New developments in cyber law - Singapore and beyondBenjamin Ang
New developments in the Computer Misuse and Cybersecurity Act, Singapore; actions by the Personal Data Protection Commission under the Personal Data Protection Act (PDPA); thought on the upcoming Cybersecurity Act 2017
Cybersecurity legislation in Singapore (2017)Benjamin Ang
Reviewing the Personal Data Protection Act (PDPA), Computer Misuse and Cybersecurity Act (CMCA), and the draft Cybersecurity Act Cybersecurity Bill of Singapore, correct up to November 2017
Dispatch everywhere, dispatch everything: towards a distributed PSAP cloud-architecture
Francesco Frugiuele, Head of International Business, RapidDeploy
Session on: Supporting call-takers/dispatchers
decision making and situational awareness
Chair: Chair: Stephen Hines, Clinical Practice Learning Manager, London Ambulance Service, United Kingdom
An experienced, well-trained call-taker/dispatcher can gather a lot of high quality, vitally important information that can help first responders form an early understanding of what they will be facing upon arrival at the emergency scene. Supporting tools could however help them to do it faster and better!
The document describes AirBox, a participatory ecosystem for PM2.5 monitoring that involves over 5,000 citizen-operated air quality monitoring devices across 37 countries. AirBox allows citizens to participate in air quality monitoring through open hardware and software platforms, and makes real-time air quality data publicly available through mobile apps, websites, and other tools for visualization, analysis, and forecasting. The ecosystem continues to expand through additional hardware, improved data standards and analysis, and integration with cloud platforms.
This document discusses cybersecurity challenges in Southeast Asia and outlines Cisco's approach to addressing these challenges. It notes that ASEAN countries face rising cyber threats but have low policy preparedness. The cybersecurity landscape is complex and fragmented. Cisco's strategy involves integrating security across networks, endpoints, cloud, and other domains. It aims to provide visibility, detection, prevention and response capabilities through technologies, training programs, and collaborations.
New developments in cyber law - Singapore and beyondBenjamin Ang
New developments in the Computer Misuse and Cybersecurity Act, Singapore; actions by the Personal Data Protection Commission under the Personal Data Protection Act (PDPA); thought on the upcoming Cybersecurity Act 2017
Cybersecurity legislation in Singapore (2017)Benjamin Ang
Reviewing the Personal Data Protection Act (PDPA), Computer Misuse and Cybersecurity Act (CMCA), and the draft Cybersecurity Act Cybersecurity Bill of Singapore, correct up to November 2017
Dispatch everywhere, dispatch everything: towards a distributed PSAP cloud-architecture
Francesco Frugiuele, Head of International Business, RapidDeploy
Session on: Supporting call-takers/dispatchers
decision making and situational awareness
Chair: Chair: Stephen Hines, Clinical Practice Learning Manager, London Ambulance Service, United Kingdom
An experienced, well-trained call-taker/dispatcher can gather a lot of high quality, vitally important information that can help first responders form an early understanding of what they will be facing upon arrival at the emergency scene. Supporting tools could however help them to do it faster and better!
The document describes AirBox, a participatory ecosystem for PM2.5 monitoring that involves over 5,000 citizen-operated air quality monitoring devices across 37 countries. AirBox allows citizens to participate in air quality monitoring through open hardware and software platforms, and makes real-time air quality data publicly available through mobile apps, websites, and other tools for visualization, analysis, and forecasting. The ecosystem continues to expand through additional hardware, improved data standards and analysis, and integration with cloud platforms.
This document discusses cybersecurity challenges in Southeast Asia and outlines Cisco's approach to addressing these challenges. It notes that ASEAN countries face rising cyber threats but have low policy preparedness. The cybersecurity landscape is complex and fragmented. Cisco's strategy involves integrating security across networks, endpoints, cloud, and other domains. It aims to provide visibility, detection, prevention and response capabilities through technologies, training programs, and collaborations.
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
The document discusses Singapore's cybersecurity strategy and legal framework. It has 4 pillars: (1) enhancing Singapore as a trusted hub, (2) promoting collective responsibility, (3) using cybersecurity as an advantage, and (4) national cyber R&D. The Cybersecurity Act designates critical infrastructure and gives the Cyber Security Agency powers to investigate incidents. The strategy aims to strengthen cyber defenses, educate the public, and develop Singapore as a cybersecurity hub in Asia.
