Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Public Private Partnership - Combating CyberCrime


Published on

Public Private Partnership - Combating CyberCrime by Mohamed Shihab - Advisor (Technical) IMPACT at c0c0n - International Cyber Security and Policing Conference

Published in: Technology, News & Politics
  • Be the first to comment

Public Private Partnership - Combating CyberCrime

  1. 1. Public Private PartnershipCombating CyberCrimeMohamed Shihab
  2. 2. Growing Cybersecurity Threats“No geographical borders, no boundaries and tremendous destructive power”• ICTs have become an integral part of information society.• ICT networks are regarded as basic national infrastructure.• ICTs are also exposing our societies to the threat of cyberattacks.• Vulnerability of national infrastructures increases as the use of ICTs take root.• Cyber attacks on ICTs are borderless and can be launched from virtually anywhere.• As global reliance on ICTs grows, so does vulnerability to attacks on critical infrastructures through cyberspace. 2
  3. 3. Key Cybersecurity Challenges Lack of adequate and interoperable national or regional legal frameworks Lack of secure software and ICT-based applications Lack of appropriate national and global organizational structures to deal with cyber incidents Lack of information security professionals and skills within governments; lack of basic awareness among users Lack of international cooperation between industry experts, law enforcements, regulators, academia & international organizations to address a global challenge 3
  4. 4. 4
  5. 5. 5Source : Symantec.
  6. 6. CybercrimeNo limitsThe number of cyber threats are growingA combination of the “tools” can be a powerful “weapon” 6
  7. 7. Cost of War Cost of a stealth bomber? $737 Million to $1.1 billion Cost of a stealth fighter? $80 to $120 million Cost of a cruise missile? $1 to $2 million Cost of using cyber space as a weapon? $300 to $50,000 7
  8. 8. CyberiaA Case Study FACT FILE Country : Cyberia Terrain : Island, with beautiful beaches Density : 3,064 /km2 Ethnic Groups : Cyberians Official Language : Binary, JAVA and C ------------------------------------------------------------------- Country is well known for tourism and trading. Houses one of the most prominent harbour in the world. One of the finest technology driven countries in the world with state of the art infrastructure. 8
  9. 9. ??? Harbour DdOS Server Down Internet Air traffic controller Congested not respondingOne fine day............ 9
  10. 10. We cannot contain the attack Status We do not have diplomatic ties All attacks from overseas Stock market is Where is the actual crashing... It’s havoc attacker? outsidePanic Starts....... 10
  11. 11. In the future all wars will be preceded by: • Chaos • Panic • Disinformation • Disruption of services48hrs later....... 11
  12. 12. Living ExamplesEstonia Wave 4: ISP Wave 1: Government Wave 2: Servers Wave 3: Banks Media SPAM Government Education Banks Cyber Vandalism SPAM Wave 2 ctd.. Wave 3 ctd.. 12
  13. 13. Living ExamplesGeorgia Stage 4: Physical Attack Stage 1: Bot Harvesting Stage 2: Training / Recruiting Stage 3: Continued Attack Wave 2: Financial Institutions Wave 3: Networks Wave 1: Government / Media Business Establishments SCADA Educational Institutions SPAM Government / Media Wave 2 ctd.. 13
  14. 14. Cross Border Crime Lack of Knowledge Lack of Resources No Direction No legal framework Management Challenges New Problems Capital intensive solutions Need proactive solutions No emergency telephone numbers Organisations working in silos Delays in ResponseLack of international collaboration Crimes have become organisedNeed better early warning system Addressing different type of attacks I wonder if it is possible to How can I notify this The suspect is in have more intelligence threat to others? another country. What on this situation do I do? I wish somebody had I need more data for my research! I foreseen that this was wonder if somebody else is working coming on the same thing 14
  15. 15. Cybercrime vs Conventional Crime
