Working together with banks from a
     CERT perspective + CIIP



                    Ferenc Suba LLM, MA
               ...
PTA CERT-Hungary
WHO WE ARE? PTA CERT-Hungary =
Government network security center
Within Theodore Puskás Foundation funde...
Financial ISAC HU
- History: joint comexes with banks since early 2006
- Great leap forward: large phising attacks in Dec ...
COMEX07
                     The exercises
-Goal:

-to test the communication between the participants and the

internal p...
The exercises
COMEX08:
Goal: to test communication and internal procedures in case of an
international malicious code coll...
The exercises
COMEX09:
Goal: to test the protective reactions of the banks in case of a
penetration

Tasks:

2 banks to pr...
CIIP in Energy Sector
USA: ISAC Model (branch specific co-op. under DHS)
Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, ...
Thank you for your attention!
 ferenc.suba@cert-hungary.hu
 PTA CERT-Hungary
 www.cert-hungary.hu
 Theodore Puskás Foundat...
Upcoming SlideShare
Loading in...5
×

Day 1 Coop Banks

326

Published on

Presentation by CERT-Hungary

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
326
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Day 1 Coop Banks"

  1. 1. Working together with banks from a CERT perspective + CIIP Ferenc Suba LLM, MA Chairman of the Board, CERT-Hungary, Theodore Puskás Foundation Vice-Chair of the Management Board, European Network and Information Security Agency
  2. 2. PTA CERT-Hungary WHO WE ARE? PTA CERT-Hungary = Government network security center Within Theodore Puskás Foundation funded and supervised by the government CO-OPERATION AGREEMENT WITH FINANCIAL SUPERVISORY AUTHORITY: Scope: awareness raising (website, school class), recommendation (safe e-banking), ISAC (information sharing and analysis center) FINANCIAL ISAC HU: In co-op with FSA, BAH, Police SERVICE AGREEMENTS WIHT BANKS: - 5 concluded, 3 underway
  3. 3. Financial ISAC HU - History: joint comexes with banks since early 2006 - Great leap forward: large phising attacks in Dec 2006 - Constituents: CERT-HU, Law Enforcement, Banking Assoc. of HU, Financial Supervisory Authority - Activity: information sharing, exercises, recommendations, coordination - Results: TLP, Advisory, simulated DDos attack exercise - Future: prep for FSA recomm. on the security of internet banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT, DHS)
  4. 4. COMEX07 The exercises -Goal: -to test the communication between the participants and the internal procedures of the banks in case of a Ddos attack -Tasks: -Two banks acting as victims, -Banking Association coordinating the exercise and representing the banks towards CERT-Hungary, -CERT-Hungary providing technical infrastructure, playing the attacker, ISP and server operator for one of the banks and itself - FSA, GIRO, Police: observers and evaluators
  5. 5. The exercises COMEX08: Goal: to test communication and internal procedures in case of an international malicious code collecting client’s data, password Tasks: 6 banks to eliminate the malicious code and changing passwords, requesting log-analysis form CERT-Hungary, identification of data leakage and malicious activity based on log- analysis, reporting to the police CERT-Hungary: reporting the malicious code to banks, log- analysis, identification and shutting down of collecting servers with the involvemen of the police FSA, Police: observers and evaluators
  6. 6. The exercises COMEX09: Goal: to test the protective reactions of the banks in case of a penetration Tasks: 2 banks to protect a simulated banking environment CERT-Hungary: provision of the simulated banking environment, serving as attacker Banking Association, FSA, Police: interactive players and evaluators
  7. 7. CIIP in Energy Sector USA: ISAC Model (branch specific co-op. under DHS) Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN, SEEMA, Melanie, CERT-Hungary) Global: Meridian Process Control WG Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary) First exercise in May, 2009 (NHH, MOL, MAVIR, MEH, NFGM, PTA CHK) electricity outage having a spillover effect in oil, gas, and communications
  8. 8. Thank you for your attention! ferenc.suba@cert-hungary.hu PTA CERT-Hungary www.cert-hungary.hu Theodore Puskás Foundation www.neti.hu ENISA www.enisa.europa.eu
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×