Download as PDF, PPTX
Uploaded byAPNIC
International CERTs/CSIRTs Collaboration
The document discusses the collaboration and roles of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) in enhancing cybersecurity, particularly in the Asia-Pacific region. It emphasizes the need for community engagement, shared resources, and training to address evolving cyber threats. Key initiatives, workshops, and exercises are highlighted to strengthen regional capabilities and foster a cooperative approach to cybersecurity.
More Related Content
Similar to International CERTs/CSIRTs Collaboration
![CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]](https://cdn.slidesharecdn.com/ss_thumbnails/certaustralia-engagement-apnic382014networkabusebof1410842858-140916001728-phpapp01-thumbnail.jpg?width=640&height=640&fit=bounds)
![How Big Brands are Taking Your Traffic in Alberta [Data Inside].pptx](https://cdn.slidesharecdn.com/ss_thumbnails/howbigbrandsaretakingyourtrafficinalbertadatainside-260123180142-42d276f3-thumbnail.jpg?width=640&height=640&fit=bounds)
International CERTs/CSIRTs Collaboration
- 1.
- 2. Let’s Connect! • LinkedIn:Adli Wahid • Senior Internet Security Specialist @ APNIC (2014 - now) oCERT/CSIRT Engagements oAPNIC Community Honeynet Project oFIRST.org board member (2014 – 2018)
- 3. APNIC – www.apnic.net •Regional Internet Registry • IP addresses & ASNs for the Asia Pacific Region • Based in Brisbane, Australia • Capacity Building / Training ( • network infrastructure related including security • https://academy.apnic.net • Free! • Self-paced courses • Virtual Lab • Webinars
- 4. Acronyms • CERT =Computer Emergency Response Team • CSIRT = Computer Security Incident Response Team • CIRT = Computer Incident Response Team • + some other variations
- 5. CERTs/CSIRTs - DifferentResponsibilities / Constituencies National Enterprise / Organisation Sector – based Product (PSIRTs) “CERT/CSIRT of the Last Resort”
- 6. Other Interesting Factsabout CERTs/CSIRTS • Differences oSize oCapabilities oExperience (new vs established) oFunding ($$) oMandate • Similarities oDeal with Threats & Threats Actors oNature of work oMany things to do, Too Little Time oPowered by People
- 7. Community Collaboration isNot An Option 1. Need to train/upskill CERT/CSIRT staff o Technical & Non-Tech work 2. Nature of Threats – some will experience or see it first o Sharing threat related information for quick mitigation / early warning 3. Addressing the The Threat o Getting information / Request for assistance o Joint operation to disrupt activities of adversaries 4. Tools for supporting CERT work o Scripts, Software etc 5. Share resources for a common goal o Projects, Initiatives etc
- 8.
- 9. APCERT 2007 Drill •Drills are not CTFs (i.e CyberBattle) ☺ • Participation of National CERTs in the Asia Pacific Region • 12 teams from 13 economies • In preparation for Beijing Olympics in 2008 • Scenarios & Drill Execution by AusCERT & MyCERT • Focus on communication & information sharing • APCERT runs the drill Annually until today
- 10. KrCERT/CC Annual CERT Workshop •Annual CERT Workshop supported by KrCERT/CC (KISA) since early 2000* • Focus on bringing new CERTs staff from the region and beyond • Opportunity to interact, meet and get to know others in the community • Uses content developed by TF-CSIRT community (TRANSITs) • Instructors are those who does CERT/CSIRT work https://tf-csirt.org/transits/ APISC 2015 (Seoul, KR)
- 11. CERT/CSIRT in thePacific Project • Interest in setting up a National CERT (starting with CERT Tonga) in 2016 • Kick Start – Series of Workshops • Focus o Establishing & Operationalizing a CERT in the context of the Pacific o Collaboration + Networking (with other partners PACSON, APCERT & FIRST) o On the job training o Sharing ideas, success stories etc • Created momentum in other areas of cyber security i.e. education & awareness, support for LEAs and other stakeholders 11
- 12. FIRST.org Fellowship Program • Howdo we share information or get help from places that do not have CERT/CSIRT yet • “CERT of Last Resort” doesn’t always work • Initiative by FIRST community to have teams from least developed ecomomies • Started in 2014 • Identify possible reps / contacts • Invite to FIRST Annual Conference • Support with mentorship to help establish National CERT/CSIRT • Established team then joins FIRST (not always but hopefully) • Funded by FIRST members and generous donors https://www.first.org/global/fellowship/
- 13. How to GetHelp from Another Country? • Official Version Send Official Request to Embassy Embassy will Process & Escalate to Ministry in Home Country Ministry will discuss and contact the appropriate Agency Help?
- 14. How to GetHelp From Another Country • Community Edition SMS Puan XYZ, anda sudah dapat courier service document, sila tandatangan atas electronik certification http://goo.gl/dGraHH hxxps://www.dropbox.com/s/2spbfs86wsj2l8l/sijil.apk ** APK sends data to Command and Control in TW 1 2 3
- 15. Cyber Security Ecosystem Network Operators Law Enforcement Policy Makers/ Gov Researchers Vendors CERTS/ISA Cs/CSIRTs Individual Users Organizations 15
- 16. Summary 1. If you’reworking alone, you are doing it wrong • May need to change the mindset of Top Management • External Engagement can be a dedicated role 2. Get yourself plugged in to the CERT/CSIRT Community • May require additional resources (i.e. to attend meetings or extra time for community work) 3. Be Proactive in your own community • Don’t wait but initiate with others • Someone needs to lead 4. Improve overall security together – build trust & make new friends!
- 17. Terima Kasih • AdliWahid (LinkedIn) • Email: adli@apnic.net • Web: www.apnic.net