  16. 16. Crime Comparison Internet crimes span multiple jurisdictions Nearly all crimes were local Organised Evidence never far from the crime scene Ever-evolving and complex Language and communication Evidence across borders restrictions No proper cyber laws Not internationally co-ordinated It is not targetted on a specific individual Often isolated to a region alone anymore. Need not have specialised knowledge 16
  17. 17. 17
  18. 18. 18
  19. 19. IMPACT
  20. 20. 20
  21. 21. 21
  22. 22. 22
  23. 23. Global Response CentreCentre for Policy & International Cooperation CIRT GRC Services Capacity BuildingCentre for Training & Skills DevelopmentCentre for Security Assurance & Research
  24. 24. ITU-IMPACTA combined effort to tackle growing cybercrime
  25. 25. Working Together Academia Research UNODCAt UN level if we try to avert cyberwar we can achieve: • Early mediation • Build a global security council • Credible body • Trusted source of information INTERPOL • A reliable global body to express the problems Private Org. Government 25
  26. 26. 26
  27. 27. Provide Point of Contacts with different CountriesEstablish contact with ITU-IMPACT partners for instant remedyProvide heads up information on possible threats Taking a look at Cyberia again...Co-ordinate a collaborative effort to tackle the attackDevelop human capacity within Cyberia 27Setup Incident Response Team within Cyberia
  28. 28. Bridging the Resources ITU-IMPACT’s Global Alliances 28
  29. 29. 4 Pillars of IMPACT
  30. 30. Global Response Centre • Network Early Warning System (NEWS)  Cyber threat reference centre  Aggregation of cyber threats across the globe  Collaboration with global industry partners • Electronically Secure Collaborative Application Platform for Experts (ESCAPE)  Key experts and personnel from partner countries (law enforcement, regulators, country focal, cybersecurity experts, etc)  Facilitate & coordinate with partner countries during cyber attack 30
  31. 31. Centre for Security Assurance & Research • Security Assurance: • IMPACT Government Security Scorecard (IGSS) • CIRT-Lite (Computer Incident Response Team) • Professional services (vulnerability assessment, security audits, etc) • Research: • Facilitation & coordination of cybersecurity research • Bringing together the research community and the industry 31
  32. 32. Workshops & CIRT DeploymentObjectives:- To assist partner countries’ assessment of its readiness to implement a National CIRT.- IMPACT reports on key issues and analysis, recommending a phased implementation plan for National CIRT.- In later stages the national CIRT will also be provided with enabling tools.- Conducted workshops for 33 countries globally No. Partner Countries Assessment Status 1 Afghanistan Completed in October 2009 2 Uganda, Tanzania, Kenya & Zambia Completed in April 2010 3 Nigeria, Burkina Faso, Ghana, Mali, Senegal & Ivory Coast Completed in May 2010 4 Maldives, Bhutan, Nepal & Bangladesh Completed in June 2010 5 Serbia, Montenegro, Bosnia & Albania Completed in November 2010 6 Cameroon, Chad, Gabon, Congo & Sudan Completed in December 2010 7 Senegal, Gambia, Togo, Niger Completed in November 2011 8 Lao P.D.R Completed in November 2011 9 Cambodia, Myanmar, Vietnam (Assessment for CMV national CIRTs) Completed in October and November 2011 10 Armenia Completed in November 2011 11 South America and Arab region 2012 32
  33. 33. CIRT Deployment CIRT Lite for National deployment Regional CIRT deployment 33
  34. 34. Cybersecurity AssessmentITU-IMPACT conducted cybersecurity assessment for Afghanistan : October 2009Session conducted in Kabul, Afghanistan 34
  35. 35. Cybersecurity AssessmentITU-IMPACT conducted cybersecurity assessment for East Africa (Kenya, Tanzania, Uganda andZambia) : 26th – 29th April 2010Session conducted in Kampala, Uganda 35
  36. 36. Cybersecurity AssessmentITU-IMPACT conducted cybersecurity assessment for West Africa (Burkina Faso, CôtedIvoire, Ghana, Nigeria, Mali and Senegal) : 17th – 21st May 2010Session conducted in Ouagadougou, Burkina Faso 36
