ministry for information society and telecomminucations cirt - computer incident response team...

NATIONAL CIRT OF MONTENEGRO

MINISTRY FOR INFORMATION SOCIETY AND TELECOMMINUCATIONS

CIRT - Computer Incident Response Team

GOVERNMENT OF MONTENEGROMINISTRY FOR INFORMATION SOCIETY AND TELECOMMINUCATIONS

Doc.Dr ADIS BALOTA, dipl.ing.el

DEPUTY MINISTER AND MANAGER OF CIRT TEAM

CYBER SECURITY CHALLENGES OF THE 21ST CENTURY

Protection of the critical national infrastructure

Rapid growth of the cyber attack, criminal and terrorism

Inefficient international corporation and legislation

Constant progress in complexity of cyber attack Generally insufficient level of development of cyber

security awareness and cyber security culture

CYBER CRIME

Computer Crime

Directed against

networksDirected against

computers

Spam

Frauds

Offensive Content

Harassment

Cyber wars

Cyber terrorism

Others

Cyber Crime or E-crime, or HTC includes criminal activities in which computers and other IT equipment and computer networks are subjects, tools, objects or scene of a crime

EXAMPLES OF CYBER CRIME

Nigerian letter, fake massages Fake web sites Fishing – gathering of confidential

information's Farming – redirection to fake web

addresses Scams – coping of credit cards Piracy Distribution of pornographic materials

NEW TYPES OF COMPUTER CRIME

New types of computer crime that have developed in the last 10 years:

Computer trespass (USA) Cyber bullying Cyber defamation Economic and industrial espionage by means of computer technology Murder on Internet Internet harassment Encouragement to a suicide by Internet Internet wars (1st Internet war: East Timor-Indonesia; Web War One:

Estonia 2007 2008 South Ossetia-Russia Internet war, 2010 China Telekom, 2010 Stuxnet worm) Online predators Organized crime White-collar criminal Virtualization

STATISTICS 55 % of personal PC is infected with spyware

7% of companies are using the latest version of service pack of the Operating System

25 % computers are zombies

33 % companies allows Instant Messaging

52 % companies the network is the last line of defense

14 % users are reading spam and 4 % are buying the advertised products (!)

21 % of span is pornography

20 % of users in Great Britain are buying spam products

SYMANTEC REPORT ON CYBERCRIME FOR 2012.

42%

17%

26%

15%

OTHER

110 billion € loss for 2012.

556 million victims in 2012. More than the entire population of EU.

1,5 million victims every second

66 % of online adults have been the victim of cybercrime in their lifetimeTHEFT OR LOSS

REPAIRS

FRAUD

Legal Framework

Training & Education

Hardware/Software

Cooperation

LEGAL FRAMEWORK

Information Security Law of Montenegro

Administrative Agreement between Government of Montenegro and ITU

Readiness Assessment Report

“National CIRT Project” Documentation

User Requirement Specification

CIRT Policies

Detailed study on Government Agencies roles against cyber criminal

Cooperation Protocols

ESTABLISHMENT OF CIRT.ME

• Member of project “establishment the national CIRT.ME: Government of Montenegro – Ministry for Information

Society and Telecommunications

ITU – International Telecommunication Union

IMPACT –International Multirate Partnership against cyber threats The prerequisite for establishment of the National CIRT of

Montenegro was the administrative agreement signed between the Government of Montenegro and the ITU on 29th of July 2011th .

SERVICES OF CIRT.ME Prevention, treatment and elimination of consequences of

computer security incidents on the Internet and other information systems security risks:

Security alerts and warnings User education, raising security awareness in the field of

information security

CIRT CONSTITUENCY State agencies, The state administration, Local authorities, Legal persons with public authorities, Other private or legal persons who have access to

or handle data

ROLES AND RESPONSIBILITIES

National CIRTs can Drive & Promote

National Cybersecurity Strategies /

Policies

Cyber Forensics Services

National Public Key Infrastructure

(PKI) / Digital Signature

Governance / Legislations

Critical Information

Infrastructure Protection

Cybersecurity Awareness Training & Education

Cybersecurity Research

International Cooperation

Security Assurance

TRAINING AND EDUCATION

• Two representatives attended “Developing and Implementing a CIRT Team” in Malaysia.

• IMPACT experts held Incident Response training in Montenegro for 12 representatives from different Government Agencies

• Cybersecurity trainings in Japan

• EC-Council (CEH) vouchers for CIRT members

• Regional Forum on Cyber security for Europe (Bulgaria)

- Implementation stage started in February 2012

- Publishing of www.cirt.me website and RTIR ticketing system, April 2012

IMPLEMENTATION

THE POSITION OF NATIONAL CIRT

National CIRT

MIST

Prime Ministe

r

ISP

Mobile Operat

ors

Banks

Post office of

Montenegro

EPCG

Other Instituti

ons

ANS

Ministry of Defense

Ministry of Internal Affairs

Police Departme

nt

Ministry of Justice

National Security Authority

Other Departme

nts

ITU/IMPACT ENISA FIRST

TRUSTED INTRODUC

ER

NATIONAL CERT/CIRT

TEAMS

National CIRT has started the process of establishing local CIRT teams in Montenegro.

National CIRT will develop special relations with key Government Institutions recognized in the cyber security field:

Ministry of Defense,

Ministry of Internal Affairs,

Ministry of Justice,

National Security Agency

Directorate for the Protection of Classified Information

etc 

COOPERATION WITH GOVERNMENT AGENCIES

COOPERATION WITH PRIVATE SECTOR

In order for the CIRT to fulfill it’s duties, it’s very important to develop and maintain good relations with the Private sector.

Key Institutions:

ISP,

Mobile Operators,

Banking Sector,

Electric Power Industry,

Montenegro Post office

Other institutions

INTERNATIONAL COOPERATION

Some of the key international organizations which are relevant in the cyber security field:

• ITU• IMPACT• ENISA• TRUSTED Introducer• FIRST• CERT/CIRT Networks  

INTERNATIONAL CORPORATION CONT.

Full membership in FIRST since February 2013. godine

Regional Corporation: Slovenian SI-CERT i Croatian Carnet CERT

Terena, Trusted Introduces, CIRT.ME listed

The advantages of membership in international organizations:- Assistance in resolving incidents- Training- Possibilities to use forensics capabilities- Direct communications with CERT/CIRT teams around the world- Access to security information database

EXAMPLES FROM THE FIELD – CIRT.ME

Attacks on web sites Financial/bank frauds Internet frauds Theft of identity on the social networks Sexual harassment in the cyber space Farming – Banks from MN and India Compromised IP addres from .me domain Child pornography

CONCLUSIONFuture activities:

Establishment of the National Council for Cyber Security

Constant upgrade of conditions for efficient CIRT functions

- Legislation- Training- Tools - Secure the financial needs

Local and International Corporation

Kaspersky

NAV

Expand the quantity and quality of the service

?