APNIC Security Specialist Adli Wahid highlights APNIC’s contribution to improving incident response capabilities in the region through training and capacity development, engagement with LEAs and CERTs, and collaboration with partners such as APCERT.
4. What is APNIC?
• Regional Internet Registry (RIR) for the
Asia Pacific region
– Comprises 56 economies
• Secretariat located in Brisbane,
Australia
– Currently employs around 70 staff
• Not-for-profit, membership-based
organization
• Governed by the Executive Council
(EC), who are elected by the Members
4
5. APNIC’s Vision:
A global, open, stable, and secure Internet that
serves the entire Asia Pacific community.
How we achieve this:
• Serving Members
• Supporting the Asia Pacific Region
• Collaborating with the Internet Community
5
7. Responding to Security Incidents
7
National Cyber
Security Agency
National CERT /
CSIRTs
Enterprise
CERTs/CSIRTs
End-Users
Critical Infrastructure, Network Providers, Hosting,
Cloud, Government, Financial Services, SMEs=
8. Network Operators / Service
Providers
• A key player in the Incident Response process
• Availability is important
– Critical Infrastructure (Internet Exchange)
– Increasing becoming a target
• Need to be aware of the (changing) threat landscape
– Help increase resilience the infrastructure by applying best practices
– Provide timely assistance & mitigation
– Emerging Trends - IOTs
– CERT/CSIRT of the last resort
• Network Operators Groups (NOGs)
– Local & Regional NOGs
– APRICOT & APNIC Conference
8
9. Network Operators – Incident
Response Relationship
• Interdependent entities
• Expectations
– Resources are not misused or
abused
– Fast ‘take-downs’ or response
– Share information (logs, billing etc)
– Communicate with Users /
Technical support
– 24x7x365
• Frequently, at the receiving end
9
Network
Operator
End-Users Customers
Security
Response
Community
Law
Enforcement
10. Incident Response Capabilities
• Managing Security Incidents
– Reduce impact of security incidents
– Prevent security incident from occurring
– Fixing actual vulnerabilities
– Gain insights about emerging threats or incidents (ISACs,
threat intel feeds)
– Collaborate with other stakeholders (i.e. investigation,
policy/strategy)
• Managing Security Incident Response Teams
– Establishing CSIRTs
– Operationalizing CSIRTs
– Having the right skill sets, knowledge and tools
– Being part of the community
– Mentoring
10
11. APNIC’s Approach
• Capacity development
– Internet infrastructure
– Cyber security*
• Strategic Partnership
– Various stakeholders
– Regional & global
– Shared goals
11
12. Security Outreach
12
Craig Ng
Promoting security best
practices in the
APNIC community
NOGs, CSIRTS and LEA
events
PK, CN, HK, KR, JP, PH
SG, MY, ID, AU, TW
Collaboration with JICA
and KISA to deliver
regional CERT training
Geoff Huston member of
ICANN SSAC
Adli Wahid member of
FIRST Board
MoU with APCERT
Interpol Global Cyber
Crime Group
Adli Wahid
www.apnic.net/security
13. CSIRT Best Practice Forum
• IGF 2014 & 2015
– Best Practice Forum on Establishing and Supporting
Computer Security Incident Response Teams (CSIRT) for
Internet Security
• Multistakeholder approach
• Addresses key concerns of establishing & setting up
a CSIRTs
– Key success factors
– Costs & capacity building
– Stakeholder engagement
– Opportunities & challenges
• Call for Comments
– http://intgovforum.org/cms/best-practice-forums/2-
establishing-and-supporting-csirts
13
14. Upcoming Activities
• Support for regional activities
– FIRST & IDSIRTII TC (October)
– FIRST & KRCERT/CC TC (November)
– Interpol Global Cyber Crime Meeting (December)
– APRICOT 2016 in Auckland (February)
• eLearning & Training
– https://training.apnic.net
• Follow us for the latest updates
– Blog https://blog.apnic.net
– Twitter @apnic
15. Resource Public Key Infrastructure (RPKI)
15
RPKI presentations to
NOGs and conferences
‘Ready to ROA’ Campaign
– hands-on sessions to
help Members create
ROAs
Shirts, stickers, web
content to promote
campaign
Regional RPKI adoption
has more than doubled in
past year - 0.82% to 1.92%
and rising
www.apnic.net/roa
• 10 face-to-face and eLearning RPKI training
courses delivered
• Offline simulation of production system
• Create and revoke ROAs, observe changes to
routing state in lab
16. Internet Operational Research Grants
16
New fund supporting the Internet research
community in the Asia Pacific
Research aiming to improve availability,
reliability, and security of the Internet in the
Asia Pacific
Network
measurement
and analysis
IPv6 deployment BGP Routing
Network
Security
17. Conclusion
• Capacity development is
fundamental & critical
• Approach must be flexible and
scalable
• Plenty of challenges &
opportunities
• Let’s collaborate!
17
We have to realize that different economies have different Cyber Security Environment. Some have frameworks, policies and institutions in place. But others don’t.
Even if you have everything in place – there is a lot of dependencies.
You need to look at the bigger picture (NEC Talk yesterday)
Keeping information up to date
Host Critical Infrastructure
Case Studies – Take downs
Environment
Understanding about security incidents
Win-win approach & through various means
Security specialist Adli Wahid, is working with different teams within APNIC as well as building relationship with potential and new partners that APNIC can leverage.
Adli was recently elected as a board member of the Forum of Incident and Security Response Teams
Build capability through training, providing content on security at APNIC and LEA training
Participation in NOGs, inter-governmental forums, CERTS etc. We take that knowledge and share it with Members to raise awareness
Highlighting relevant initiatives to Members to improve security such as IRT objects in whois, RPKI, and SAVE (BCP 38)
We also supported security community events such as the PHCERT & APCERT Conference this year
MOU with APCERT in the area of promoting security awareness, improving incident response and supporting capacity development activities
Where do we capture this CSIRT Knowledge
We would like to encourage members to participate in our event.
Let us know for opportunities
In the last meeting I highlighted our ROA. Ready to ROA our initiative to promote security routing
The main aim is to get Network Operators to create Route Object Authorisations – which will enable others to validate the origin of routing announcement.
* 1.92 uptake as of September 2015 (https://
This is also part of our effort to promote Routing Security among network operators and cyber security agencies
There has been some progress since we actively promote it at various events.
It must be stressed however that his is only the first step
APNIC is the secretariat of ISIF (Internet Society Innovation Fund)
Help spread the word about ISIF grant – covers IPv6 and Operational Network Security.
Up to 60k AUD grant
How to make it scale?
How do we cover areas that do not have enough resources?