role of cert-gov-md and cooperation at national … · § provide awareness, education &...
Post on 31-Aug-2018
214 Views
Preview:
TRANSCRIPT
1. Introduction2. CERT-GOV-
MD: organization and operational capacities
3. CYBERSECURITY INCIDENTS: CHALLENGES, CURRENT SITUATION AND PAST ATTACKS
4. Future: Cybersecurity in moldova
5. CONCLUSIONS
AGENDA
Thereareonlytwotypesofcompanies:Thosethathave beenhacked,andthosethatwillbe.RobertMueller,FBIDirector,2012
CYBERTHREATSAREINTERCONNECTEDCYBERTHREATS2017
PETYA/NONPETYA/GOLDENEYE(JUNE2017)
WANNACRY(MAY2017)
SHADOWBROKERSLEAK
(APRIL2017)
SHADOWBROKERSLEAK
August2016§ Shadowbrokersgroupclaimedto
obtainNSAspytools.
April2017§ Themostsignificantleakofspy
exploits donebythegroup.
April’sleakledtothemostseriousconsequences.
WANNACRY
§ OnMay12astrainofransomwarecalledWannaCryspreadaroundtheworld.
§ TheransomwareusedleakedbyShadowsBrokersexploittoattackthetargets.
PETYA/NONPETYA/GOLDENEYE
§ AmonthorsoafterWannaCry,anotherwaveofransomwareinfectionsthatpartiallyleveragedShadowBrokersWindowsexploitshittargetsworldwide
§ Growingspacewithrapidexpansion
– Acrossallsectors:individuals,commerce,governments
– Growingpervasivenessineverythingwedo
§ Manythreats
§ CyberSecurityisanunclearconcept
– Considerableuncertainty,broadscope,andever-changingdimensions
– Cybersecuritydefinitionsvarywidelyandlacktrueconformity
WHYTHISMATTERSTOYOU
§ Cyberisachaoticandungovernedenvironment– Increasingtensionbetween
governments,individuals,privateenterprises,commence.
– Whatiscyberdefense?§ Earlystagesofcyberexpansion
– Technologicaladvancement– Fastandintensecompetition– Anuncertainfutureofthe
cyberdomain,theinternetandmore
When…
• IntheCyberworld,securitywasanafterthought• TheCyberworldlacksasinglecentralcyberarchitect• TheCyberworldisasystemofinsecuresystems• TheCyberworldisnotstaticbutconstantlyevolving• Innovationisconstant,andhighlyunpredictable
THECYBERSECURITYCHALLENGE…
WHOWEARE?
SUBORDINATIONHIERARCHY FACTS
2010 EstablishedbyGovernmentdecision№nr.746of18.08.2010
2013 ImplementedISO27001
2014 CERT-GOV-MDbecameaccreditedbyTrustedIntroducer
2016 FIRSTmembership
Securitydepartment
Government
Clients
StateChancellery
S.E.CenterofSpecialTelecommunications
CyberSecurityCenterCERT-GOV-MD
PublicAuthorities
Privatesector
§ Serve as a trusted point of contact§ Develop an infrastructure for coordinating response§ Develop a capability to support incident reporting§ Conduct incident, vulnerability & artifact analysis§ Participate in cyber watch functions§ Help organizations to develop their own incident management capabilities§ Provide language translation services§ Make security best practices & guidance available§ Provide awareness, education & trainings
Benefits of CERT-GOV-MD
THREATSThreatsinCyberspaceINFORMATION & ABUSE• Targetedgovernment
controlandinfluenceofcitizens
• Propaganda
• Consciouslycommunicatingfalseinformation
• Stateespionage
• Databreach
• Identitytheft
• Hackers
• Internetcrimes,encouragingsedition
• Terrorism
THREATSThreatsareBecomingMoreComplex
Cloudstorage
Mobiledatastorage
Supplychainisn’ttransparent
Tabletcomputer
Newtypesofviruseseveryday
Increasinglymorecomplexsoftwareprograms
Severalupdatesdaily
THREATS ARE
