annual activity report - basquecybersecurity.eus · basque cybersecurity centre, faced with...
TRANSCRIPT
Annual Activity Report
2019
2019 Annual Activity Report
Index
Foreword
2019 in numbers
What is the BCSC?
Services
Awareness and training
Technical contents
Business support
Featured events
Media presence
3
4
5
7
8
12
15
16
21
2
The year 2019 was a great challenge that we, at the Basque Cybersecurity Centre, faced with optimism, ambition and eagerness. As a result of this work, the Basque Country is now a more known and internationally recognised territory, thanks to our coordinated activity with companies, technology centres, associations, public institutions and other organisations of interest.
Throughout 2019, we have continued to develop prevention capacities for the protection of the Basque Country against cyberthreats, we have implemented measures that allow us to evaluate and contribute to the improvement of the level of maturity in cyber security in the Basque industry, and the scope of the centre's services has increased significantly. As a result, we aim to enhance our contribution to create a more protected society and a business ecosystem that embraces cybersecurity not only as a means of protection, but as a competitive advantage. As examples of the impact of our activity, we have promoted 219 awareness conferences, and there has been an increase in the operation of the cyber range of the BDIH cybersecurity node, a leading infrastructure for the training of professionals, with the execution of several simulation exercises and training in defence and attack tactics.
Also, during 2019 we continued to promote collaboration and coordination with local agents. The aim is to create a national and international network that will contribute both to the protection of the Basque Country against cyberthreats and to the promotion of the Basque cybersecurity ecosystem in order to attract ideas, talent and investment. Since July, the Basque Cybersecurity Centre has been authorised by Carnegie Mellon to use the CERT (Computer Emergency Response Team) trademark. The most important activities were the beginning of talks to become part of the European partnership "Cyber Valleys Project" or the Programme of Grants for Industrial Cybersecurity that reached more than 200 companies, doubling the results of the 2018 edition.
It was, in short, a year full of activity that reached its peak on 20 November, when we held Basque Cybersecurity Day as one of the main contents of the Basque Industry 4.0 2019 event, which had more than 3,800 registered attendees and outstanding international participation. Other outstanding promotional events at important international fairs where we partnered with Basque cybersecurity companies and technology centres were the RSA Conference in San Francisco (USA, March) and the IT.SA in Nuremberg (Germany, October). Equally noteworthy are the outstanding participation in ECSO, where the Basque Country leads the European Regions before the European Commission, and the membership of the international alliance of Global Cybersecurity Ecosystems EPIC.
Looking ahead, 2019 was a year of reflection which, with the 2020 Digital Agenda in its final stage, has served us to develop a strategic plan that contemplates different alternative scenarios for the dynamisation and specialisation of cybersecurity-related activity in the Basque Country, both in the private sphere and from a government perspective. This plan will be our guide to reach 2025, positioning the Basque Country as a cyber-security hub for the industry and a reference in Europe. We will be taking the first steps towards this goal in 2020 and this new year will be filled with exciting projects.
Javier DiéguezDirector of the Basque Cybersecurity Centre
23
2019 Annual Activity Report
Communication and training actions in cybersecurity
After several months of reduced activity, a new EMOTET campaign began in September; it was particularly virulent and had a significant impact on both private and public bodies. In addition to generating the relevant alerts, the BCSC published a report with an action guide.
4
2019 in Numbers
Major incidents
253We've managed
incidents
Abusive content
1.13%
Fraud
57.7%
Intrusion
8.2%Information gathering
4.32%
Malware
20.8%
Information security
1.96%
Vulnerability
3.15%
Attempted intrusion
1.17%Unclassified
incidents
1.57%
Lectures given at professional events10
Training and awareness sessions219
Promotional events of the Basque cybersecurity ecosystem
9 281 Media appearances
2019 Annual Activity Report
5
The Basque Cybersecurity Centre is made up of
Economic Development and InfrastructuresSecurityPublic Governance and Self-GovernmentEducation
Basque Center for Applied MathematicsIkerlan
TecnaliaVicomtech
What is the BCSCThe Basque Cybersecurity Centre (BCSC) is the organisation designated by the
Basque Government to promote cybersecurity in the Basque Country.
Basque Government Departments Technology Centres
Our missionThe mission of the BCSC is to promote and develop a culture of cybersecurity among Basque society, to energise economic activity related to the application of cybersecurity and to strengthen the professional sector.
Our visionTo position the Basque Country
as an international reference in the application of cybersecurity
technologies to industry.
