International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [APNIC 38]

International Collaboration for Regional Cybersecurity Risk, by Yurie Ito. A presentation given at APNIC 38.

Internet

APCERT : APNIC Meeting 2014’
International Collaboration
for Regional Cybersecurity Risk Reduction
- APCERT Collaboration with Stakeholders
Yurie Ito
Chair, APCERT SC
Director, Global Coordination, JPCERT/CC

General Introduction
 Asia Pacific Computer Emergency Response Team
 http://www.apcert.org
 Forum of CSIRTs in the Asia Pacific region
 Established in February 2003
 Annual Events
1. APCERT AGM & Conference
2. APCERT Drill (Simulation exercise of cyber
attacks)
 APCERT Annual Report
http://www.apcert.org/documents/index.html

Computer Security Incident Response Team
CERT Services : by CERT/CC SEI CMU

Key Cybersecurity Risks
Threats exposed 2011-12
Data extortion by Persistence
Threats
Crowd sourced attack
IT system down / Data loss by
Natural Disaster
IT System Environment / Technology Evolves
New devices; Mobile
Tablets, Smart Phones
Social Media Cloud Computing
Control System
connects to Networks
IT System EnvironmeRnistk /s T echnology Evolves
Intellectual
Property
Economic Competition Infrastructure Service
National
Security
All those old bad problems still exist
Bots
Malware,
Exploits
DDoS, etc Cyber Conflicts Insider threats

Applying Root-Cause Analysis to Internet Health

APCERT Security Operations /
Regional CERTs Collaboration
• Opportunities
– Collaborate on cyberspace safety, cleanliness and
health – clean up malware and cooperate in
removing botnets
– Focus on measurement and enabling remediation
through education, tools, information sharing
– Point of Contact (POC) arrangement
– Cross boarder incident handling and coordination
APCERT efforts should go farther in this area

APCERT 11 years of Achievement
• 2013 – APCERT 10th anniversary
• Collaboration agreement with external experts and global security
operations
– OIC-CERT, EGC, TF-CSIRT, FIRST and many more industry partners
• Participated in global dialogues on fostering clean-up norms
– Including guest status at APEC-TEL SPSG
– AP*, APNIC, ASEAN Regional Forum
• Partnership with OECD on Cybersecurity Risk measurement
program
• CSIRT Training for Africa and pacific islands
• APCERT Drills & ASEAN CERT Incident Drills
• TSUBAME -> Network Monitoring Data and tool sharing program

what can we do more with
APNIC, APTLD and Network Operators?
• Cybersecurity capacity building and training
• Point of Contact exchange?
– APCERT-AP-TLC, APCERT-AP-NIC
– NICs – CERTs – ccTLDs
– POC for NOGs
• More Info sharing?
• Send us Incident Reports
• Collaborate on regional risk reduction Cyber
Green approach

Towards the Safe, Clean and Reliable
Internet Ecosystem
Yurie Ito
yito@jpcert.or.jp
Mobile: +1 310.463.2776

Session on: Supporting call-takers/dispatchers decision making and situational awareness Chair: Chair: Stephen Hines, Clinical Practice Learning Manager, London Ambulance Service, United Kingdom An experienced, well-trained call-taker/dispatcher can gather a lot of high quality, vitally important information that can help first responders form an early understanding of what they will be facing upon arrival at the emergency scene. Supporting tools could however help them to do it faster and better!

Making Sense of Internet of Things: using AirBox as an Example

Ling-Jyh Chen

AirBox project report @ CENTRA 3

Ling-Jyh Chen

The document describes AirBox, a participatory ecosystem for PM2.5 monitoring that involves over 5,000 citizen-operated air quality monitoring devices across 37 countries. AirBox allows citizens to participate in air quality monitoring through open hardware and software platforms, and makes real-time air quality data publicly available through mobile apps, websites, and other tools for visualization, analysis, and forecasting. The ecosystem continues to expand through additional hardware, improved data standards and analysis, and integration with cloud platforms.

Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...

NetworkCollaborators

This document discusses cybersecurity challenges in Southeast Asia and outlines Cisco's approach to addressing these challenges. It notes that ASEAN countries face rising cyber threats but have low policy preparedness. The cybersecurity landscape is complex and fragmented. Cisco's strategy involves integrating security across networks, endpoints, cloud, and other domains. It aims to provide visibility, detection, prevention and response capabilities through technologies, training programs, and collaborations.

