SlideShare a Scribd company logo

CERT collaboration with ISP to enhance cybersecurity

Jinhyun Cho
Jinhyun Cho

1. The document outlines Korea's efforts to enhance cybersecurity collaboration with ISPs over four phases from 2003 to the present. 2. In the initial phase, laws were amended and mechanisms for threat information sharing and emergency response were established between KrCERT/CC and ISPs. 3. Subsequent phases focused on stabilizing collaboration, implementing botnet response actions, and investing in DDoS defense. 4. Recent efforts have included a DDoS shelter service, joint voluntary projects, and high-level attention to cybersecurity issues.

TechnologyBusiness
1 of 12
Download to read offline
CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency
I. Alarming call for cooperation with ISPs Slammer Worm • Spread most of vulnerable SQL servers within 30 min. globally • All Internet infrastructure in Korea disabled CERT Relations with ISPs : No coordination mechanism framework
II. Cybersecurity Collaboration with ISPs : Phase I Initial setup stage (2003~2005) • Formalization of cybersecurity private and public cooperation relations • Needs for ISP coordination mechanism and procedure recognized • Korea Internet Security Center(KrCERT/CC) opened in December, 2003 • Legal, policy and technical response to cyber attacks and threats Amendment to relevant law law Amendment to relevant Threat Information Sharing Collective Emergency Response Security exercise and daily checkup Security Exercise and Daily Checkup
II. Cybersecurity Collaboration with ISPs : Phase I Amendment to Relevant Law • Legal basis for the collective cybersecurity response actions • Minimal standard for cybersecurity in telecommunication area • Emergency response order • Mandated incident reporting and threat information sharing Threat Information Sharing • Traffic and attack statistics from major ISPs • Concerns, difficulties and issues discussed and resolved • Information sharing agreement among ISPs before legislation • Relevant costs covered by government
II. Cybersecurity Collaboration with ISPs : Phase I Collective Emergency Response • Emergency response action order to ISPs • Order applied to domestic ISPs within a day • The access blocked to foreign malicious website site or Ips • Legal authority and responsibility Security exercise and daily checkup Security Exercise and Daily Checkup • Major incident scenario based exercise with ISPs • Systemic approach to response coordination procedure & process • Train the relevant first-line cybersecurity staffs • Daily security checkup with Radio system(alternative comm. channel)
III. Cybersecurity Collaboration with ISPs : Phase II Stabilization Phase(2006~2009) • Enhancing the collaboration relationship and make results with ISPs • Major cyberthreat from botnet and response • Emerging DDoS issue(availability) Coordinated Botnet Response Action Bi-annual workshop DDoS Defense Investment
III. Cybersecurity Collaboration with ISPs : Phase II Coordinated Botnet Response Action • Implementation of national-wide botnet sinkhole system • Access restriction to botnet c&c servers by changing IP address • CSF: The close collaboration and voluntary participation from ISPs • Trustworthy information source for cyber threats : KrCERT/CC Bi-annual workshop • Face-to-face trust building opportunity in a relaxed environment • Closed technical presentation on security issue • Proposal for collective security actions made in the workshop
III. Cybersecurity Collaboration with ISPs : Phase II DDoS Defense Investment • To promote the investment from ISPs on DDoS attacks from 2008 • DDoS service commercialization and commodity service • DDoS defense device provided to selective ISPs by government budget • Calls for responsible ISP response to major cyber threats Internet Exchange(IX)
IV. Cybersecurity Collaboration with ISPs : Phase III Aftermath Phase(2010~ Current) • DDoS Attack in July 2009 and March 2011 • Renewal of national attention to cybersecurity with major incidents • Collaboration and coordination among public and private sector • Smart response for cybersecurity needed Cyber Remediation Service Hacker Victim DDoS Shelter Service Control & Command Server Zombies
IV. Cybersecurity Collaboration with ISPs : Phase III Investment on cyber security • Organizational restructure for strengthening incident prevention • DDoS shelter service for SME(limited time-frame) Joint Voluntary Project • Joint initiative for cybersecurity outreach service • Voluntary threat information sharing and project to tackle cyber threats High-level Attention & Support • Regular meeting for cybersecurity issues • Awareness Raising for senior-level people for cybersecurity
V. Summary 1. Trust based Collaboration for Mutual Benefit 2. On-going Efforts for Emgerging Cyber Threats 3. Collaboration and Cooperation in Action
THANK YOU! Your Logo

Recommended

Victorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case StudyVictorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case Study
Rebecca O'Dwyer
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approach
ITU
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
IT Governance Ltd
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Benjamin Ang
 