  37. 37. Cybersecurity AssessmentITU-IMPACT conducted cybersecurity assessment for Bhutan & Bangladesh : 1st – 11th June2010 37
  38. 38. Cybersecurity AssessmentITU-IMPACT conducted cybersecurity assessment for Nepal & Maldives: 14th – 25th June 2010 38
  39. 39. Cybersecurity Workshop /Assessment 39
  40. 40. Centre for Training & Skills DevelopmentProviding world class capability & capacity programmes • Specialised training programs • IMPACT SecurityCore • IMPACT Network Forensics • IMPACT Forensics Investigation for Law Enforcement • IMPACT Malware Analysis • Scholarship - partnership with global certification body • EC-Council (US$1 mil grant) • SANS Institute (US$1 mil grant – completed) • Global certification courses • (ISC)2 • EC-Council 40
  41. 41. Training & Skills DevelopmentCourses conducted for partner countries and in collaboration with IMPACT’s partners 41
  42. 42. Training & Skills DevelopmentIMPACT-Microsoft Network Forensics & Investigation Course: 6th – 9th April 2010 (Brunei)Closed session for law enforcement agencies – 4 countries participated 42
  43. 43. Training & Skills DevelopmentIMPACT Network Forensics Course: 3rd – 7th May 2010 (IMPACT Global HQ)Class conducted for 22 participants from 5 countries 43
  44. 44. Training & Skills Development IMPACT-SANS IPv6 Training: 26th May 2010 (IMPACT Global HQ)Training conducted by Dr Johannes Ullrich (SANS Internet Storm Center) – 72 participants 44
  45. 45. Centre for Policy & InternationalCooperation • Policy: • Workshops and seminars • Policy advisory & best practices • e-Newsletter • International cooperation: • Partner country coordination • Partnership, cooperation and collaboration with industry, academia, think tanks & international organisations • Child Online Protection (COP) 45
  46. 46. IMPACT – ISRA CollaborationGRC has been collaborating with ISRA (Information Security Research Association) since June 2012ISRA provides IMPACT with regular feeds for the GRC Portals.Feeds contain information regarding:  ISRA looks at the vulnerabilities in various government websites, attack plans and patterns from different countries around the world on voluntary basis.  ISRA teams verify those initial findings of insecure systems by checking the live systems and then upload this verified data to its database.  This information is then sent to IMPACT via email service on a weekly basis using excel files.  GRC publishes this weekly information for its member countries so that they can patch and secure the system before hackers exploit the systems and damage them.Collaboration Interest for both sides: ISRA through this collaboration is looking for a safe and secure cyber space where they can report their vulnerability findings and IMPACT already had those platforms in the form of NEWS and ESCAPE with the target users in place. 46
  47. 47. Partnership with InterpolAreas of Co-operation• Establishing key contact point in member states• Exchange of information• Capacity building programs for law enforcement officials• Consultation of key initiatives for the law enforcement agencies• Joint development efforts on enhancing forensic capabilities of member states 47
  48. 48. IMPACT’s Partners International Organisations Academia Alliance (200+) Child Online Protection Industry 48
  49. 49. Areas of Co-operationPublic/Private Partnership• Access to key security industry players• Establishing key contact point in member states• Exchange of information• Capacity building programs for law enforcement officials• Establishing a framework for protecting children online• Jointly establishing a Centre of Excellence : • Research on tools/technologies • Capacity building programs for Law enforcement officials from other regions as well as international agencies • Implementation of best practices and solution sets in the field of CyberSecurity for key agencies • Annual regional/international workshop for LEAs on CyberSecurity 49
  50. 50. Thank you IMPACT T +60 (3) 8313 2020 Jalan IMPACT F +60 (3) 8319 2020 63000 Cyberjaya E Malaysia © Copyright 2011 IMPACT. All Rights Reserved.