The document discusses Singapore's cybersecurity strategy and legal framework. It has 4 pillars: (1) enhancing Singapore as a trusted hub, (2) promoting collective responsibility, (3) using cybersecurity as an advantage, and (4) national cyber R&D. The Cybersecurity Act designates critical infrastructure and gives the Cyber Security Agency powers to investigate incidents. The strategy aims to strengthen cyber defenses, educate the public, and develop Singapore as a cybersecurity hub in Asia.

EENA 2016 - Disaster and weather-related emergencies (2/3)

Singapore Cybersecurity Strategy and Legislation (2018)

Cybersecurity for Critical National Information Infrastructure

Dr David Probert

This document discusses cybersecurity for critical national infrastructure. It covers evolving cyber threats facing different critical sectors like government, banking/finance, energy and transportation. It also discusses some national and international plans for critical infrastructure protection from countries like the US, Canada, UK, Germany, and international bodies like the UN and OECD. The presentation explores integrating cybersecurity with physical security to protect critical infrastructure.

Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...

Slides from the Internet Society Singapore Chapter's seminar and public consultation on the draft Bill of Singapore’s new Cybersecurity Act, which will be in place by end 2017, and will lay the groundwork for world class cybersecurity practices to overcome emerging threats in cyberspace. The Act seeks to minimize disruption to essential services and to professionalize the cybersecurity industry.

Industrial Cybersecurity and Critical Infrastructure Protection in Europe

Positive Hack Days

This document provides an overview of critical infrastructure protection in Europe presented by Ignacio Paredes of the Industrial Cybersecurity Center. It discusses the convergence of physical and cyber worlds and how industrial control systems have become interconnected over TCP/IP and use general purpose operating systems. This has introduced cybersecurity challenges to operational technology environments. The document reviews cyber attacks on critical infrastructure like Stuxnet and Shamoon and regulations around critical infrastructure protection in the US and EU. It argues that identifying and prioritizing critical infrastructure is important but questions who will pay for protection and whether regulations have led to minimum compliance over real protection.

Internet Society Singapore Chapter AGM 2019 and update for 2020

Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...

Digital Security

accenture

The document discusses the digital security challenges faced by media and entertainment companies as the industry shifts from closed proprietary systems to open digital platforms. It notes that the open nature of digital networks introduces new threats and attack surfaces. Additionally, the increased value of digital assets like user data and analytics makes companies richer targets. Finally, it lists specific challenges such as protecting content across the supply chain, managing device and data security, and meeting privacy requirements while using personal data.

APrIGF 2015: Security and the Internet of Things

Cybersecurity by the numbers

[Cisco Connect 2018 - Vietnam] Pauline hampshire changing the security equa...

This document discusses cybersecurity challenges in ASEAN countries and proposes actions to address them. It finds that ASEAN is a prime target for cyber attacks due to rising vulnerabilities from increasing digital connectivity and trade. However, cyber defenses across ASEAN remain weak due to issues like limited cooperation, underinvestment and a fragmented security industry. The document calls for urgent actions including developing policy frameworks, building cybersecurity capabilities, and strengthening regional cooperation to fortify ASEAN's cyber ecosystem against growing threats.

[Cisco Connect 2018 - Vietnam] Pauline hampshire vietnam cisco connect with...

The document discusses cybersecurity challenges facing the ASEAN region and proposes actions to address them. It finds that ASEAN countries are increasingly being targeted by cyber attacks. The cybersecurity industry in the region is fragmented with many small players and few holistic solutions providers. There is a lack of coordination between countries on issues like intelligence sharing. The document calls for sustained investment in cybersecurity, establishing a regional coordination platform, and developing the next generation of cybersecurity capabilities to strengthen the ecosystem.

Strenthening Critical Internet Infrastructure

Francis Amaning

This document outlines Ghana's critical national internet infrastructure and proposes strengthening it. It discusses automating Ghana's .gh domain name registry and establishing a governing body. It also proposes deploying root servers through joint efforts of the registry and internet exchange point. The document outlines Ghana's national cybersecurity organization CERT-GH and an IPv4 to IPv6 transition task force. It describes Ghana's internet exchange point and need for a national internet backbone plan. The document proposes locating key infrastructure elements at Ghana's new national data center to foster synergies between national internet resources.

