0
CERT Collaboration with ISPto Enhance CybersecurityJinhyun CHO, KrCERT/CCKorea Internet & Security Agency
I. Alarming call for cooperation with ISPsSlammer Worm • Spread most of vulnerable SQL servers within 30 min. globally • A...
II. Cybersecurity Collaboration with ISPs : Phase IInitial setup stage (2003~2005) • Formalization of cybersecurity privat...
II. Cybersecurity Collaboration with ISPs : Phase IAmendment to Relevant Law • Legal basis for the collective cybersecurit...
II. Cybersecurity Collaboration with ISPs : Phase ICollective Emergency Response • Emergency response action order to ISPs...
III. Cybersecurity Collaboration with ISPs : Phase IIStabilization Phase(2006~2009) • Enhancing the collaboration relation...
III. Cybersecurity Collaboration with ISPs : Phase IICoordinated Botnet Response Action • Implementation of national-wide ...
III. Cybersecurity Collaboration with ISPs : Phase IIDDoS Defense Investment • To promote the investment from ISPs on DDoS...
IV. Cybersecurity Collaboration with ISPs : Phase IIIAftermath Phase(2010~ Current) • DDoS Attack in July 2009 and March 2...
IV. Cybersecurity Collaboration with ISPs : Phase IIIInvestment on cyber security • Organizational restructure for strengt...
V. Summary1. Trust based Collaboration for Mutual Benefit2. On-going Efforts for Emgerging Cyber Threats3. Collaboration a...
THANK YOU!             Your Logo
Upcoming SlideShare
Loading in...5
×

CERT collaboration with ISP to enhance cybersecurity

587

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
587
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
37
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "CERT collaboration with ISP to enhance cybersecurity"

  1. 1. CERT Collaboration with ISPto Enhance CybersecurityJinhyun CHO, KrCERT/CCKorea Internet & Security Agency
  2. 2. I. Alarming call for cooperation with ISPsSlammer Worm • Spread most of vulnerable SQL servers within 30 min. globally • All Internet infrastructure in Korea disabled CERT Relations with ISPs : No coordination mechanism framework
  3. 3. II. Cybersecurity Collaboration with ISPs : Phase IInitial setup stage (2003~2005) • Formalization of cybersecurity private and public cooperation relations • Needs for ISP coordination mechanism and procedure recognized • Korea Internet Security Center(KrCERT/CC) opened in December, 2003 • Legal, policy and technical response to cyber attacks and threats Amendment to relevant law law Amendment to relevant Threat Information Sharing Collective Emergency Response Security exercise and daily checkup Security Exercise and Daily Checkup
  4. 4. II. Cybersecurity Collaboration with ISPs : Phase IAmendment to Relevant Law • Legal basis for the collective cybersecurity response actions • Minimal standard for cybersecurity in telecommunication area • Emergency response order • Mandated incident reporting and threat information sharingThreat Information Sharing • Traffic and attack statistics from major ISPs • Concerns, difficulties and issues discussed and resolved • Information sharing agreement among ISPs before legislation • Relevant costs covered by government
  5. 5. II. Cybersecurity Collaboration with ISPs : Phase ICollective Emergency Response • Emergency response action order to ISPs • Order applied to domestic ISPs within a day • The access blocked to foreign malicious website site or Ips • Legal authority and responsibilitySecurity exercise and daily checkupSecurity Exercise and Daily Checkup • Major incident scenario based exercise with ISPs • Systemic approach to response coordination procedure & process • Train the relevant first-line cybersecurity staffs • Daily security checkup with Radio system(alternative comm. channel)
  6. 6. III. Cybersecurity Collaboration with ISPs : Phase IIStabilization Phase(2006~2009) • Enhancing the collaboration relationship and make results with ISPs • Major cyberthreat from botnet and response • Emerging DDoS issue(availability) Coordinated Botnet Response Action Bi-annual workshop DDoS Defense Investment
  7. 7. III. Cybersecurity Collaboration with ISPs : Phase IICoordinated Botnet Response Action • Implementation of national-wide botnet sinkhole system • Access restriction to botnet c&c servers by changing IP address • CSF: The close collaboration and voluntary participation from ISPs • Trustworthy information source for cyber threats : KrCERT/CCBi-annual workshop • Face-to-face trust building opportunity in a relaxed environment • Closed technical presentation on security issue • Proposal for collective security actions made in the workshop
  8. 8. III. Cybersecurity Collaboration with ISPs : Phase IIDDoS Defense Investment • To promote the investment from ISPs on DDoS attacks from 2008 • DDoS service commercialization and commodity service • DDoS defense device provided to selective ISPs by government budget • Calls for responsible ISP response to major cyber threats Internet Exchange(IX)
  9. 9. IV. Cybersecurity Collaboration with ISPs : Phase IIIAftermath Phase(2010~ Current) • DDoS Attack in July 2009 and March 2011 • Renewal of national attention to cybersecurity with major incidents • Collaboration and coordination among public and private sector • Smart response for cybersecurity needed Cyber Remediation Service Hacker Victim DDoS Shelter Service Control & Command Server Zombies
  10. 10. IV. Cybersecurity Collaboration with ISPs : Phase IIIInvestment on cyber security • Organizational restructure for strengthening incident prevention • DDoS shelter service for SME(limited time-frame)Joint Voluntary Project • Joint initiative for cybersecurity outreach service • Voluntary threat information sharing and project to tackle cyber threatsHigh-level Attention & Support • Regular meeting for cybersecurity issues • Awareness Raising for senior-level people for cybersecurity
  11. 11. V. Summary1. Trust based Collaboration for Mutual Benefit2. On-going Efforts for Emgerging Cyber Threats3. Collaboration and Cooperation in Action
  12. 12. THANK YOU! Your Logo
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×