To be recognised as a meeting point between local cybersecurity providers and
demanders.
Leading public-private partnership initiatives at
both local and inter-regional levels.
Our values
Proximity Integrity Transparency Innovation Social commitment
2019 Annual Activity Report
6
At the international level, we are part of initiatives focused on:
At the state and local level, we align with:
The BCSC is part of major local, state and international cybersecurity forums and working groups, and coordinates
and collaborates with strategic cybersecurity actors at the global level.
BCSC's position in the internationalcybersecurity landscape
Providing a joint and coordinated response to cyber-threats.
Attracting investment and promoting the Basque cybersecurity ecosystem.
The Basque network of science, technology and
innovation.
Key public players in the Basque Government: EJIE,
Ertzaintza and Department of Education.
Relevant agents of the Basque public administration:
Izenpe, AVPD and public computer companies.
Professional, business and citizen associations operating
in the Basque Country.
Other public bodies whose work focuses on promoting and responding to cybersecurity incidents.
We are part of the CSIRT initiative.
www.csirt.es
The Task Force on Computer Security Incident Response
Teams
www.trusted-introducer.org
Forum of Incident Response and Security
Teams
www.first.org
Global Ecosystem of Ecosystems Partnership
in Innovation and Cybersecurity
www.globalepic.org
European Cyber Security Organisation
www.ecs-org.eu
2019 Annual Activity Report
Aid for industrial cybersecurityCybersecurity catalogue
Companies andbusiness groups
We support Basque companies and business groups so they can be more secure and use cybersecurity as a competitive advantage.
Public administration
We have services that help raise the level of cybersecurity in the public administration.
Awareness actions
Citizens
A more educated and informed citizenry is a more secure society.
Promoting talent in cybersecurity
Professionals ofcybersecurity
We support both the talent that wants to start their career in cyber securityand those professionals who need to continue updating their knowledge.
7
Services
CERT
We are a cybersecurity incident response team (CERT, Computer Emergency Response Team) and we offer
prevention and response services to cybersecurity incidents. We are authorised by Carnegie Mellon to use
the CERT mark.
Awareness
.EUS TLD Monitoring
Technical threat reports
Responsible vulnerability disclosure
Technical analysis of cyberthreats
Guides of best practice
Continuous website pentesting
Training
Monitoring of the Basque Country's IP address
Exchange of information on cyberthreats
Latest cybersecurity news
We want to achieve our objectives of promoting and developing a culture of cybersecurity among the Basque society,
to boost the economic activity related to the application of cybersecurity and to strengthen the professional sector.
The services of the BCSC are aimed at achieving a moresecure society and a stronger business fabric in terms of cybersecurity.
We are the meeting point for cybersecurity in the Basque Country.
Infographic
Exposure surface monitoring of public bodies
2019 Annual Activity Report
158sessions
held
Target audience 3.000people reached
Student bodyTeachers FamiliesOthers
36.36% 29.95% 26.74%
6.95%
Geographical distributionBizkaiaGipuzkoaAraba
62.30%24.87%12.83%
Cybersecurity in video games
Control and prevention of mobile phone abuse
Security and Internet
Secure shopping and Internet
Cyberbullying, gender-based cyberviolence and other forms
of violence on the Internet
Home and personal cyber security
Child awareness
Topics
Cybersecurity in the company
Cybersecurity for developers
People, the weakest link in cybersecurity
Cybersecurity in the company for managers
Cybersecurity SMEs. Is my company risk-free?
Cybersecurity in industry
8
Awareness raising for companies and business groups
Topics of the materials
Awareness and training
It is a reality that technology is advancing at a faster rate than society is capable of following, and therefore, it is essential
that citizens understand the risks of living in a hyper-connected and constantly evolving environment.
This leads to a high degree of exposure of our personal information and a latent need to protect ourselves.
Promoting a society that is safer from the threats arising fromthe use of the Internet and new technologies, and promoting the competitiveness
of the companies are two of the main objectives of the centre.