Greenbone vulnerability assessment - Networkshop44

Jisc

This document discusses vulnerability management and the Greenbone vulnerability assessment tool. It outlines a process for vulnerability management that includes preparing by defining secure configurations, identifying assets and scanning them, classifying vulnerabilities using standards like CVSS and CVE, prioritizing based on scores and asset criticality, assigning remediation tasks, mitigating and remediating issues, storing data to support forensics and repeating the process, and improving over time based on metrics. The presentation was given by Dirk Schrader of Greenbone Networks, which develops open source vulnerability management solutions.

Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...

techUK

EENA 2021: Emergency communications handling around the World (1/3)

Itu D Presentation Jan2009

pinardclark

ITU-D is the development sector of the International Telecommunication Union (ITU), a specialized agency of the United Nations. ITU-D works with both member states and private sector partners to expand access to ICTs and build digital skills in developing countries through activities like infrastructure projects, policy advice, and training programs. Some key initiatives include Connect regional digital development summits, public-private partnerships to deploy wireless broadband in underserved areas, and efforts focused on issues like cybersecurity, emergency communications, and ensuring inclusive access for all groups.

Lessons learned from the SingHealth Data Breach COI Report

T063500000200201 ppte

yasinalimohammed

This document discusses cyber security challenges for the smart grid and outlines NIST's efforts to address them. It provides background on the electric grid and goals of the smart grid. The smart grid will be more complex and interconnected, introducing new security risks. NIST published guidelines for smart grid cyber security to help integrate security during modernization. The guidelines provide a risk assessment framework and recommended security requirements but do not mandate specific solutions.

APCERT Updates

1) APCERT is a forum of Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) in the Asia Pacific region established in 2003. It currently has 30 operational members from 21 economies. 2) APCERT aims to promote cooperation on cybersecurity, facilitate information sharing, and assist members in responding to cyber incidents through working groups, an annual conference, and incident response drills. 3) Key recent activities include updating governance policies, conducting a capacity building survey, hosting bi-monthly online trainings, and an annual incident response drill with over 30 participating teams.

Protecting Critical Infrastructure: a multi-layered approach

ITU

The document discusses protecting critical infrastructure through a multi-layered cybersecurity approach. It notes the increasing dependence on ICTs and rising cyber threats. A coordinated response is needed across international, regional, and national levels. Key aspects include legal measures, technical/procedural measures, organizational structures, capacity building, and international cooperation. The ITU promotes cybersecurity strategies, drives implementation efforts, and fosters a global culture of cybersecurity through activities like its National CIRT Programme and Global Cybersecurity Index.

What's hot

Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)

EENA 2016 - Disaster and weather-related emergencies (2/3)

Singapore Cybersecurity Strategy and Legislation (2018)

Cybersecurity for Critical National Information Infrastructure

Dr David Probert

Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...

Industrial Cybersecurity and Critical Infrastructure Protection in Europe

Positive Hack Days

Internet Society Singapore Chapter AGM 2019 and update for 2020

Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...

Digital Security

accenture

APrIGF 2015: Security and the Internet of Things

Cybersecurity by the numbers

[Cisco Connect 2018 - Vietnam] Pauline hampshire changing the security equa...

[Cisco Connect 2018 - Vietnam] Pauline hampshire vietnam cisco connect with...

Strenthening Critical Internet Infrastructure

Francis Amaning

Greenbone vulnerability assessment - Networkshop44

Jisc

Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...

techUK

EENA 2021: Emergency communications handling around the World (1/3)

Itu D Presentation Jan2009

pinardclark

Lessons learned from the SingHealth Data Breach COI Report

T063500000200201 ppte

yasinalimohammed

What's hot (20)

Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)

EENA 2016 - Disaster and weather-related emergencies (2/3)

Singapore Cybersecurity Strategy and Legislation (2018)

Cybersecurity for Critical National Information Infrastructure

Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...

Industrial Cybersecurity and Critical Infrastructure Protection in Europe

Internet Society Singapore Chapter AGM 2019 and update for 2020

Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...

Digital Security

APrIGF 2015: Security and the Internet of Things

Cybersecurity by the numbers

[Cisco Connect 2018 - Vietnam] Pauline hampshire changing the security equa...

[Cisco Connect 2018 - Vietnam] Pauline hampshire vietnam cisco connect with...

Strenthening Critical Internet Infrastructure

Greenbone vulnerability assessment - Networkshop44

Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...

