DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV

  • 188 views
Uploaded on

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited …

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
188
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. IT Security system in Latvia achievements, statistics and challenges DSS Conference - 07.11.2013, Riga, Baiba Kaškina, CERT.LV
  • 2. Outline • • • • Legal environment CERT.LV overview Current situation overview CERT.LV awareness rising activities
  • 3. Legal environment and policies
  • 4. IT Security Law • In force since 1 February 2011 • Sets CERT.LV tasks and responsibilities • Defines responsibilities for: • Public sector • Internet Service Providers (ISPs) • Critical IT infrastructure owners
  • 5. IT Security Law – Public sector • In every institution – IT security officer responsible for: • • • • • IT security document creation IT security audit execution Annual employee education Security incident reporting to CERT.LV Participation in CERT.LV seminars
  • 6. IT Security Law – ISPs • All ISPs submit «Action plan for continuous operations» • Report to CERT.LV on major incidents • CERT.LV can request • IT Security incident information • IT Security audits • Disconnection of an end user for 24h
  • 7. IT Security Law – CII • • • • Critical infrastructure list – state secret Report incidents to CERT.LV Establish IT Security documentation CERT.LV can do black-box penetration testing
  • 8. National IT security strategy • Improvement of legal regulations • Increasing human and materialtechnical resources for state institutions • Rising cooperation at a national scale • Intensifying international cooperation • Hardening of education, science and social responsibility
  • 9. CERT.LV overview
  • 10. CERT.LV • Information technology security incident response institution • Mission: “Fostering IT security in Latvia” • From 1 January 2013 - CERT.LV supervised by the Ministry of Defence
  • 11. CERT.LV • • • • • • Used to be CERT.NIC.LV est. 2006 Operational since 1 February 2011 Operates on basis of IT Security Law State funded All services are free of charge Tasks delegated to Institute of Mathematics and Computer Science, University of Latvia
  • 12. CERT.LV constituency
  • 13. What is CERT.LV? • “Family doctor” and “fire-fighter” in the virtual environment
  • 14. CERT.LV main activity areas • Incident response • “Security through cooperation” • Awareness raising
  • 15. CERT.LV collaboration • State and municipal institutions • IT Critical infrastructure • Private sector • ISPs • Financial institutions • National Armed Forces • International collaboration • NATO, EU, ENISA, CCD CoE • TF-CSIRT, FIRST
  • 16. January 2012 – MoU with NATO
  • 17. CERT.LV participation • Cyber Defense Exercises: – CCD CoE «Locked Shields» – NATO «Cyber Coalition» – EU «Cyber Europe»
  • 18. Responsible ISP Symbol of quality, received by IPS that: • Cooperates with CERT.LV and provides incident information to end users • Cooperates with Net-Safe Latvia for illegal material takedown off the Internet • Provides free Internet content filter setup upon customers request
  • 19. Current situation overview
  • 20. Current situation • Large amount of incident reports every day • High and low priority incidents
  • 21. High priority incidents 1800 1600 1400 1200 1000 800 600 400 200 0 2012 Q1 Q2 2013 Q3
  • 22. Low priority incidents 60000 50000 40000 30000 20000 10000 2012 0 Q1 Q2 2013 Q3
  • 23. sality2 Sandbox Url worm_dorkbot B54-BASE unknown1895 dorkbot B58-DGA2 irc-botnet sinkhole Ransomware fast-flux sality scanners scans torpig virut-sinkhole kelihos citadel-sinkhole 205519411847 177115381253 994 cutwail virut pushdo spam android-stels slenfbot.5050 ZeuS 1000 Virut_botnet ZeroAccess openresolvers 10000 downadup Low priority incidents Q3 2013 100000 18710 4479 3934 742 567 566 497 450 370 335 311 306 284 269 255 232 203 171 153 129 127 119 100 10 1
  • 24. Current trends • Botnet numbers are still very large • Infections via browsers (Drive-by Exploits) – the most common vector • Server hacking, phishing, DoS • Malware distribution • Attacks in socially sensitive moments
  • 25. Banking trojan LV ================================ Cau! Ir problema! Nosutu Tev failu, ja tas info noklus prese, bus lielas nepatiksanas... http://failiem.lv/u/goefclr Juris ================================
  • 26. Latest deface
  • 27. CERT.LV activities and awareness raising
  • 28. Information and recommendations • Available and tailored for everyone • Information on newest viruses and threats • Articles and suggestions • Examples for IT security principles and rules • Portal www.esidross.lv (“be safe”) • Twitter and Facebook accounts
  • 29. New colleague - “Computerologist” • Born on E-skills week 2012 • Twitter account
  • 30. E-skills week 2013
  • 31. Training and education events • “Be safe” seminars for state institutions • Theoretical and technical IT Security exercises, «Snow Storm 2013» • Seminar for Internet Service providers • Targeted events • • • • • Legal issues How to organize exercises Risk assessment Monitoring with Netflow ENISA seminar on targeted attacks using social media
  • 32. Security Experts Group • Information Technology and Information Systems Security Experts Group: • Voluntary IT/IS security experts group • Advance IT/IS security and security awareness culture in Latvia • Supports CERT.LV • Group has Statutes and Code of Ethics
  • 33. Cyber Defence Unit • Estonian example • Concept developed in 2013 • ~80 people interested • Unit operational within National Guards in 2014 – Exercises – Support of CERT.LV in case of crisis – Transfer of knowledge
  • 34. Success factors • Security through cooperation • CERT.LV based on previous achievements and experience • Dedicated personnel • The carrot over the stick approach http://hikingartist.files.wordpress.com/2012/12/carrot-stick-set.jpg
  • 35. Next steps, challenges • Increased funding in 2014 – Hard to find employees • To finalize National IT security strategy – To develop Action plan • To start Cyber Defence Unit •«Esi drošs» («Be safe») seminar on 3 December 2013
  • 36. Thank you! http://www.cert.lv/ cert@cert.lv http://twitter.com/certlv baiba.kaskina@cert.lv