pursue the reasons why we had no CERT and based on the responses determine if we needed one. If it was determined we should have one then outline a way forward for Ireland to have a CERT
ISSA & UCD “CyberCrime Survey 2006”98% of all Companies Impacted90% impacted by computer virus infection20% suffered losses > €100,00033% suffered losses > €50,00052% of incidents resulted in 10 man days to recover25% of incidents resulted in 50 man days to recover55% lost data as a direct result90% suffered loss in productivity12% of internal misuse resulted in criminal cases
I met with the various stakeholders;Department of Communications responsible for Internet securitySubsequent meetings withAn Garda Siochana (Irish Police)Chambers IrelandIrish Business and Employers Confederation Enterprise IrelandIrish Small & Medium Enterprises Association Internet Service Provider Association of Ireland Science Foundation IrelandHEAnet CERTCenter for Cybercrime Investigation - University College Dublin ISSA IrelandIrish Information Systems Security ForumThe SANS Institute EuropeENISA (the European Network and Information Security Agency )Numerous Organisations of Varying Sizes
I conducted a survey to elicit people’s requirements from a CERT.That information was invaluable to the project
Based on the feedback I got and the results of the survey the resounding response is that Ireland did need a CERT.Centre for Cybercrime in UCD were willing to host the CERTI developed a business plan which was presented to the Dept outlining the research, the reasons behind the recommendations and suggested costs. I felt my work here was done and now a CERT would certainly happen.However, nothing happened. Despite numerous calls and emails progress was very, very slow.
Until the summer of 2007 and the DDOS attacks on Estonia.Now the phone calls and emails were coming to me!!Concern in Irish government sources that Ireland could be impacted in a similar fashion.
But then progress ground back to its usual pace.I got very frustrated with what I saw as a lack of progress. This was capped off when a member of a CERT team in another country told me that within the CSIRT community it was felt that China was more responsive to cyber crime issues than Ireland.
So I set up IRISS.IRISS is a registered not for profit company. Business Day coverageContactable by email & web.Part Time Volunteer StaffIrish Focused Security Information
In the main has been very positiveBy membersBy PressOther CERTsSome telco providers have been very positive and responsive to working with us.Others not so cooperative.
Depending on FundingPromote services so more people are aware of us.Promote community involvement – online discussion forumsBlogTwitterConduct more research on Irish information security issuesExpand range of servicesBecome more involved in International CERT communityTF-CSIRTListedNow seeking accreditationFIRSTAnnual conference
Who are your key stakeholders?Internal to your organisations Senior Management IT Business ManagersExternal Clients Partners Vendors
Who will be your constituency?Internal users?By community type?By industry type?By geographical location?
Incident ResponseForensicsIncident Co-ordinationAlertingTraining & AwarenessMalware analysisVulnerability ManagementAuditingResearchBest PractisesProviding Guidelines
What will you need to make your CSIRT successful?LocationEquipmentCommunications Email? Phone? Fax? IM?StaffTrainingLegal expertiseDocumentationToolsAuthority and Autonomy Can you shut systems/networks down? If so what are the repercussions?
Secure EmailCall logging and incident tracking systemMonitoring toolsMalware handling toolsVulnerability managementForensics and investigative toolsProcesses and ProceduresTrainingCERT NetSA Security Suitehttp://tools.netsa.cert.org/Clearinghouse for Incident Handling Toolshttp://www.enisa.europa.eu/act/cert/support/chiht
StaffingHostingPremisesSoftware & HardwareTelecomsInsuranceLegal CounselTraining & ResearchTravel & Seminars
Run drills on staffDesktop exercisesSimulate incidentsTake part in national and international exercises
Be Easily AccessibleEnsure Staff Are Trained Properly.Remember Soft Skills are Essential !!Market the IRT and its ServicesCreate and Maintain RelationshipsLaw EnforcementOther CERTsLegal CounselGovernment Departments and AgenciesRepresentative Bodies
Be Easily AccessibleEnsure Staff Are Trained Properly.Remember Soft Skills are Essential !!Market the IRT and its ServicesCreate and Maintain RelationshipsLaw EnforcementOther CERTsLegal CounselGovernment Departments and AgenciesRepresentative Bodies
Remember - You Will be NeededLearn from MistakesHighlight the PositivesMeasure Your EffectivenessNumber of incidentsType of IncidentsCostsReducing over timeCommunicate RegularlyClients & Stakeholders
Patience is a VirtueFunding or Lack ofBe Aware of Vested InterestsThe CERT Community is Close KnitManagement IndifferenceYour Reputation Could be at Stake
I did not have the funds outlined in the original proposal. I needed a solution that;Was cost effective – remember I had no money could be tailored to suit the requirements of the communityWould provide support for a virtual teamCould get the services up and running quickly.Would support a community based approach