www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Sonam Choki

Sr. ICT Officer

Bhutan Computer Incident Response Team (BtCIRT)

“Cybersecurity in Bhutan”

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Overview

• Background on Bhutan Computer Incident Response Team(BtCIRT)

• National Cybersecurity Initiatives• BtCIRT services• Incident Handling Statistics• Common real incidents• General Observations • Recommendations

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Background on Bhutan CIRT(BtCIRT)

• Started Operation in April 2016.• Mandate:

• Serve as a trusted and central coordination point of contact at national level• At Government and National level

16

Coordinate informationRespond/Manage cyber threatEnhance Cyber security

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

National Cybersecurity Initiatives

❏ Various Network and Information Security, Cyber drills, Incident Handling trainings and workshops conducted for ICT professionals in the government and corporate sectors.

❏ Security Assessment in 3 Dzongkhag Thromdes and clusters

❏ Joined APNIC community honeypot

❏ Draft Bhutan Cybersecurity Strategy❏ Stakeholder consultations on drafting the strategy has been complete❏ Presentation of Draft Bhutan Cybersecurity Strategy 2018 to the MoIC

completed

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

National Cybersecurity Initiatives

● Cyber simulation exercises conducted for Ministers, CEOs and heads of Critical Sectors and organisations

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

BtCIRT services

❏ Incident handling❏ Security Advisory/Alert/News via website, Facebook,

email❏ Proactive monitoring for threats and vulnerabilities

(GDC)❏ After breach support ❏ Security Assessment as per agency request

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Incident Handling Status: Major types of incidents

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Incident Handling:Yearly statistics

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

GDC monitoring: Intrusion attempts and system compromises

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

GDC monitoring: Intrusion attempts and system compromises

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

GDC monitoring: Intrusion attempts and system compromises

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Common Real Incidents 1. Vulnerabilities 2. Website defacements

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Common Real Incidents handled3. Phishing:

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Common Real Incidents 4. Ransomeware5. Cyrptomining

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

General Observations❏ It has been observed that the networks/systems are not

securely configured ❏ With no vulnerability management system, most of the

systems are left unpatched, exposed to various attacks including DDoS, web defacement and others.

❏ Asset management is not in place.❏ Logs are not being analyzed or not even captured❏ Physical security ❏ Use of default passwords,vendor accounts not disabled❏ Use of simple passwords

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Recommendations❏ Patch!❏ Maintain system logs and periodically analyse it for

suspicious activities❏ Maintain backups❏ Harden systems ❏ User level and system-level passwords must conform to

the standard password guidelines

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Common username and passwords targeting Bhutan

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Reporting Computer Incidents

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

Questions?

www.btcirt.bt Phone: +975-02-338606 General Email: info@btcirt.bt Incident Report: cirt@btcirt.bt

THANK YOUContact: info@btcirt.bt (General)

cirt@btcirt.bt (Incidents)