BECOMING MORE
COMPLEX
THREATS
DATA IN SECURE BUSINESS SYSTEMS§ Mainframesystems§ Internetworking§ Emergenceofopensystems
INTERNET ACCESS AND HIGHLY CONNECTED SYSTEMS§ Onlineaccesstocitizendata§ Advancesin
internetworking§ Citizenselfservice
ACCESS ANYWHERE & ANYTIME§ Integratedonlineeligibility
systems§ Bigdata§ Cloud§ Mobile
DATA EVERYWHERE; USER EXPERIENCE DRIVEN§ Wearabletechnology§ Internetofthings§ Smartdevices§ Drones§ Artificialintelligence§ Mobilepayment§ Etc.Low
BUSINESS IMPACT:§ Citizentrust
§ Costtoprotect
§ Legal/regulatory
§ Criticalinfrastructure
Now2000s 2010-20141990s
HighCyberterrorismInsecurecodes
Cybercrime
Identitytheft
HackersDatabreach
Networkattacks
Malware
Criticalinfrastructureattacks
Foreignstatesponsoredcyberespionage
Cyberwarfare
CYBERINCIDENTSINGOVERMENTALSECTOR
0%
10%
20%
30%
40%
50%
60%
70%
SPAM Networkattacks
Informationgathering
Botnets Intrusionattempts
INCIDENTSBYCATEGORY(2016)
2013
2014
2015
2016
60% 80% 100% 120%
NUMBEROFINCIDENTS
5636172
6570938
6285590
6644949
THREATS3882529unsolicitedemailsblockedasof2016
SPAM
Seemslegitimateandaresenttoanemail
account
Containsoftendangerouslinks(todownload)orinvoicesforallegedonlineorders
Manyemailaccountshavespamfiltering
Canalsobesentonsocialnetworksorapps
THREATS57575malwareblockedasof2016
ATTACKER VICTIMTROJANS & WORMS
Variousnewformsofmalwareappearontheinterneteveryday.
Nestundetectedincomputersystemsorcreepinduringdownloads
ARESENTVIAINFECTEDEMAILS
Cantransfersensitivedatasuchaspasswords,bankinginformation,personaldata
hacker
ATTACKER BOTNETS CONTROLERS
INFECTED TARGET
CanattacksallITsystems
Cansendinfectedanddangerous(spam)emails
Networksconsistingofseveralcomputers
Cansendinfectedanddangerous(spam)emails
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
hACKER
hACKER
THREATS3678Botnetsinfectionsdetected
BOTNETS CONTROLERS
TARGETINFECTED
Blockinternetservices
Arealsousedasadistractionwhilemalicioussoftwareis
beinginstalled
ATTACKER
ItpurposeistoInterruptwebserverswhichthencausesamassofdatapacketstobesenttotheserver
Networksconsistingofseveralcomputers
hACKER
hACKER
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
INFECTED
THREATS124575DistributedDenial-of-service(DOS)attacksstopped
SECURITYContinuousStepsofaSecurityManagementProcess
Technicalmeasures
Validation andimprovement
Riskanalysis
Policies,organizational measures
3
4
1
2Security Manageme
ntProcess
FUTURENewResearchProgramoftheGovernmentwithFourFocusAreas
Newencryptioncapabilitiesandsecuritymeasures
Securitymeasuresandsolutionsfornetworked
systems
Protectionofcriticalinfrastructuresand
networkedindustrialplants
Morecontrolovercitizens’personaldataonthe
Internet
PRIVACY & DATA
PROTECTION
APPLICATIONS
SECURE INFORMAT
ION & COMMUNICATIONS TECHNOLOGY (ICT) SYSTEMS
NEW HIGH-TECH
INFORMATION
TECHNOLOGIES
FOR MORE SAFETY
CONCLUSION
Cyber security is a global problem that has to be addressed globally by all governments jointly;
No government can fight cybercrime or secure its cyberspace in isolation;
International cooperation is essential to securing cyberspace;
It is not a technology problem that can be ‘solved’; it is a risk to be managed by a combination of defensive technology.
top related