1

ASEAN Regional Forum Meeting 28 – 30 April 2010

Bandar Seri Begawan, Brunei

CERT-In’s Initiative on International Information Security

Dr A S KambleDirector

Indian Computer Emergency Response Team (CERT-In)Department of Information Technology

Min. of Communications & IT, Govt. of IndiaNew Delhi

Email : ask@mit.gov.in, askamble@cert-in.org.in

‘Ensure security of cyber space in the country’

by

‘Enhancing the security of communications and Information infrastructure’

through

‘Proactive action and effective collaboration aimed at security incident prevention, prediction, response &

recovery and security assurance’

CERT-In: Mission and Mandate

Mission: ‘Alert, Advice and Assurance’

2

CERT-In: Legal Status

CERT-In derives its authority from Section70B of Indian IT Act

Amendments (2008).

Section 70B: Designates CERT-In as the National nodal

agency to carry out all activities related to cyber security and

emergency response. In discharge of its functions, CERT-In is

empowered to call for information and give direction to service

providers, intermediaries, data centres, body corporate & any

other person.

Any failure to comply with its request or directions is liable for

punishment as provided in the amended Act.

3

ISPsKey Networks

Sectoral CERTs CSIRTsVendors

MediaLawEnforcement Agencies

Small and Home Users

CERT-In

-- Government Sector- Critical information

Infrastructure - Corporate Sector

International CERTsAPCERTFIRST

CERT-In is the nodal agency to coordinate all cyber security related matters in India

CERT-In Partners & Stakeholders

4

Department of Information Technology

Department of Information Technology

Detection Analysis Dissemination & Support

Analysis

Recovery

Det

ect

Dissem

inatio

n

ISP Hot Liners

Press & TV / Radio

Home Users

Private Sectors

Major ISPs

Foreign partners

CERT-In Work Process

5

• International Cooperation

– Member of FIRST

– Member of APCERT

– Research Partner of APWG

– Bilateral MoUs with JPCERT; NCSC,Korea;KrCERT(proposed)

– National Computer Board (NCB), Mauritius

– Members of CERT-In visited Mauritius for setting up of CERT-MU in Mauritius

– Provided training on CERT operations to technical staff of CERT-Mauritius

– CERT-MU has been operationalised and launched in May 2008

International Security Cooperation and Collaboration

6

7

• Collaboration with international security organizations and CERTs to facilitate exchange of information related to latest threats and international best practices

– Organized and hosted ARF Workshop on “Cyber Security” in New Delhi during 6th – 8th September 2006

– 20 ARF countries and representatives of ASEAN Secretariat and private sectors participated in the workshop – 58 delegates

– Organized Workshop on “Information Systems Security for System Administrators” of ASEAN countries, 28-30 August 2006, Manesar, India

– 21 System administrators attended the workshop

– Provided Hand-on practical training during the workshop

• Participated along with other International CERTs in resolving Estonia Govt. Website attack.

International Security Cooperation and Collaboration contd..

CERT-In as a National ‘watch and warning’ system primarily focuses

on the following:

•Monitoring the cyber space for timely forecasts, alerts & advice on cyber security incidents

•Coordination of cyber security crisis management & emergency response actions across all sectors in the country

•Focal point for collection, analysis, dissemination and sharing of information on cyber security issues and incidents

•Security policy compliance and enforcement within Govt. and Critical sectors

•Capacity building in terms of manpower, skills, facilities, tools and techniques

•Cyber security surveys, guidelines, standards and white papers

Focus of CERT-In activities

8

International Cyber Security Drill

Joint International Incident Handling Coordination Drill

• Participated in APCERT International Incident Handling Drill 2006

• Participants: 13 APCERT Members and New Zealand, Vietnam including 5 major Korean ISPs

• Scenario: Countermeasure against Malicious Code and relevant infringement as DDoS attack

• Participated in APCERT International Incident Handling Drill 2007

• Participants: 13 APCERT Members + Korean ISPs

• Scenario: DDoS and Malicious Code Injection

• Participated in APCERT International Incident Handling Drill 2008 & 2009

• Participants: 13 APCERT Members

• Scenario: Dealing with Underground Economy & Malware propagation

9

Thank youThank you

10