Mustafa AYDINLI NLO CYBER SECURITY ADVISOR

Transcription

1 Mustafa AYDINLI NLO CYBER SECURITY ADVISOR

2 AGENDA Introduction to Cyber Security Establishment & History of TR-CERT Responsibilities of TR-CERT Competencies of TR-CERT

3 CYBER SECURITY Cyber security is defined as, the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment, critical infrastructure, organization and user s assets.

4 THE MAIN OBJECTIVES OF CS; To protect the integrity of data, To access to information with enough speed/bandwith and quality, To block unauthorized access, To protect the privacy and confidentiality, To provide business continuity with a good performance in critical infrastructure.

5 ESTABLISHMENT & HISTORY OF TR-CERT Cabinet Decision October 2012 Enforcement and Coordination of National Cyber Security Studies Board of Cyber Security 20 January 2012: Kickoff meeting National Cyber Security Strategy and Action Plan of Assignment 14 February 2013: Assignment of TR-CERT Inauguration 27 May 2013: Inauguration of TR-CERT 5

6 CYBER SECURITY BOARD Minister of Transport, Maritime Affairs and Communication Undersecretary MFA Undersecretary MIA Undersecretary MOD Undersecretary POS Undersecretary NIA Gen.Staff J6 Director Head ICTA Head STRCT Head FCIB Head PTC Undersecretary MTMAC

7 TURKEY S CYBER SECURITY STRATEGY ACTION PLANS Regulation Cyber Security Infrastructure Juridical Processes Organization of National Cyber Incident Response Local Technologies Human Resources Security Mechanisms

8 Responsibilities of TR-CERT Coordination and Communicati on about combatting against Cyber Crimes Collaboration with Cyber Emergency Response Teams Active Support in Securing Cyber Security of Critical Infrastructures Information Sharing about National and International Cyber Incidents Coordination and Assistance for the Security of Government al IT systems Alarms, Warnings and Announcements about Cyber Threats

9 Announcements - Warnings & Technical Documentation Cyber Incident Report Suggestion Sharing Platform Information Sharing System Twitter & RSS

10 TR-CERT STRUCTURE

11 TAF-CERT MIA-CERT MFA-CERT XYZ-CERT BRSA-CERT EMRA-CERT CMBT-CERT CERT STRUCTURE IN TURKEY.. Institutional CERTs Sectoral CERTs

12 CERT STRUCTURE IN TURKISH ARMED FORCES (TAF-CERT) Cooperation TAF Cyber Command (TAF-CERT) Coordination NCIRC General Staff CERT Army CERT Navy CERT Air CERT Gendarmary CERT Coast Guard CERT Response Support Coordination

13 COMPETENCIES of TR-CERT

14 Institutional Coordination Unit Software Development Unit Malware Analysis Unit International Communications Unit Cyber Incident Reports Communication Unit TR-CERT Cyber Threat Analysis Unit

15 CYBER THREAT ANALYSIS SYSTEM (Cyber Threat Analysis Unit) INITIAL STATUS As of 14 February 2013, traffic received from 12 cities and 16 different points. As of 28 August 2013, traffic received from 56 cities and 98 different points. ACTUAL STATUS Actually, traffic received from 81 cities and 164 different points.

16 TR-CERT-INTERNATIONAL INFORMATION FLOW (International Communications Unit) Canada UK Norway USA Germany Spain Japan Malaysia Brazil cyber incident reports received from 30 different countries in 5 months. 16

17 INCIDENT ANALYSIS SYSTEM (Software Development Unit)

18 MALICIOUS DOMAIN NAMES PREVENTION PROJECT (Software Development Unit) Your November bill 1. Hacker sends an containing malware. 2. User receives the from mail server. 3. User opens the and clicks the link. Yes 4. Access to malware server is blocked. No 5. User directed to warning page and asked if he/she wants to continue or not. 6. According to users preference access to malicious content is blocked or maintained.

19 Malicious Domain Names Prevention Project (Malware Analysis Unit) Trusted Resources Malicious Domain Names Pool Information shared with ISPs. Individual Reports Malicious Domain Names Pool is established by TR-CERT after the analysis of the information received from various resources. Internet Service Providers

20 CERT COMMUNICATIONS PLATFORM (INSTITUTIONAL COORDINATION UNIT) Report Yes Cyber Incident? No Analysis Detection Solution Response Classification & Record Notification (CERTs & Internet parties& Government) DB

21 Planned Activities Information sharing with governmental institutions in accordance with agreements. Cooperation between TR-CERT and universities Cyber Vulnerability Analysis for Critical Governmental Institutions.

22 İstanbul Bosphorus National Museum of the History of the Great Patriotic War