Securing the Information Society
Securing the Information SocietySecuring the Information Society
Securing the Information Society
blogzilla
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
Benjamin Ang
 
Presentation Undergraduate Project
Presentation Undergraduate ProjectPresentation Undergraduate Project
Presentation Undergraduate Project
Cevdet Basaran
 

Recommended

Victorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case StudyVictorian Bushfires Royal Commission Case Study
Victorian Bushfires Royal Commission Case Study
Rebecca O'Dwyer
 
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSAImproving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
Improving Cybersecurity and Resilience Through Acquisition Emile Monette GSA
GovCloud Network
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approach
ITU
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
IT Governance Ltd
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Benjamin Ang
 
Securing the Information Society
Securing the Information SocietySecuring the Information Society
Securing the Information Society
blogzilla
 
Singapore's National Cyber Security Strategy
Singapore's National Cyber Security StrategySingapore's National Cyber Security Strategy
Singapore's National Cyber Security Strategy
Benjamin Ang
 
Presentation Undergraduate Project
Presentation Undergraduate ProjectPresentation Undergraduate Project
Presentation Undergraduate Project
Cevdet Basaran
 
Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...
Commonwealth Telecommunications Organisation
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
Benjamin Ang
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
guest50a642f
 
Cyber Security Planning 101
Cyber Security Planning 101Cyber Security Planning 101
Cyber Security Planning 101
Welch LLP
 
Un security-resolution 57 239
Un security-resolution 57 239 Un security-resolution 57 239
Un security-resolution 57 239
Genti79
 
Cybersecurity Program Life Cycle v01 r03
Cybersecurity Program Life Cycle v01 r03Cybersecurity Program Life Cycle v01 r03
Cybersecurity Program Life Cycle v01 r03
www.securekm.com; Secure Knowledge Management Inc.
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Netpluz Asia Pte Ltd
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
NETSCOUT
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
College Development Network
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
Commonwealth Telecommunications Organisation
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
Indian Air Force
 
Asal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAsal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber Cafe
Amy Lenzo
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
Shiva Bissessar
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Age
global
 
Tech 2 Tech Wales - Janet Network update
Tech 2 Tech Wales - Janet Network updateTech 2 Tech Wales - Janet Network update
Tech 2 Tech Wales - Janet Network update
Jisc
 
Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental steps
Leonardo
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
itnewsafrica
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
AvinantaTarigan
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
Rating Framework for Digital Connectivity.pptx
Rating Framework for Digital Connectivity.pptxRating Framework for Digital Connectivity.pptx
Rating Framework for Digital Connectivity.pptx
Atishay Chaudhary
 

More Related Content

What's hot

Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...
Commonwealth Telecommunications Organisation
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
Benjamin Ang
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
guest50a642f
 
Cyber Security Planning 101
Cyber Security Planning 101Cyber Security Planning 101
Cyber Security Planning 101
Welch LLP
 
Un security-resolution 57 239
Un security-resolution 57 239 Un security-resolution 57 239
Un security-resolution 57 239
Genti79
 
Cybersecurity Program Life Cycle v01 r03
Cybersecurity Program Life Cycle v01 r03Cybersecurity Program Life Cycle v01 r03
Cybersecurity Program Life Cycle v01 r03
www.securekm.com; Secure Knowledge Management Inc.
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Netpluz Asia Pte Ltd
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
NETSCOUT
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
College Development Network
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
Commonwealth Telecommunications Organisation
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
Indian Air Force
 
Asal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAsal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber Cafe
Amy Lenzo
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
Shiva Bissessar
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Age
global
 
Tech 2 Tech Wales - Janet Network update
Tech 2 Tech Wales - Janet Network updateTech 2 Tech Wales - Janet Network update
Tech 2 Tech Wales - Janet Network update
Jisc
 

What's hot (17)

Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...
 
Overview of national cybercrime strategies
Overview of national cybercrime strategiesOverview of national cybercrime strategies
Overview of national cybercrime strategies
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
 
Cyber Security Planning 101
Cyber Security Planning 101Cyber Security Planning 101
Cyber Security Planning 101
 
Un security-resolution 57 239
Un security-resolution 57 239 Un security-resolution 57 239
Un security-resolution 57 239
 
Cybersecurity Program Life Cycle v01 r03
Cybersecurity Program Life Cycle v01 r03Cybersecurity Program Life Cycle v01 r03
Cybersecurity Program Life Cycle v01 r03
 
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...
 
DDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in DefenseDDoS Attacks in 2020 & Best Practices in Defense
DDoS Attacks in 2020 & Best Practices in Defense
 
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your ServiceVirtual Bridge Sessions: The National Cyber Security Centre at Your Service
Virtual Bridge Sessions: The National Cyber Security Centre at Your Service
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
Asal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber CafeAsal and Rethemeyer - Cyber Cafe
Asal and Rethemeyer - Cyber Cafe
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
Disaster Risk Management in the Information Age
Disaster Risk Management in the Information AgeDisaster Risk Management in the Information Age
Disaster Risk Management in the Information Age
 
Tech 2 Tech Wales - Janet Network update
Tech 2 Tech Wales - Janet Network updateTech 2 Tech Wales - Janet Network update
Tech 2 Tech Wales - Janet Network update
 

Similar to CERT collaboration with ISP to enhance cybersecurity

Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental steps
Leonardo
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
itnewsafrica
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
AvinantaTarigan
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
Rating Framework for Digital Connectivity.pptx
Rating Framework for Digital Connectivity.pptxRating Framework for Digital Connectivity.pptx
Rating Framework for Digital Connectivity.pptx
Atishay Chaudhary
 
weyai cybersecurity.pptx
weyai cybersecurity.pptxweyai cybersecurity.pptx
weyai cybersecurity.pptx
Weyai1
 
Cyber resilient infrastructure infographic
Cyber resilient infrastructure infographicCyber resilient infrastructure infographic
Cyber resilient infrastructure infographic
Atkins
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
Ankit Ranjan
 
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT UpdateBangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Fakrul Alam
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
Jisc
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
inventionjournals
 
Reasons to choose cloud security
Reasons to choose cloud securityReasons to choose cloud security
Reasons to choose cloud security
CloudOYE - Cloud Hosting Provider
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
Jisc
 
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
KTN
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
ftii
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
Rizkiawan Achadi
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
ftii
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloud
Alexander Decker
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloud
Alexander Decker
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 

Similar to CERT collaboration with ISP to enhance cybersecurity (20)

Cyber Defense: three fundamental steps
Cyber Defense: three fundamental stepsCyber Defense: three fundamental steps
Cyber Defense: three fundamental steps
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User PerspectiveCybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
Rating Framework for Digital Connectivity.pptx
Rating Framework for Digital Connectivity.pptxRating Framework for Digital Connectivity.pptx
Rating Framework for Digital Connectivity.pptx
 
weyai cybersecurity.pptx
weyai cybersecurity.pptxweyai cybersecurity.pptx
weyai cybersecurity.pptx
 
Cyber resilient infrastructure infographic
Cyber resilient infrastructure infographicCyber resilient infrastructure infographic
Cyber resilient infrastructure infographic
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT UpdateBangladesh Cyber Incident Trends 2013 & bdCERT Update
Bangladesh Cyber Incident Trends 2013 & bdCERT Update
 
Cyber security landscape
Cyber security landscapeCyber security landscape
Cyber security landscape
 
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A SurveyTrust based Mechanism for Secure Cloud Computing Environment: A Survey
Trust based Mechanism for Secure Cloud Computing Environment: A Survey
 
Reasons to choose cloud security
Reasons to choose cloud securityReasons to choose cloud security
Reasons to choose cloud security
 
Tech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharingTech 2 Tech: increasing security posture and threat intelligence sharing
Tech 2 Tech: increasing security posture and threat intelligence sharing
 
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
Presentasi ftii intlcyberlaw
Presentasi ftii intlcyberlawPresentasi ftii intlcyberlaw
Presentasi ftii intlcyberlaw
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloud
 
A survey on challenges to the media cloud
A survey on challenges to the media cloudA survey on challenges to the media cloud
A survey on challenges to the media cloud
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 

Recently uploaded

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
Antonios Katsarakis
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
BibashShahi
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
operationspcvita
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
MichaelKnudsen27
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Neo4j
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
Miro Wengner
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Alpen-Adria-Universität
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
Edge AI and Vision Alliance
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Neo4j
 

Recently uploaded (20)

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Dandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity serverDandelion Hashtable: beyond billion requests per second on a commodity server
Dandelion Hashtable: beyond billion requests per second on a commodity server
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Principle of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptxPrinciple of conventional tomography-Bibash Shahi ppt..pptx
Principle of conventional tomography-Bibash Shahi ppt..pptx
 
Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving | Nameplate Manufacturing Process - 2024
Northern Engraving | Nameplate Manufacturing Process - 2024
 
The Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptxThe Microsoft 365 Migration Tutorial For Beginner.pptx
The Microsoft 365 Migration Tutorial For Beginner.pptx
 
Nordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptxNordic Marketo Engage User Group_June 13_ 2024.pptx
Nordic Marketo Engage User Group_June 13_ 2024.pptx
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and BioinformaticiansBiomedical Knowledge Graphs for Data Scientists and Bioinformaticians
Biomedical Knowledge Graphs for Data Scientists and Bioinformaticians
 
JavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green MasterplanJavaLand 2024: Application Development Green Masterplan
JavaLand 2024: Application Development Green Masterplan
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing InstancesEnergy Efficient Video Encoding for Cloud and Edge Computing Instances
Energy Efficient Video Encoding for Cloud and Edge Computing Instances
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
“How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-eff...
 
