ITU Cyber security Forum and Cyber Drill 9-11 December 2013,Lao Plaza Hotel, Vientiane, Lao PDR Country updates on Cyber Security ( Lao PDR ) By Khamla Sounnalat Deputy head of LaoCERT Ministry of Posts and Telecommunication Email: sounnalat@laocert.gov.la Website: www.laocert.gov.la
Contents 1. Background 2. Government policy 3. ITU recommendation 4. LaoCERT s Full Operation plan 5. LaoCERT s Services 6. Challenges Copyright 2013 LaoCERT All Rights Reserved 1
1. Background
Internet Providers in Laos Name Wire Wireless Lao Telecom Co (LTC) ADSL 3.5G (HSDPA) Enterprise Telecom Lao (ETL) ADSL 3.5G (HSDPA) Star Telecom Lao (Unitel) ADSL 3.5G (HSDPA) VimpelCom Lao (Beeline) No 3.5G (HSDPA), WiMAX Planet Online No WiMAX Sky Telecom FTTH ( under planning ) http://www.laotel.com/ http://www.etllao.com.la/ http://www.unitel.com.la/ http://www.beeline.la/ (http://www.tigolao.com) http://www.laopdr.com/ http://www.laosky.com/ Copyright 2013 LaoCERT All Rights Reserved 4
Internet subscribers Type 2009 2010 2011 2012 2013 ADSL 13,200 15,600 18,800 25,000 40,000 FTTH 311 305 204 189 506 Leased line 3.5G (HSDPA) - 53 70 88 96 - - > 10,000 > 20,000 >50,000 There internet penetration in Laos is about 5% of population Copyright 2013 LaoCERT All Rights Reserved 1
Internet Services in Lao PDR PSTN and Mobile Statistics Laos' population was estimated at about 6,48 million in July 2011 6,000,000 5,480,851 5,678,000 5,000,000 4,606,720 4,139,056 4,000,000 3,366,760 3,000,000 2,000,000 1,230,030 1,450,100 2,022,133 1,000,000-93,786 95,867 97,768 99,413 135,676 150,362 157,000 140,921 2006 2007 2008 2009 2010 2011 2012 2013 PSTN Mobile Like other developing countries, the mobile penetration is growing rapidly. Mobile phone penetration is about 78% of Lao population Copyright 2013 LaoCERT All Rights Reserved 3
Cyber Threats Affecting in Laos Lao PDR has experienced similar kinds of cyber-attacks affecting other countries in the region and other parts of the world. These include: Malicious software DDoS attacks, port scanning, huge spamming attacks, phishing scams, web defacement, web server hacking and email account hacking Attack against E-government website Attack against DNS server Attack against bank website Attack against mail server of NOUL Internal threat when using USB (memory stick) 7
Cyber Threats Cont d DDos Attact Counts Distribution statistics DNS Request HTTP Flood Flood FIN/RST Flood DNS Reply Flood HTTPS Flood UDP Fragment Abnormal SIP Flood SYN-ACK Flood UDP Fragment SYN Flood Flood ACK Flood UDP Flood TCP Fragment Flood Attack Counts Distribution Attack Type Attack Count Percentage 1 DNS Request Flood 229 40.9% 2 HTTP Flood 100 17.9% 3 4 5 6 7 8 9 10 FIN/RST Flood 85 15.2% DNS Reply Flood 34 6.1% HTTPS Flood 34 6.1% UDP Fragment Abnormal 22 3.9% SIP Flood 21 3.8% SYN-ACK Flood 21 3.8% UDP Fragment Flood 5 0.9% SYN Flood 4 0.7% 11 ACK Flood 2 0.4% 12 UDP Flood 2 0.4% 13 TCP Fragment Flood 1-0.1% Copyright 2013 LaoCERT All Rights Reserved 7
Web defacement Copyright 2013 LaoCERT All Rights Reserved 9
Web Phishing Copyright 2013 LaoCERT All Rights Reserved 10
2.Government Policy
Government Policy Cyber Security is new issue for Lao PDR while Promoting Information and Communication Technology (ICT) as an engine for Social and Economic development, while avoiding negative impact, Establish legislations for governing and managing the development and usage of ICT such as Cyber Crime and etc, Forward priority is capacity building to improve technical knowledge Established Lao Computer Emergency Response Team (LaoCERT) under Ministry of Posts and Telecommunications as the contact point to handle the incidents and issues of Computer and Internet security. Copyright 2013 LaoCERT All Rights Reserved 12
