Issue Date:

Revision:

Enhancing Security Incident Response Capabilities in the Asia Pacific Region

6th APT Cybersecurity Forum

Adli Wahid

Security Specialist, APNIC

2

Agenda

1. About APNIC

2. Enhancing Incident Response Capabilities

3. Recent and future activities

About APNIC

3

What is APNIC?• Regional Internet Registry (RIR) for the

Asia Pacific region– Comprises 56 economies

• Secretariat located in Brisbane, Australia– Currently employs around 70 staff

• Not-for-profit, membership-based organization

• Governed by the Executive Council (EC), who are elected by the Members

4

APNIC’s Vision:

A global, open, stable, and secure Internet that serves the entire Asia Pacific community.

How we achieve this:

• Serving Members

• Supporting the Asia Pacific Region

• Collaborating with the Internet Community

5

Enhancing Incident Response Capabilities in the AP Region

6

7

Responding to Security Incidents

National Cyber Security Agency

National CERT / CSIRTs

Enterprise CERTs/CSIRTs

End-Users

Critical Infrastructure, Network Providers, Hosting, Cloud, Government, Financial Services, SMEs =

8

Network Operators / Service Providers

• A key player in the Incident Response process • Availability is important

– Critical Infrastructure (Internet Exchange)– Increasing becoming a target

• Need to be aware of the (changing) threat landscape – Help increase resilience the infrastructure by applying best practices – Provide timely assistance & mitigation – Emerging Trends - IOTs– CERT/CSIRT of the last resort

• Network Operators Groups (NOGs) – Local & Regional NOGs – APRICOT & APNIC Conference

Network Operators – Incident Response Relationship

• Interdependent entities

• Expectations – Resources are not misused or

abused – Fast ‘take-downs’ or response– Share information (logs, billing etc) – Communicate with Users /

Technical support – 24x7x365

• Frequently, at the receiving end

9

Network Operator

End-Users Customers

Security Response Community

Law Enforcement

10

Incident Response Capabilities • Managing Security Incidents

– Reduce impact of security incidents – Prevent security incident from occurring – Fixing actual vulnerabilities – Gain insights about emerging threats or incidents (ISACs, threat intel

feeds) – Collaborate with other stakeholders (i.e. investigation,

policy/strategy)

• Managing Security Incident Response Teams – Establishing CSIRTs – Operationalizing CSIRTs– Having the right skill sets, knowledge and tools – Being part of the community – Mentoring

11

APNIC’s Approach

• Capacity development – Internet infrastructure – Cyber security*

• Strategic Partnership – Various stakeholders– Regional & global – Shared goals

Security Outreach

12

Craig Ng

Promoting security best practices in the

APNIC community

NOGs, CSIRTS and LEA events

PK, CN, HK, KR, JP, PH SG, MY, ID, AU, TW

Collaboration with JICA and KISA to deliver

regional CERT training

Geoff Huston member of ICANN SSAC

Adli Wahid member of FIRST Board

MoU with APCERT

Interpol Global Cyber Crime Group

Adli Wahid

www.apnic.net/security

CSIRT Best Practice Forum • IGF 2014 & 2015

– Best Practice Forum on Establishing and Supporting Computer Security Incident Response Teams (CSIRT) for Internet Security

• Multistakeholder approach

• Addresses key concerns of establishing & setting up a CSIRTs – Key success factors – Costs & capacity building – Stakeholder engagement – Opportunities & challenges

• Call for Comments– http://intgovforum.org/cms/best-practice-forums/2-establishing-

and-supporting-csirts

13

Upcoming Activities • Support for regional activities

– FIRST & IDSIRTII TC (October)– FIRST & KRCERT/CC TC (November)– Interpol Global Cyber Crime Meeting (December)– APRICOT 2016 in Auckland (February)

• eLearning & Training– https://training.apnic.net

• Follow us for the latest updates– Blog https://blog.apnic.net – Twitter @apnic

Resource Public Key Infrastructure (RPKI)

15

RPKI presentations to NOGs and conferences

‘Ready to ROA’ Campaign – hands-on sessions to help Members create

ROAs

Shirts, stickers, web content to promote

campaign

Regional RPKI adoption has more than doubled in

past year - 0.82% to 1.92% and rising

www.apnic.net/roa

• 10 face-to-face and eLearning RPKI training courses delivered

• Offline simulation of production system• Create and revoke ROAs, observe changes to

routing state in lab

Internet Operational Research Grants

16

New fund supporting the Internet research community in the Asia Pacific

Research aiming to improve availability, reliability, and security of the Internet in the

Asia Pacific

Network measurement and analysis

IPv6 deployment BGP Routing Network Security

Conclusion

• Capacity development is fundamental & critical

• Approach must be flexible and scalable

• Plenty of challenges & opportunities

• Let’s collaborate!

17

Thank YouAdli Wahid

www.apnic.net

adli@apnic.net

18