35 sessions held 1.017 people
reached
Geographical distributionBizkaia
GipuzkoaAraba
47%35%18%
2019 Annual Activity Report
Training
Workshop
9
Application and web services security audit
Network security audit
Industrial cybersecurity audit
Cybersecurity in Industrial Systems: Introduction to
Cybersecurity OT
Introduction to the world of net pivoting, learning how to jump
from one net to another
Secure application development
Security: malware analysis
Safety audit of industrial control systems
Security: ethical hacking, intrusion test and Red Team
Security: introduction to digital forensics
Conference
Computer fraud in our environment and how to avoid it
Security in the company: strengthening the weakest link
Best practices in cybersecurity
Enterprise security vs. Open Source
Intelligence (OSINT)
Blockchain, the technology that will transform your business (in ArabaTIC)
Self-Sovereign Identity, the transformation of digital identity and its impact on the business
world and administrations
Software testing: 1, 2, 3, testing testing (in ArabaTIC)
WorkshopConferenceTalk at EncounterCongress
161151
33 sessions held
2019 Annual Activity Report
10
Bizkaia Gipuzkoa
EntrepreneurshipThe BCSC is an active collaborator, helping companies that are starting out in cybersecurity to be informed and to
obtain all the resources at their disposal.
Bind 4.0
Araba
In the third edition of the Basque public-private startup acceleration program, within the cybersecurity sector, the startups chosen were:
JakinCode, which is developing three cyber security projects together with CIE Automotive, Euskaltel and the Elecnor Group.
OpenCloud Factory, two projects with Arcelor Mittal and the Elecnor Group.
Hdiv Security, which has worked with Euskaltel.
2019 Annual Activity Report
It is made up of 5 laboratories distributed in the 3 historical territories and connected to each other. The laboratories are used to encourage entrepreneurship and innovation, with a special focus on smart-grid, automotive, blockchain, product testing/certification projects, etc.
BDIHThe Basque Digital Innovation Hub is a connected network of advanced manufacturing assets and services. A place for training, research, testing and validation available to companies whose aim is to provide industrial enterprises, especially SMEs, with the technological capabilities needed to meet the challenges of industry 4.0.
Cyber Range
Cyber Security Node
One of the assets of the cybersecurity node of the Basque Digital Innovation Hub is the Cyber Range, located in the Alava Technology Park. This laboratory, connected to the other four laboratories of the node, is designed expressly for the training and continuous education of cybersecurity professionals, contributing equally to the training of new professionals in the sector.
11
State-of-the-art infrastructure
In order to be prepared for future challenges, it is necessary tohave tools to train companies and professionals in cybersecurity.
Collaborative environments that allow them to practice and learn constantly.
VicomtechSan Sebastián
Action area: Industry 4.0 and
Blockchain.
IkerlanArrasate
Action area: Product testing and certification, Industry 4.0 and
Blockchain.
Tecnalia PTA(Cyber Range)
GasteizAction area:Training and education.
GAECBilbao
Action area: Mathematical models and simulation.
TecnaliaZamudio
Action area: Smart-grid,
Automotive and Blockchain.
2019 Annual Activity Report
Best practices for cybersecurity diagnostics in industrial environmentsThe BCSC designed a guide to help industrial organisations identify the risks to which their facilities are exposed, identifying the weak points, as well as a proposal with possible actions that the organisation can take to raise its level of maturity in this area and be more protected.
requests62
12
Articles, guides, studies
Technical contents
Through a Technological Observatory process that contemplates the monitoring of different aspects related to the
cybersecurity field, we generate publications that help to make visible the current cyberthreats with a significant
impact.
By publishing up-to-date information, the BCSC is the organisationof reference in cybersecurity in the Basque Country.
EmotetIn September, a new campaign for the malware known as Emotet was identified after several months of reduced activity. The campaign was particularly aggressive in terms of the volume of emails spreading the threat, although it did not have a massive impact as the usual protection measures allow protection against it and requires user interaction to infect the systems.
BlueKeep VulnerabilityBluekeep is a critical vulnerability (CVE-2019-0708) discovered by the UK National Cyber Security Centre; it is present in all unpatched versions of Windows NT, Microsoft Windows from Windows 2000 to Windows Server 2008 R2 and Windows 7.
2019 Annual Activity Report
13
AlertsFalse Support ScamSecurity
Safety Notices
This type of scam consists of cybercriminals calling phone numbers, posing as members of a technical support team (usually from Microsoft) on the pretext of having identified some problem in the equipment belonging to the person they are contacting and requesting to install some tool to solve it. Once they install the tool, they encrypt the information and request a ransom in exchange for its return.
Published vulnerabilities by type:
Technicians
SCI
59.56%
40.44%
Taxonomy of cybersecurity solutionsThe proposed cybersecurity taxonomy establishes several levels, where we can mainly differentiate those corresponding to products and services. This classification allows us to know in detail the services and products that are currently on the cybersecurity market. Thus, the scope of the products and services allows to identify the main areas affected by each of them.
