A National CERT what can it do for you?

Transcription

1 A Natinal CERT what can it d fr yu? Ian M Dwdeswell Qatar Cmputer Emergency Respnse Team (Q-CERT)

2 2 Presentatin Overview Wh we are What we d What we can d fr yu Questins

3 3 What is Q-CERT? The natinal cmputer infrmatin security team fr the State f Qatar Wrks with rganizatins wh deliver critical services in Qatar t help them: identify their mst imprtant infrmatin assets develp apprpriate risk management strategies prevent attacks by imprving the security f the services that they prvide recgnize cyber attacks and respnd effectively

4 4 Q-CERT Helps Critical Sectr Organizatins t create and imprve their cyber security capability and capacity Wrks with ther security teams wrld-wide t maintain awareness f glbal trends t crdinate respnse t internatinal threats & incidents (as cyber security is nt cnfined t natinal bundaries)

5 5 Q-CERT Part f the Glbal Respnse Netwrk

6 6 Q-CERT Range f Activities Practive Reactive Outreach, Awareness, & Training Tailred wrkshps based n needs analysis Public wrkshps based n recgnized needs Outreach t regin

7 7 Q-CERT Range f Activities Practive Reactive Critical Infrastructure Prtectin Assist key natinal resurces in addressing infrmatin security vulnerabilities and threats Assist in creating an Infrmatin Security management framewrk Develp and prvide appraches fr risk assessments and risk mitigatin

8 8 Q-CERT Range f Activities Practive Reactive Incident Management Establish a natinal and reginal center fr threat, vulnerability, and security event data. Establish and perate mechanisms fr respnding t cyber threats and vulnerabilities. Assist law enfrcement and ther respnders rganizatins.

9 9 The Threat Interruptin f Telecmmunicatins Impact n all levels f cmmunicatins 999 service ptentially ff line (Cascade effect) Severe impact n financial services Lss f cmmunicatins with public impacts cnfidence in gvernment Ptentially serius impact n civilian lgistics Interruptin f Transprtatin Disruptin f cmmerce Fdstuffs and fuel deliveries interrupted Ptential hazardus material cmprmises Direct impact n ppulatin

10 10 The Threat Interruptin f Gvernment Services Lss f public cnfidence Impact n disaster recvery (Cascade effect) Ptential crisis in leadership Interruptin f Infrmatin Infrastructure Significant impact n ther critical infrastructures E-cmmerce halted Netwrks becme unreliable Direct impact n ppulatin

11 11 Emerging Threats New Technlgies bring New Threats Inherent vulnerabilities with new technlgy Wireless technlgies X Cell Phnes Wireless vide Applicatin prgrams Infrmatin strage devices

12 12 Incident Management Activities Threat gathering activities Hneynet data analysis Open- surce mnitring Netflw data analysis f netwrk traffic flw acrss natinal gateways t determine risk t CIP.

13 13 Vulnerability Statistics Tday CERTCC receives mre than 25 vulnerabilities every day Estimated 9,642 in 2007 Year Vulnerabilities 1,090 2,437 4,129 3,784 3,780 5,990 8,064 9,642 Nte: The number f estimated reprts fr 2007 is based n the current vlume being reprted.

14 14 Attack Sphisticatin vs. Intruder Knwledge prpagatin f malicius cde DDS attacks stealth /advanced scanning techniques increase in wrms widespread attacks using NNTP t distribute attack sphisticated cmmand & cntrl widespread attacks n DNS infrastructure executable cde attacks (against brwsers) autmated widespread attacks GUI intruder tls hijacking sessins Internet scial engineering attacks packet spfing autmated prbes/scans widespread denial-f-service attacks techniques t analyze cde fr vulnerabilities withut surce cde Intruder Knwledge anti-frensic techniques hme users targeted distributed attack tls increase in wide-scale Trjan hrse distributin Windws-based remte cntrllable Trjans (Back Orifice) Attack Sphisticatin

15 15 IT System Threat Evlutin in the Future Cntagin Timeframe Secnds Minutes Hurs Days Weeks r mnths Human respnse: impssible Autmated respnse: Will need new paradigms Practive blcking: pssible Human respnse: difficult/impssible Autmated respnse: pssible Human respnse: pssible File Viruses Macr Viruses Time Wrms Blended Threats Flash Threats Warhl Threats

16 16 Incident Management Activities Vulnerability infrmatin disseminatin key, relevant infrmatin tpics, in English and Arabic, fr timely disseminatin t cnstituency. advice n best surces f vulnerabilities. warnings frm glbal partners - n lnger a individual cntest.