Disasters and weather-related emergencies are frequent occurrences, often with devastating results. But can the emergency services and response organisations cope better and if so how? In this session we heard interesting approaches to the handling of such events and the sharing of lessons learned.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Cybersecurity for Critical National Information InfrastructureDr David Probert
This document discusses cybersecurity for critical national infrastructure. It covers evolving cyber threats facing different critical sectors like government, banking/finance, energy and transportation. It also discusses some national and international plans for critical infrastructure protection from countries like the US, Canada, UK, Germany, and international bodies like the UN and OECD. The presentation explores integrating cybersecurity with physical security to protect critical infrastructure.
Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...Benjamin Ang
Slides from the Internet Society Singapore Chapter's seminar and public consultation on the draft Bill of Singapore’s new Cybersecurity Act, which will be in place by end 2017, and will lay the groundwork for world class cybersecurity practices to overcome emerging threats in cyberspace. The Act seeks to minimize disruption to essential services and to professionalize the cybersecurity industry.
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
This document provides an overview of critical infrastructure protection in Europe presented by Ignacio Paredes of the Industrial Cybersecurity Center. It discusses the convergence of physical and cyber worlds and how industrial control systems have become interconnected over TCP/IP and use general purpose operating systems. This has introduced cybersecurity challenges to operational technology environments. The document reviews cyber attacks on critical infrastructure like Stuxnet and Shamoon and regulations around critical infrastructure protection in the US and EU. It argues that identifying and prioritizing critical infrastructure is important but questions who will pay for protection and whether regulations have led to minimum compliance over real protection.
The document discusses the digital security challenges faced by media and entertainment companies as the industry shifts from closed proprietary systems to open digital platforms. It notes that the open nature of digital networks introduces new threats and attack surfaces. Additionally, the increased value of digital assets like user data and analytics makes companies richer targets. Finally, it lists specific challenges such as protecting content across the supply chain, managing device and data security, and meeting privacy requirements while using personal data.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
This document discusses cybersecurity challenges in ASEAN countries and proposes actions to address them. It finds that ASEAN is a prime target for cyber attacks due to rising vulnerabilities from increasing digital connectivity and trade. However, cyber defenses across ASEAN remain weak due to issues like limited cooperation, underinvestment and a fragmented security industry. The document calls for urgent actions including developing policy frameworks, building cybersecurity capabilities, and strengthening regional cooperation to fortify ASEAN's cyber ecosystem against growing threats.
The document discusses cybersecurity challenges facing the ASEAN region and proposes actions to address them. It finds that ASEAN countries are increasingly being targeted by cyber attacks. The cybersecurity industry in the region is fragmented with many small players and few holistic solutions providers. There is a lack of coordination between countries on issues like intelligence sharing. The document calls for sustained investment in cybersecurity, establishing a regional coordination platform, and developing the next generation of cybersecurity capabilities to strengthen the ecosystem.
Strenthening Critical Internet InfrastructureFrancis Amaning
This document outlines Ghana's critical national internet infrastructure and proposes strengthening it. It discusses automating Ghana's .gh domain name registry and establishing a governing body. It also proposes deploying root servers through joint efforts of the registry and internet exchange point. The document outlines Ghana's national cybersecurity organization CERT-GH and an IPv4 to IPv6 transition task force. It describes Ghana's internet exchange point and need for a national internet backbone plan. The document proposes locating key infrastructure elements at Ghana's new national data center to foster synergies between national internet resources.
This document discusses vulnerability management and the Greenbone vulnerability assessment tool. It outlines a process for vulnerability management that includes preparing by defining secure configurations, identifying assets and scanning them, classifying vulnerabilities using standards like CVSS and CVE, prioritizing based on scores and asset criticality, assigning remediation tasks, mitigating and remediating issues, storing data to support forensics and repeating the process, and improving over time based on metrics. The presentation was given by Dirk Schrader of Greenbone Networks, which develops open source vulnerability management solutions.
Presentations from the SPF Spectrum Resilience workshop on 03 May 2018
More information about the UK Spectrum Policy Forum is available here.
http://www.techuk.org/about/uk-spectrum-policy-forum
George Μ. Karagiannis, Deputy Secretary-General for Civil Protection, General Secretariat for Civil Protection, Greece - Building and sustaining an integrated national 112 capability
ITU-D is the development sector of the International Telecommunication Union (ITU), a specialized agency of the United Nations. ITU-D works with both member states and private sector partners to expand access to ICTs and build digital skills in developing countries through activities like infrastructure projects, policy advice, and training programs. Some key initiatives include Connect regional digital development summits, public-private partnerships to deploy wireless broadband in underserved areas, and efforts focused on issues like cybersecurity, emergency communications, and ensuring inclusive access for all groups.
