Natinal Incident Respnse Team Implementatin Mhamad Sazly B Musa IMPACT 29 th April 2013
ITU-IMPACT Cllabratin The Internatinal Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurity executing arm f the United Natins (UN) specialised agency - the Internatinal Telecmmunicatin Unin (ITU) bringing tgether gvernments, academia and industry experts t enhance the glbal cmmunity s capabilities in dealing with cyber threats. ITU & IMPACT signs a Memrandum f Understanding in 2008. IMPACT becmes the physical hme f ITU s Glbal Cybersecurity Agenda t peratinalise cybersecurity services acrss 193 cuntries. ITU & IMPACT signs a Cperatin Agreement in May 2011. IMPACT becmes the cybersecurity executing arm f the United Natins specialised agency, ITU. IMPACT nw will expand its services t the UN System. 2
ITU-IMPACT A Glbal Calitin Industry Partners Academia Internatinal Bdies Think Tanks Cybersecurity Services 193 Partner Cuntries UN System 3
Cybersecurity Services Deplyed 145 Cuntries have jined the ITU-IMPACT Calitin 4
Cmputer Incident Respnse Team CIRT Assessments and Deplyments Over 40 Assessments Perfrmed Glbally Afghanistan Albania Armenia Bangladesh Barbads Bhutan Bsnia & Herzegvina Btswana Burkina Fas Cambdia Camern Chad Cng Dminican Republic Ecuadr Gabn Gambia Ghana Grenada Hnduras Ivry Cast Kenya Las Lebann Lesth Macednia Maldives Mali Mntenegr Myanmar Nepal Niger Nigeria Senegal Serbia St. Kitts & Nevis St. Vincent & the Grenadines Sudan Tanzania Tg Trinidad & Tbag Uganda Vietnam Zambia Fur Cmpleted Deplyments: Mntenegr, Zambia, Kenya & Burkina Fas Seven Planned fr 2013: Uganda, Tanzania, Ivry Cast, Tg, Barbads, Trinidad & Tbag, Burundi 5
CIRT Deplyment 2012 Natinal CIRT Implementatin Mntenegr Zambia http://www.cirt.me http://www.cirt.zm Kenya Burkina Fas https://cirt.cck.g.ke http://www.cirt.bf 6
CIRT Deplyment 2012 Mntenegr CIRT Our first implementatin f the CIRT in Mntenegr has been frmally inducted as a member f FIRST and becme a trusted intrducer 7
Cmputer Incident Respnse Team Definitin CIRT stands fr Cmputer Incidents and Respnse Team It is an rganisatin r team that prvides services and supprt fr bth preventing and respnding t cmputer security incidents A fcal pint t crdinate incident handling activities 8
Cmputer Incident Respnse Team CIRT Services Reactive Services Practive Services Security Quality Management Services Alerts, Warnings and Advisries Annuncements Risk Analysis Incident Handling Incident analysis Incident respnse n site Incident respnse supprt Incident respnse crdinatin Vulnerability Handling Vulnerability analysis Vulnerability respnse Vulnerability respnse crdinatin Artifact Handling Artifact analysis Artifact respnse Artifact respnse crdinatin Technlgy Watch Security-Related Infrmatin Disseminatin Security Audits r Assessments Cnfiguratin and Maintenance f Security Tls, Applicatins, and Infrastructures Develpment f Security Tls Intrusin Detectin Services Business Cntinuity and Disaster Recvery Planning Security Cnsulting Awareness Building Educatin/Training Prduct Evaluatin r Certificatin Surce: Handbk fr CSIRTs http://www.cert.rg/archive/pdf/csirt-handbk.pdf 9
Cmputer Incident Respnse Team Backgrund Emerging need fr natinal CIRTs t supprt incident acrss natinal s brders Identifies incidents that culd affect critical infrastructures CIRT can prvide a single pint f cntact fr dealing with cyber security incidents 10
Cmputer Incident Respnse Team Why Establish a Natinal CIRT? Increase in the number f reprted cmputer security incidents Grwth in the number f reprted vulnerabilities The realisatin that system and netwrk administratrs alne cannt prtect rganisatinal systems and assets The realisatin that a prepared plan and strategy is required T encurage citizens and cmpanies t reprt crimes mre ften 11
Radmap Natinal CIRT Implementatin Phase 1 6 mnths Phase 6-12 mnths 2 Phase 3 12
Methdlgy 13
Implementatin Apprach Activities Offsite Planning & design stage (URS) Remte installatin Onsite URS presentatin and signing Training n CIRT prcesses and applicatins Fine-tuning CIRT applicatins Operatin 6 mnths supprt fr CIRT peratins 14
Delivery Methd Onsite Implementatin Activities 10-day nsite training prgram fcusing n CIRT prcesses and systems Incident respnse framewrk CIRT prtal Incident management system (RTIR) Basic Linux administratin Lg analysis 15
Deliverables CIRT Implementatin Phase 1 The Natinal CIRT wuld be: Able t cnduct cybersecurity trainings and awareness activities within the cuntry Able t send alerts and warnings t varius stakehlders in the cuntry Able t handle and respnd t cybersecurity incidents 16
IMPACT Certlite Slutin Natinal CIRT Implementatin A cllectin f pen surce tls t enable the CIRT t prvide basic services t its cnstituents. CIRT Prtal Incident Management System Mailing List 17
IMPACT Certlite Slutin CIRT Prtal CIRT Prtal is a platfrm which publishes latest updates n threats and vulnerability. It's main functin is t facilitate the distributin f infrmatin t the targeted grup f audience 18
IMPACT Certlite Slutin Incident Management System The incident management system is based n Request Tracker fr Incident Respnse (RTIR). It is a custmised incident handling and ticketing system which has been built upn ne f the mst successful pen surce ticketing system the Request Tracker (RT). 19
IMPACT Certlite Slutin Mailing List A versatile mass mailing and cntact management tl. It is embedded in the CIRT prtal t allw users frm the cnstituent t subscribe t CIRT updates r alerts. 20
Incident Respnse Framewrk Natinal CIRT Implementatin Prvides an verview f the incident handling prcess, including CIRT services, intruder threats and the nature f incident respnse activities Standard Operating Prcedures (SOP) Plicy templates 21
Challenges Natinal CIRT Implementatin Acquiring the right peple fr CIRT Funding fr setting up the CIRT infrastructure Lengthy prcess fr prcurement f hardware Language barrier 22
Thank Yu IMPACT Jalan IMPACT63000 Cyberjaya Malaysia T +60 (3) 8313 2020 F +60 (3) 8319 2020 E cntactus@impact-alliance.rg impact-alliance.rg Cpyright 2012 IMPACT. All Rights Reserved.