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid ResearchHarnessing the Power of NLP and Knowledge Graphs for Opioid Research
Harnessing the Power of NLP and Knowledge Graphs for Opioid Research
 

CERT collaboration with ISP to enhance cybersecurity

  • 1. CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency
  • 2. I. Alarming call for cooperation with ISPs Slammer Worm • Spread most of vulnerable SQL servers within 30 min. globally • All Internet infrastructure in Korea disabled CERT Relations with ISPs : No coordination mechanism framework
  • 3. II. Cybersecurity Collaboration with ISPs : Phase I Initial setup stage (2003~2005) • Formalization of cybersecurity private and public cooperation relations • Needs for ISP coordination mechanism and procedure recognized • Korea Internet Security Center(KrCERT/CC) opened in December, 2003 • Legal, policy and technical response to cyber attacks and threats Amendment to relevant law law Amendment to relevant Threat Information Sharing Collective Emergency Response Security exercise and daily checkup Security Exercise and Daily Checkup
  • 4. II. Cybersecurity Collaboration with ISPs : Phase I Amendment to Relevant Law • Legal basis for the collective cybersecurity response actions • Minimal standard for cybersecurity in telecommunication area • Emergency response order • Mandated incident reporting and threat information sharing Threat Information Sharing • Traffic and attack statistics from major ISPs • Concerns, difficulties and issues discussed and resolved • Information sharing agreement among ISPs before legislation • Relevant costs covered by government
  • 5. II. Cybersecurity Collaboration with ISPs : Phase I Collective Emergency Response • Emergency response action order to ISPs • Order applied to domestic ISPs within a day • The access blocked to foreign malicious website site or Ips • Legal authority and responsibility Security exercise and daily checkup Security Exercise and Daily Checkup • Major incident scenario based exercise with ISPs • Systemic approach to response coordination procedure & process • Train the relevant first-line cybersecurity staffs • Daily security checkup with Radio system(alternative comm. channel)
  • 6. III. Cybersecurity Collaboration with ISPs : Phase II Stabilization Phase(2006~2009) • Enhancing the collaboration relationship and make results with ISPs • Major cyberthreat from botnet and response • Emerging DDoS issue(availability) Coordinated Botnet Response Action Bi-annual workshop DDoS Defense Investment
  • 7. III. Cybersecurity Collaboration with ISPs : Phase II Coordinated Botnet Response Action • Implementation of national-wide botnet sinkhole system • Access restriction to botnet c&c servers by changing IP address • CSF: The close collaboration and voluntary participation from ISPs • Trustworthy information source for cyber threats : KrCERT/CC Bi-annual workshop • Face-to-face trust building opportunity in a relaxed environment • Closed technical presentation on security issue • Proposal for collective security actions made in the workshop
  • 8. III. Cybersecurity Collaboration with ISPs : Phase II DDoS Defense Investment • To promote the investment from ISPs on DDoS attacks from 2008 • DDoS service commercialization and commodity service • DDoS defense device provided to selective ISPs by government budget • Calls for responsible ISP response to major cyber threats Internet Exchange(IX)
  • 9. IV. Cybersecurity Collaboration with ISPs : Phase III Aftermath Phase(2010~ Current) • DDoS Attack in July 2009 and March 2011 • Renewal of national attention to cybersecurity with major incidents • Collaboration and coordination among public and private sector • Smart response for cybersecurity needed Cyber Remediation Service Hacker Victim DDoS Shelter Service Control & Command Server Zombies
  • 10. IV. Cybersecurity Collaboration with ISPs : Phase III Investment on cyber security • Organizational restructure for strengthening incident prevention • DDoS shelter service for SME(limited time-frame) Joint Voluntary Project • Joint initiative for cybersecurity outreach service • Voluntary threat information sharing and project to tackle cyber threats High-level Attention & Support • Regular meeting for cybersecurity issues • Awareness Raising for senior-level people for cybersecurity
  • 11. V. Summary 1. Trust based Collaboration for Mutual Benefit 2. On-going Efforts for Emgerging Cyber Threats 3. Collaboration and Cooperation in Action
  • 12. THANK YOU! Your Logo