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
This document discusses cyber security challenges for the smart grid and outlines NIST's efforts to address them. It provides background on the electric grid and goals of the smart grid. The smart grid will be more complex and interconnected, introducing new security risks. NIST published guidelines for smart grid cyber security to help integrate security during modernization. The guidelines provide a risk assessment framework and recommended security requirements but do not mandate specific solutions.
1) APCERT is a forum of Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) in the Asia Pacific region established in 2003. It currently has 30 operational members from 21 economies.
2) APCERT aims to promote cooperation on cybersecurity, facilitate information sharing, and assist members in responding to cyber incidents through working groups, an annual conference, and incident response drills.
3) Key recent activities include updating governance policies, conducting a capacity building survey, hosting bi-monthly online trainings, and an annual incident response drill with over 30 participating teams.
Protecting Critical Infrastructure: a multi-layered approachITU
The document discusses protecting critical infrastructure through a multi-layered cybersecurity approach. It notes the increasing dependence on ICTs and rising cyber threats. A coordinated response is needed across international, regional, and national levels. Key aspects include legal measures, technical/procedural measures, organizational structures, capacity building, and international cooperation. The ITU promotes cybersecurity strategies, drives implementation efforts, and fosters a global culture of cybersecurity through activities like its National CIRT Programme and Global Cybersecurity Index.
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
The document discusses Singapore's cybersecurity strategy and legal framework. It has 4 pillars: (1) enhancing Singapore as a trusted hub, (2) promoting collective responsibility, (3) using cybersecurity as an advantage, and (4) national cyber R&D. The Cybersecurity Act designates critical infrastructure and gives the Cyber Security Agency powers to investigate incidents. The strategy aims to strengthen cyber defenses, educate the public, and develop Singapore as a cybersecurity hub in Asia.
Disasters and weather-related emergencies are frequent occurrences, often with devastating results. But can the emergency services and response organisations cope better and if so how? In this session we heard interesting approaches to the handling of such events and the sharing of lessons learned.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Cybersecurity for Critical National Information InfrastructureDr David Probert
This document discusses cybersecurity for critical national infrastructure. It covers evolving cyber threats facing different critical sectors like government, banking/finance, energy and transportation. It also discusses some national and international plans for critical infrastructure protection from countries like the US, Canada, UK, Germany, and international bodies like the UN and OECD. The presentation explores integrating cybersecurity with physical security to protect critical infrastructure.
Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...Benjamin Ang
Slides from the Internet Society Singapore Chapter's seminar and public consultation on the draft Bill of Singapore’s new Cybersecurity Act, which will be in place by end 2017, and will lay the groundwork for world class cybersecurity practices to overcome emerging threats in cyberspace. The Act seeks to minimize disruption to essential services and to professionalize the cybersecurity industry.
Industrial Cybersecurity and Critical Infrastructure Protection in EuropePositive Hack Days
This document provides an overview of critical infrastructure protection in Europe presented by Ignacio Paredes of the Industrial Cybersecurity Center. It discusses the convergence of physical and cyber worlds and how industrial control systems have become interconnected over TCP/IP and use general purpose operating systems. This has introduced cybersecurity challenges to operational technology environments. The document reviews cyber attacks on critical infrastructure like Stuxnet and Shamoon and regulations around critical infrastructure protection in the US and EU. It argues that identifying and prioritizing critical infrastructure is important but questions who will pay for protection and whether regulations have led to minimum compliance over real protection.
The document discusses the digital security challenges faced by media and entertainment companies as the industry shifts from closed proprietary systems to open digital platforms. It notes that the open nature of digital networks introduces new threats and attack surfaces. Additionally, the increased value of digital assets like user data and analytics makes companies richer targets. Finally, it lists specific challenges such as protecting content across the supply chain, managing device and data security, and meeting privacy requirements while using personal data.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
This document discusses cybersecurity challenges in ASEAN countries and proposes actions to address them. It finds that ASEAN is a prime target for cyber attacks due to rising vulnerabilities from increasing digital connectivity and trade. However, cyber defenses across ASEAN remain weak due to issues like limited cooperation, underinvestment and a fragmented security industry. The document calls for urgent actions including developing policy frameworks, building cybersecurity capabilities, and strengthening regional cooperation to fortify ASEAN's cyber ecosystem against growing threats.