17 17 Critical Infrastructure Defined Critical Infrastructure: Physical and infrmatin technlgy services and assets which, if disrupted, destryed r cmprmised, wuld have a serius impact n the health, safety, security r ecnmic wellbeing f Qatar r the effective functining f its gvernment Banking and financial services Medical services Gas facilities and netwrks Gvernment services

18 18 CIP Sectrs Sectrs are deemed critical when their incapacitatin r destructin wuld have a debilitating impact n the natinal security and scial well-being f a natin

19 19 Sectr Security Infrastructure Vulnerabilities Mst Infrastructures are Scale-free netwrks Able t survive randm attacks r failures Highly susceptible t targeted attack Super Hubs (Financial) Cnsiderable redundancy within the system but nt f the system (Telecmmunicatins) Database Cmprmise Ability t Destry, Disrupt, r Distrt critical data Infrmatin as essential as physical infrastructure Physical Attack Lss f facilities Redundancy becmes critical Cmbined Physical/Cyber Attack Frce multiplier

20 20 Critical Sectr Organisatin (CSO) Engagement Reduce infrmatin risk in the CSO, hence reduce risk in critical infrastructure Help define security strategy & bjectives fr meeting CSO, regulatry, legislative and gvernment (CIP) requirements Help t address CSO s current issues: prvide independent cnsultancy based n best practice Prvide advice n lng term security imprvement, with apprpriate (hlistic) scpe & gvernance Prvide independent testing and measurement f security imprvement ver time Help CSO t adpt internatinally recgnised best practices fr their sectr Help Q-CERT understand sectr security issues and help raise the levels f practice in the whle sectr

21 21 Critical Infrastructure Prtectin Challenge Cyber space and physical space are becming ne In the U.S. alne: Agriculture and Fd 1.9M farms 87,000 fd prcessing plants Water 1,800 federal reservirs 1,600 treatment plants Public Health 5,800 registered hspitals Chemical Industry 66,000 chemical plants Telecmm 2 B miles f cable Energy 2,800 pwer plants 300K prductin sites Transprtatin 120,000 miles f railrad 590,000 highway bridges 2M miles f pipeline 300 prts Banking and Finance 26,600 FDIC institutins Pstal and Shipping Key Assets 137M delivery sites 5,800 histric buildings 104 nuclear pwer plants 80K dams 3,000 gvernment facilities 460 skyscrapers

22 22 Reginal Cperatin The GCC-CERT was established by decisin f the Gulf Cperatin Cuncil, as a cllabratin amngst the emerging GCC natinal prgrams: GCC cuncil mandates members t expedite the prcess f establishing their natinal CERT prgrams The GCC decisin established a framewrk fr reginal cperatin amngst Gulf states n the tpic f infrmatin security. Wrking Grup meetings are nging t fulfill the GCC instructins we welcme ur GCC clleagues!

23 23 Cnstituency

24 24 Changing Security Requirements Frtress apprach n lnger viable Risk Management is key What is mst imprtant t the rganizatin What is the greatest threat What resurces are needed Fcus is n prviding resiliency t the rganizatin Keep it perating if pssible If nt, prepare fr graceful degradatin Shuld strnger/mre capable at the end

25 25 Changing Security Requirements What are the impacts f emerging technlgies? What are yur vulnerabilities? What d they mean t physical security f the rganizatin? D yu have the expertise necessary t understand and mitigate threats What des a technical cmprmise mean? Halt f prductin Unauthrized Access Damage Intended Accidental

26 26 Challenges Integrated Security has t be part f the strategic plan fr an rganizatin Security strategies must enable the rganizatin, but must be balanced against ptentially limiting the achievement f ther strategic bjectives

27 27 In Summary Incident Management fr respnse t and crdinatin f security incidents f natinal imprtance Outreach and Awareness fr develping knwledge f and skills in infrmatin security Critical Infrastructure Prtectin fr lng-term rganizatinal risk assessment and prcess imprvement

28 28 Incident Management Pints f Cntact Reprt Incidents by: Website (using prfrma): incidents@qcert.rg Phne: Incident Manager Ian M Dwdeswell imd@qcert.rg Fax:

29 29 Questins?