LockerGogaAttacks by ransomware affect citizens and companies massively, regardless of their sector of activity. A new family of ransomware, called LockerGoga, appeared earlier this year, affecting industrial and manufacturing companies, and with catastrophic consequences over the past few months.
New Variant of MIRAIMirai is a botnet designed to affect IOT devices such as routers, security cameras, DVRs and other devices, which typically use default credentials and older versions of Linux-based operating systems. This botnet became known worldwide in 2016 because of the massive DDoS attacks they carried out against certain entities such as the OVH hosting provider or the DynDNS provider, which directly affected the availability of services such as Twitter, Spotify, Netflix or PayPal, among others.
2019 Annual Activity Report
14
Enter our website and download all our infographics
Infographics
We have published 10 infographics with advice and guidelines for action, to raise the level of maturity in cybersecurity
for both users and companies in the Basque Country.
¿Qué es un ciberdelito?
¿En qué consisten las
estafas "sexting"?Estafa del falso soporte técnico
Verificación en dos pasos
Eliminar información de forma segura
10 Consejos para garantizar la
ciberseguridad de tu empresa
Phishing DLPUtilización de
la nube¿Cómo puedo
eliminar los datos personales que aparecen en los
resultados de los buscadores?
2019 Annual Activity Report
15
GrantsIn May 2019, the Basque Government, through the BCSC (SPRI Group), launched a new edition of the industrial cybersecurity aid programme with the aim of helping to raise the level of protection for industrial companies based in the Basque Country, and thus also contributing to making cybersecurity a competitive advantage for the companies.
Applications submitted
224Approved projects
219 Industrial companies benefited
207
112 Gipuzkoa72 Bizkaia 35 Araba
Aid from the Basque Government
Millions1,95 Millions4,45Private investment
Cybersecurity catalogue
Business support
We have developed different services in order to achieve the objectives of promoting and developing a culture of
cybersecurity among Basque society, boosting economic activity related to the application of cybersecurity and
strengthening the professional sector.
In the Basque Country, we have companies that specialise in cybersecurity and guarantee the highest quality standards.
White PaperThe BCSC has prepared a study that shows an analysis of the cybersecurity sector, including key aspects such as perspectives and opportunities for the sector and details of the current situation of the organisations dedicated to cybersecurity in the Basque Country.
The BCSC has launched a search engine on its website as a complement to the White Paper.
141 Companies87% Service providers13% Manufacturers
2019 Annual Activity Report
16
Talent support
Featured events
From the BCSC, we have organised and participated in various events in order to generate joint efforts between
different profiles and sectors in order to improve cybersecurity in the Basque Country.
International actions have been carried out to support cybersecurity companies with a Basque industrial orientation at an international level, as well as generating new joint efforts
that make the Basque Country a more cybersecure place.
EuskalhackIn its fourth edition, it brought together more than 180 professionals, who participated in presentations and workshops with an eminently technical focus. From the BCSC, we collaborate in a very interesting initiative called SECTF, whose aim was to identify the most common social engineering techniques used by cybercriminals as a basis for highlighting the importance of awareness in order to avoid becoming victims of this type of scam.
Euskal EncounterIn its 27th edition, Euskal Encounter became the meeting point for computer enthusiasts and professionals whose aim was to exchange knowledge and carry out all kinds of computer-related activities over several days. In this edition, cybersecurity was of particular importance and different activities were carried out in this field.
Araba EncounterThe sixth edition of this technological event held from 6 to 8 December at the Lakua Civic Centre was a complete success, exceeding by 50% the most optimistic expectations for participation. Within the Opengune space, conferences and workshops were offered free of charge to bring technology closer to all interested people.
2019 Annual Activity Report
17
Isaca On 10th May, the ISACA Roadshow Bilbao Congress was held at the Bizkaia Aretoa, the first edition of the ISACA roadshows to be organised in the Basque Country. The event was attended by the community of professionals from the north of the state related to information technology (IT) auditing, cybersecurity, technological risks and IT governance.
Participation in congresses in the Basque Country
Arabatic The third edition of ArabaTIC, an event organised by SPRI through its Enpresa Digitala initiative, held conferences related to digital technologies, especially in the field of cybersecurity and Industry 4.0.
Next Secure In its 21st edition, the event of reference in cybersecurity at a national level brought together a cast that included both private companies and public organisations, always with the aim of sharing the latest developments in information security technologies.
IV Private Security CongressThe Congress, which had the support and collaboration of the Basque Government, Ertzaintza, the magazine Cuadernos de Seguridad, PSI and SE, focused on regulatory, operational and technological aspects. Among them were security 4.0, the future and evolution of surveillance, security in the face of digitalisation processes or the new models of public-private collaboration.