The document discusses cybersecurity challenges facing the ASEAN region and proposes actions to address them. It finds that ASEAN countries are increasingly being targeted by cyber attacks. The cybersecurity industry in the region is fragmented with many small players and few holistic solutions providers. There is a lack of coordination between countries on issues like intelligence sharing. The document calls for sustained investment in cybersecurity, establishing a regional coordination platform, and developing the next generation of cybersecurity capabilities to strengthen the ecosystem.
Strenthening Critical Internet InfrastructureFrancis Amaning
This document outlines Ghana's critical national internet infrastructure and proposes strengthening it. It discusses automating Ghana's .gh domain name registry and establishing a governing body. It also proposes deploying root servers through joint efforts of the registry and internet exchange point. The document outlines Ghana's national cybersecurity organization CERT-GH and an IPv4 to IPv6 transition task force. It describes Ghana's internet exchange point and need for a national internet backbone plan. The document proposes locating key infrastructure elements at Ghana's new national data center to foster synergies between national internet resources.
This document discusses vulnerability management and the Greenbone vulnerability assessment tool. It outlines a process for vulnerability management that includes preparing by defining secure configurations, identifying assets and scanning them, classifying vulnerabilities using standards like CVSS and CVE, prioritizing based on scores and asset criticality, assigning remediation tasks, mitigating and remediating issues, storing data to support forensics and repeating the process, and improving over time based on metrics. The presentation was given by Dirk Schrader of Greenbone Networks, which develops open source vulnerability management solutions.
Presentations from the SPF Spectrum Resilience workshop on 03 May 2018
More information about the UK Spectrum Policy Forum is available here.
http://www.techuk.org/about/uk-spectrum-policy-forum
George Μ. Karagiannis, Deputy Secretary-General for Civil Protection, General Secretariat for Civil Protection, Greece - Building and sustaining an integrated national 112 capability
ITU-D is the development sector of the International Telecommunication Union (ITU), a specialized agency of the United Nations. ITU-D works with both member states and private sector partners to expand access to ICTs and build digital skills in developing countries through activities like infrastructure projects, policy advice, and training programs. Some key initiatives include Connect regional digital development summits, public-private partnerships to deploy wireless broadband in underserved areas, and efforts focused on issues like cybersecurity, emergency communications, and ensuring inclusive access for all groups.
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
This document discusses cyber security challenges for the smart grid and outlines NIST's efforts to address them. It provides background on the electric grid and goals of the smart grid. The smart grid will be more complex and interconnected, introducing new security risks. NIST published guidelines for smart grid cyber security to help integrate security during modernization. The guidelines provide a risk assessment framework and recommended security requirements but do not mandate specific solutions.
1) APCERT is a forum of Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) in the Asia Pacific region established in 2003. It currently has 30 operational members from 21 economies.
2) APCERT aims to promote cooperation on cybersecurity, facilitate information sharing, and assist members in responding to cyber incidents through working groups, an annual conference, and incident response drills.
3) Key recent activities include updating governance policies, conducting a capacity building survey, hosting bi-monthly online trainings, and an annual incident response drill with over 30 participating teams.
Protecting Critical Infrastructure: a multi-layered approachITU
The document discusses protecting critical infrastructure through a multi-layered cybersecurity approach. It notes the increasing dependence on ICTs and rising cyber threats. A coordinated response is needed across international, regional, and national levels. Key aspects include legal measures, technical/procedural measures, organizational structures, capacity building, and international cooperation. The ITU promotes cybersecurity strategies, drives implementation efforts, and fosters a global culture of cybersecurity through activities like its National CIRT Programme and Global Cybersecurity Index.
The document discusses building cybersecurity capacity through international cooperation. It notes increasing dependence on ICTs and rising cyber threats. Developing countries are most at risk as they adopt broader ICT use. Building national cybersecurity strategies and response capabilities is important, as is cooperation across international, regional, and national levels. The ITU works to build capacity through national cybersecurity strategies, establishing computer security incident response teams, conducting assessments and trainings, and facilitating information sharing and regional cooperation. The ITU also measures cyber readiness through the Global Cybersecurity Index and creates country profiles to track progress. Strengthening cybersecurity globally requires coordinated multi-stakeholder efforts.