EENA 2021: Emergency communications handling around the World (1/3)

Itu D Presentation Jan2009

Lessons learned from the SingHealth Data Breach COI Report

T063500000200201 ppte

Similar to International Collaboration for Regional Cybersecurity Risk, by Yurie Ito [APNIC 38]

APCERT Updates

Protecting Critical Infrastructure: a multi-layered approach

ITU

SC7 Workshop 3: Enhancing cyber defence of cyber space systems

BigData_Europe

ITU Cybersecurity Capabilities

ITU

The document discusses building cybersecurity capacity through international cooperation. It notes increasing dependence on ICTs and rising cyber threats. Developing countries are most at risk as they adopt broader ICT use. Building national cybersecurity strategies and response capabilities is important, as is cooperation across international, regional, and national levels. The ITU works to build capacity through national cybersecurity strategies, establishing computer security incident response teams, conducting assessments and trainings, and facilitating information sharing and regional cooperation. The ITU also measures cyber readiness through the Global Cybersecurity Index and creates country profiles to track progress. Strengthening cybersecurity globally requires coordinated multi-stakeholder efforts.

National Strategies against Cyber Attacks - Philip Victor

Knowledge Group

The document discusses national strategies against cyber attacks from a global perspective based on the work of ITU-IMPACT. It provides an overview of ITU-IMPACT, current cybersecurity challenges faced by governments, and global efforts to address these challenges through developing national computer incident response teams, public-private partnerships, and international cooperation on cyber laws, standards, and capacity building. The document also presents ITU-IMPACT's role in assisting countries with developing national cybersecurity strategies and implementing programs like computer security incident response teams and cybersecurity drills.

Cyber Security Strategies and Approaches

vngundi

This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.

ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)

Abbie Barbir

The document summarizes the work of the International Telecommunication Union (ITU) Study Group 17 on cybersecurity and telecommunication security standards. Some key activities discussed include the ITU Global Cybersecurity Agenda framework, identity management efforts, securing next generation networks, and challenges around strategic direction, legal issues, and cooperation across standards bodies.

European Green IT Webinar 2014 - Erasmus Mundus Master PERCCOM

GreenLabCenter

The document describes the PERCCOM program, the first Erasmus Mundus Master's program in green information and communication technologies (ICT). The program includes four semesters across multiple European universities focused on eco-design, green networking, computing and services, and smart systems. It offers scholarships and results in three national master's degrees. The program aims to provide an international experience for students of various nationalities and connections to companies and organizations in the ICT field.

ENISA - EU strategies for cyber incident response

Kevin Duffey

Indian perspective of cyber security

Aurobindo Nayak

D0.1 V2.0 Project Presentation

latifladid

This 3 sentence summary provides the key details about the IRMA project: The IRMA project aims to build an integrated risk management platform in Africa to help address disaster risk reduction across all phases from risk assessment to recovery. The platform will integrate various information sources and provide tools and services to stakeholders in natural disaster management. It seeks to demonstrate the capacity of standardized and interoperable ICT solutions to effectively mitigate disaster risk through operational scenarios assessing applications for bushfire, flood, desertification and urban risks management.

Enhancing security incident response capabilities in the AP

Commonwealth Telecommunications Organisation

Cloud computing_LKYSPP GSP 2019

Jenny Jenish kyzy

Cybersecurity isaca

Antoine Vigneron

This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.

Security5Security5 is an entry level certifi cation fo.docx

bagotjesusa

The document discusses several cybersecurity certifications offered through EC-Council Press including Security|5, Wireless|5, Network|5, C|EH (Certified Ethical Hacker), E|NSA (EC-Council Network Security Administrator), E|CSA (EC-Council Certified Security Analyst), C|HFI (Computer Hacking Forensic Investigator), and E|DRP (EC-Council Disaster Recovery Professional). It provides an overview of each certification and what they cover to prepare security professionals. The EC-Council aims to address the need for well-educated information security practitioners through their certifications and publications.

Session 5.3 Alexander Ntoko

The document summarizes ITU's work on cybersecurity since 2003, including: 1) Establishing the Global Cybersecurity Agenda in 2007 to facilitate international cooperation on cybersecurity across five pillars. 2) Forming the High-Level Expert Group in 2007 to develop strategies to curb cyberthreats and promote cybersecurity globally. 3) Conducting various capacity building activities through the ITU-IMPACT initiative to assess countries' cyber readiness and train over 2,700 professionals worldwide. 4) Collaborating with partners like UNODC, Symantec, and Trend Micro to strengthen cybersecurity capabilities globally.

Cybersecurity Hub & Operations - Dr. Kiru Pillay

dotZADNA

Engage with The Internet Society