2019 Annual Activity Report
The Basque CyberSecurity Centre and the Basque Government's General Secretariat for External Action held a working meeting in Madrid with representatives from embassies of various countries, to present the cybersecurity capabilities of the Basque Country's technological ecosystem.
CSIT 9th Annual World Cyber Security SummitThe BCSC, as part of a global alliance called Global EPIC, participated alongside industry leaders, government policymakers, and new businesses and SMEs around the world at this event to promote initiatives that contribute to a more secure digital society and help new global security-related businesses grow.
Euskadi-Basque Country, land of opportunities
18
International visibility
Massachusetts Institute of Technology (MIT)Javier Diéguez presented the innovative profile of the ten most active agents of the Basque Science, Technology and Innovation Network researching in cybersecurity to the MIT Cybersecurity researchers: Tecnalia, Vicomtech, Ikerlan, BCAM, DeustoTech, Mondragon Unibertsitatea, UPV-EHU, Ceit, Tecnun and Innovalia.
RSA ConferenceAt the event held in San Francisco (United States), the BCSC, together with Basque cybersecurity companies, organised a conference to give visibility to the potential of the Basque cybersecurity ecosystem. The Minister of Economic Development and Infrastructures, Arantxa Tapia, was present.
2019 Annual Activity Report
Hand in hand with the Basque Government, SPRI and BCSC, Basque organisations working in the field of cybersecurity attended the event held in Nuremberg (Germany), which had over 700 exhibitors from 27 countries.
ECSOJavier Diéguez, Director of the Basque Centre for Cybersecurity (BCSC), was re-elected as the representative of the European Regions on the ECSO Partnership Board, a position he has held since June of last year, which helps to foster discussion of the work programme related to cybersecurity projects in the European Commission.
IT-SA
19
FIRSTThe BCSC membership in this initiative means that it has proactive access to information on threats, tools and response strategies, etc. Since its creation in 1988, more than 400 organisations from all continents; private or public; military, educational, governmental and other organisations have joined a forum that is now essential to foster collaboration between different cybersecurity incident response teams.
OECD Global Forum – Digital Security for Prosperity Javier Diéguez, Director of the BCSC, participated in a panel entitled "Fostering Security by Design in Digital Innovation", in which guidelines were given that would enable new companies (not only security-related ones) to take advantage of cybersecurity from an early stage and to develop innovative and secure digital products and services.
S4 Digital Bond of MiamiThe BCSC participated in the event organised by Digital Bond, a North American company specialised in industrial cybersecurity. This congress has become the technical event of reference for those seeking the results of the latest research in the field of cybersecurity in industrial control systems.
2019 Annual Activity Report
20
98Speakers
More than 3.750 participants,including companies, technology
centres and entrepreneurs.
Basque Industry 4.0 and Basque Cybersecurity Day
This year, the two events were integrated, as cybersecurity is one more technological area of the Industry 4.0 and it is
essential and necessary within the new level of organisation and control that extends along the entire value chain from
technical and operational specifications, through the order, to production, delivery, support, maintenance and final
recycling.
Invited by the BCSC, the event served as a meeting point for FIRST members.
More than twenty of the main Basque cybersecurity
companies, leaders in this field, were in the Expo
section of the reference event in the Basque Country
for Industry 4.0 and industrial cybersecurity, the
Basque Industry 4.0-The Meeting Point.
The event combined several formats, such as first
level presentations, case studies, workshops,
interviews, round tables, exhibition and demonstration
area in matters of Industry 4.0 and cybersecurity.
Place
BEC
Date20 and 21November
85exhibitors
More than
500tweets aboutthe event
More than
90startups
More than
More than 20 exhibitorsfrom Basque cybersecurity companies
Trending Topic in Spainposition15
#BasqueIndustry40
2019 Annual Activity Report
CoverageIn 2019, the BCSC received coverage in both general and specialised press.
260Generated
parts52
Cyberquestions104
Did you know104
CyberTips
Media presence
National media
Economic Agencies Radio Specialised cybersecurity media
Local media
21
Multimedia parts
+108%Users
+105%New
users
+96%Sessions
+127%Page
views
+16%Pages/Session
+3%Duration
+5.42%Followers
on Twitter
+147.41%Followers
on Linkedin
+15%Followers
on YouTube
RRSS (2019 vs. 2018)
Web traffic (2019 vs. 2018)
2019 Annual Activity Report