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
The document discusses national strategies against cyber attacks from a global perspective based on the work of ITU-IMPACT. It provides an overview of ITU-IMPACT, current cybersecurity challenges faced by governments, and global efforts to address these challenges through developing national computer incident response teams, public-private partnerships, and international cooperation on cyber laws, standards, and capacity building. The document also presents ITU-IMPACT's role in assisting countries with developing national cybersecurity strategies and implementing programs like computer security incident response teams and cybersecurity drills.
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)Abbie Barbir
The document summarizes the work of the International Telecommunication Union (ITU) Study Group 17 on cybersecurity and telecommunication security standards. Some key activities discussed include the ITU Global Cybersecurity Agenda framework, identity management efforts, securing next generation networks, and challenges around strategic direction, legal issues, and cooperation across standards bodies.
European Green IT Webinar 2014 - Erasmus Mundus Master PERCCOMGreenLabCenter
The document describes the PERCCOM program, the first Erasmus Mundus Master's program in green information and communication technologies (ICT). The program includes four semesters across multiple European universities focused on eco-design, green networking, computing and services, and smart systems. It offers scholarships and results in three national master's degrees. The program aims to provide an international experience for students of various nationalities and connections to companies and organizations in the ICT field.
ENISA - EU strategies for cyber incident responseKevin Duffey
ENISA is the EU Agency for Network & Information Security. In this presentation, the Head of Stakeholder Relations shares lessons for CEOs from over 200 cyber simulations and other research conducted by ENISA.
This 3 sentence summary provides the key details about the IRMA project:
The IRMA project aims to build an integrated risk management platform in Africa to help address disaster risk reduction across all phases from risk assessment to recovery. The platform will integrate various information sources and provide tools and services to stakeholders in natural disaster management. It seeks to demonstrate the capacity of standardized and interoperable ICT solutions to effectively mitigate disaster risk through operational scenarios assessing applications for bushfire, flood, desertification and urban risks management.
Enhancing security incident response capabilities in the AP APNIC
APNIC Security Specialist Adli Wahid highlights APNIC’s contribution to improving incident response capabilities in the region through training and capacity development, engagement with LEAs and CERTs, and collaboration with partners such as APCERT.
With my team (LKYSPP MPA), we presented the basic concept, advantages, case studies, and risk management of "Cloud Computing" to (potential) policy makers, in the framework of our "Governance Study Project". We'd like to help those policy makers to make their informed decision on integrating tech-solutions in their governance, business community, and the general public.
This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.
Security5Security5 is an entry level certifi cation fo.docxbagotjesusa
The document discusses several cybersecurity certifications offered through EC-Council Press including Security|5, Wireless|5, Network|5, C|EH (Certified Ethical Hacker), E|NSA (EC-Council Network Security Administrator), E|CSA (EC-Council Certified Security Analyst), C|HFI (Computer Hacking Forensic Investigator), and E|DRP (EC-Council Disaster Recovery Professional). It provides an overview of each certification and what they cover to prepare security professionals. The EC-Council aims to address the need for well-educated information security practitioners through their certifications and publications.
The document summarizes ITU's work on cybersecurity since 2003, including:
1) Establishing the Global Cybersecurity Agenda in 2007 to facilitate international cooperation on cybersecurity across five pillars.
2) Forming the High-Level Expert Group in 2007 to develop strategies to curb cyberthreats and promote cybersecurity globally.
3) Conducting various capacity building activities through the ITU-IMPACT initiative to assess countries' cyber readiness and train over 2,700 professionals worldwide.
4) Collaborating with partners like UNODC, Symantec, and Trend Micro to strengthen cybersecurity capabilities globally.
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
The document summarizes the Integrated Risk Management for Africa (IRMA) project. It is a 3-year, €3.5 million European Commission funded research project involving 9 EU and 6 African partners. The project aims to develop an ICT service platform to support environmental risk management in Africa and will implement risk scenarios in Senegal, Mozambique, Cameroon, and Morocco to validate the platform.