Ministry of Posts and Telecommunications LaoCERT s structure Ministry of Posts and Telecommunications Department of communication Security Department of Information Technology Department of Telecommunication Department of Post Department of Planning and cooperation Department of Finance Department of Inspection Administrative office Institute of Post and Telecommunication Information Technology Research Center Lao National Internet Center Lao Computer Emergency Response Team (LaoCERT) E-government Center (Local) Department of Posts and Telecommunication Copyright 2013 LaoCERT All Rights Reserved 13
LaoCERT s Structure Lao Computer Emergency Response Team (LaoCERT) Legislation and Standard Unit Internal and External Cooperation Unit Technical Unit Research and Development Unit Administrative Unit LaoCERT was established on February, 2012 by degree 220/MPT Now, LaoCERT is under Lao National Internet Center and used the facilities of LANIC. Copyright 2013 LaoCERT All Rights Reserved 14
3. ITU Recommendation
ITU Recommendations to established LaoCERT Copyright 2013 LaoCERT All Rights Reserved 16
ITU-IMPACT Recommendations Copyright 2013 LaoCERT All Rights Reserved 17
ITU-IMPACT Recommendations LaoCERT Plan divide to 4 Phases Phase 1 Capacity Building Phase 2 Reactive Phase 3 Proactive Phase 4 Security quality Management Copyright 2013 LaoCERT All Rights Reserved 18
LaoCERT Capacity Building Network Security Training Activities in LaoCERT, Vientiane, LaoPDR FY.2012-13 Copyright 2013 LaoCERT All Rights Reserved 19
LaoCERT Capacity Cont d ITU delegates visited LaoCERT and Plan to held Cyber Drill for ASEAN in Laos, December, 2013 Copyright 2013 LaoCERT All Rights Reserved 20
LaoCERT Capacity Cont d JPCERT/ThaiCERT organized training course on Network Forensic for LaoCERT staffs 1-3 Oct 2013, Vientiane, Laos. Copyright 2013 LaoCERT All Rights Reserved 21
4.LaoCERT Full Operation Plan
LaoCERT s Target LaoCERT Plan to full operation in next year (2014) Stage 1 Education Stage 2 Planning Stage 3 Implementation Stage 4 Operation Stage 5 Collaboration Copyright 2013 LaoCERT All Rights Reserved 22
LaoCERT s road map After, successful action plan 24 months ( within 2014 ) LaoCERT will be a national CERT of Laos and under the Ministry of Post and Telecommunications.
5.LaoCERT s Services
LaoCERT web page www.laocert.gov.la
LaoCERT Mission for Internal: - Central Coordination, - Incident Handling, - Security Advisories, - Alert warning, -Awareness arising for External: -Collaboration and coordination with international CIRT, such as ITU-IMPACT, JPCERT; VNCERT; CamCERT; ThaiCERT; etc. - Joint international CIRT organization such and APCERT, FIRST etc. 27
LaoCERT s Services Reactive Services Proactive Services Security Quality management services Incident handling Vulnerability handling ( Incident Handling ) Alert and advisory Anti DDos Attack System ( Technology watching ) Information security awareness building Information security Capacity building for government s IT staffs ( Education ) Copyright 2013 LaoCERT All Rights Reserved 23
6.Challenges of LaoCERT
Capacity Building Challenges of LaoCERT Not enough cyber security workforce and certified professionals Cyber security related training, conference and education program Implementation based on ITU Recommendation Knowledge and skills to Implement secure Network infrastructure Incident handling system (IR) LaoCERT s Plan for full Operation Next year 2014 Law enforcement capacity to fight cybercrime Copyright 2013 LaoCERT All Rights Reserved 24
Q & A Thank you very much Copyright 2013 LaoCERT All Rights Reserved 25