Similar to International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [APNIC 38] (20)
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [APNIC 38]
1. APCERT : APNIC Meeting 2014’
International Collaboration
for Regional Cybersecurity Risk Reduction
- APCERT Collaboration with Stakeholders
Yurie Ito
Chair, APCERT SC
Director, Global Coordination, JPCERT/CC
2. General Introduction
Asia Pacific Computer Emergency Response Team
http://www.apcert.org
Forum of CSIRTs in the Asia Pacific region
Established in February 2003
Annual Events
1. APCERT AGM & Conference
2. APCERT Drill (Simulation exercise of cyber
attacks)
APCERT Annual Report
http://www.apcert.org/documents/index.html
5. Key Cybersecurity Risks
Threats exposed 2011-12
Data extortion by Persistence
Threats
Crowd sourced attack
IT system down / Data loss by
Natural Disaster
IT System Environment / Technology Evolves
New devices; Mobile
Tablets, Smart Phones
Social Media Cloud Computing
Control System
connects to Networks
IT System EnvironmeRnistk /s T echnology Evolves
Intellectual
Property
Economic Competition Infrastructure Service
National
Security
All those old bad problems still exist
Bots
Malware,
Exploits
DDoS, etc Cyber Conflicts Insider threats
7. APCERT Security Operations /
Regional CERTs Collaboration
• Opportunities
– Collaborate on cyberspace safety, cleanliness and
health – clean up malware and cooperate in
removing botnets
– Focus on measurement and enabling remediation
through education, tools, information sharing
– Point of Contact (POC) arrangement
– Cross boarder incident handling and coordination
APCERT efforts should go farther in this area
8. APCERT 11 years of Achievement
• 2013 – APCERT 10th anniversary
• Collaboration agreement with external experts and global security
operations
– OIC-CERT, EGC, TF-CSIRT, FIRST and many more industry partners
• Participated in global dialogues on fostering clean-up norms
– Including guest status at APEC-TEL SPSG
– AP*, APNIC, ASEAN Regional Forum
• Partnership with OECD on Cybersecurity Risk measurement
program
• CSIRT Training for Africa and pacific islands
• APCERT Drills & ASEAN CERT Incident Drills
• TSUBAME -> Network Monitoring Data and tool sharing program
9. what can we do more with
APNIC, APTLD and Network Operators?
• Cybersecurity capacity building and training
• Point of Contact exchange?
– APCERT-AP-TLC, APCERT-AP-NIC
– NICs – CERTs – ccTLDs
– POC for NOGs
• More Info sharing?
• Send us Incident Reports
• Collaborate on regional risk reduction Cyber
Green approach
10. Towards the Safe, Clean and Reliable
Internet Ecosystem
Yurie Ito
yito@jpcert.or.jp
Mobile: +1 310.463.2776
Editor's Notes
My name is Yurie Ito. I am a chair of APCERT, and also a director of global coordination at JPCERT/CC.
thank you for the invitation to speak with you today.
Today I will be representing the CERT collaboration forum in Asia Pacific Region known as APCERT. I will share how we overcome the challenges and have kept us closely working together to make the internet cleaner, safer and reliable space through managing the regional level of cyber risks.
It’s been 10 years since APCERT was established. We have 25 teams from 19 economies today working together closely with trust. Building trust is not easy.
There are significant differences in political systems, IT infrastructure, cultural and language differences. Each team also has different authorities and their remediation approaches in dealing with incidents can be be very different.
Just to give you a general idea what type of capability we have in our group –
Today, with both technology and the threat continue to rapidly evolve – targeted attacks are occurring globally and we see increasing number of clearly national security motivated attacks and DDOS against governments and banking systems. Governments are start discussion on cyber war/conflict in places. Around the world, governements are making accusations and taking sides on who is conducting attacks and poses risks. Managing cyberspace and cyber security is quickly being seen as a competition.
We must rebalance this competitive approach with collaborative risk reduction approach.
APCERT works together to not only respond the symptom of the diseases, but we are trying to identifies the causes and root causes, and remediate them.
We focus the identification of underlying cyber risk factors in the global cyber ecosystem that poses a risk to stakeholders across the globe. And we work together to remediate them.
We suggest root cause analysis of global cybersecurity situations can lead
to a tremendous impact when the root cause is addressed, greater than simply treating the
symptoms.
APCERT works together to not only respond the symptom of the diseases, but we are trying to identifies the causes and root causes, and remediate them.
We focus the identification of underlying cyber risk factors in the global cyber ecosystem that poses a risk to stakeholders across the globe.
And we work together to remediate them.
Look for Opportunities
collaborate on safety, cleanliness and health –> clean up malware and cooperate in removing botnets
focus on measurement –> education, tools, information sharing
Industry critical for real time incident response and information sharing
Government plays important role for clean up– enabler for the action by industry and technical community
Provide trusted POC for hotlines as a part of confidence building measures
APCERT has turned this challenge to an opportunity. APCERT members work on addressing cyber security concerns through many programs including: an annual cybersecurity exercise, cleanup programs, awareness campaign, partnership, developing and training support, and shared network monitoring system and data sharing. We provide trust POC hotline between the members.