ifs/2013/329397 presented by: besnik limaj team leader eu funded enhancing cyber security project...
TRANSCRIPT
![Page 1: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/1.jpg)
IFS/2013/329397
Presented by:Besnik LIMAJTeam Leader
EU funded Enhancing Cyber Security
Project
19/09/2014
![Page 2: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/2.jpg)
2
PROJECTSYNOPSIS 1
![Page 3: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/3.jpg)
PROJECT FUNDED BY:
EUROPEAN UNION’S INSTRUMENT CONTRIBUTING TO STABILITY AND PEACE
LAUNCHED: JANUARY 2014 – DURATION 24 MONTHS
TOTAL BUDGET: 1,485,000 Euros
![Page 4: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/4.jpg)
4
CONSORTIUM 2
![Page 5: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/5.jpg)
CONSORTIUM
Adetef is the international technical assistance consultancy agency and operator for French ministries in charge of Economy and Finance, Industry, Sustainable Development and State Reform.It takes up and disseminates financial and economic best practices, providing national governments and public authorities with cutting-edge technical expertise from French officials and public sector experts.
CIVI.POL Conseil is the in-house consulting and service company of the French Ministry of Interior, and its mandated body for international assistance.Since its founding in 2001, CIVI.POL Conseil has been providing services in the areas of the French Ministry of Interior.
![Page 6: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/6.jpg)
6
PROJECTPARTNER
COUNTRIES 3
![Page 7: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/7.jpg)
FYROM – MOLDOVA – KOSOVO - AZERBAIJAN
REGIONS:
East Europe and Western Balkans
PARTNER COUNTRIES:The Former Yugoslav Republic of
Macedonia, Kosovo,
and Moldova
![Page 8: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/8.jpg)
8
OBJECTIVEAND
EXPECTEDRESULTS 4
![Page 9: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/9.jpg)
OVERALL OBJECTIVE:
increase the security and resilience
of ICT networks in the partner Countries
by
building and training local capacities
to
adequately prevent, respond to cyber attacks and/or accidental
failures
![Page 10: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/10.jpg)
EXPECTED RESULTS TO BE ACHIEVED
1.Creation and/or the development of National Computer Emergency Response Teams (CERTs) and 24/7 Contact Points;
2. Adoption of a National Cyber Security Strategy (NCSS)
3.Development of effective international cooperation
![Page 11: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/11.jpg)
COMPONENTS
COMPONENT 1: Cyber security strategies and awareness raising
COMPONENT 2: CERT Capacity Building
COMPONENT 3: Enhancing Cooperation: PPPs and International cooperation
![Page 12: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/12.jpg)
12
PROJECTSACTIVITY
AREAS 5
![Page 13: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/13.jpg)
COMPONENT 1CYBER SECURITY STRATEGIES AND AWARENESS RAISING
CYBER SECURITY STRATEGY:ACTIVITY AREA 1.1. - Advice on creation and adoption of National Cyber Security Strategies (including advice on policy, financial and legal implications)
AWARENESS RAISING: ACTIVITY AREA 1.2. - Advice on raising awareness on cyber security including organisation of national and international workshops for decision makers and a closing conference
![Page 14: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/14.jpg)
COMPONENT 2ENHANCING CERTs CAPACITY
ACTIVITY AREA 2.1. - Support on establishment/strengthening of operational CERTs units (including inter alia advice on developing effective cyber security incident reporting; Skills training enhancement)
ACTIVITY AREA 2.2. - Facilitation of joint cyber security exercises
ACTIVITY AREA 2.3. - Advice on development of specific curriculum/training course for CERT officers
![Page 15: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/15.jpg)
COMPONENT 3ENHANCING COOPERATION: PPPs AND INTERNATIONAL COOPERATION
PPPsACTIVITY AREA 3.1. - Enhance cooperation between government and private sector on Cyber Security and advice on creation of new flexible and updated academic curricula including computer science (CS), and science, technology, engineering and mathematics (STEM) degrees
INTERNATIONAL COOPERATIONACTIVITY AREA 3.2. – Foster cooperation with international bodies as ENISA in the field of cyber security
ACTIVITY AREA 3.3. - Facilitation of participation in international events on cyber security for the CERTs and 24/7 points of contact .;
![Page 16: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/16.jpg)
16
ACTIVITY STEPS
on CERT’s 6
![Page 17: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/17.jpg)
ADVICE ON CREATION OF NATIONAL CERT’S
TASKS:
• Identify the right stakeholders during the Paris Workshop in April - COMPLETED•Review of the current situation in FYROM and KOSOVO – COMPLETED
•Chose the right services: In the early stage CERT will focus mainly on providing some of the core-services as:
• Alerts and warnings• Incident handling• Incident analysis• Incident response support• Incident response coordination• Announcements as Proactive services;
•Define communication approach (SWOT/PEST Analysis);
•Define Mission statements;
•Develop organisational structure;
•Coordinate with direct partner location of the CERT (in accordance with the country legislation);
•Help to make CERT in these two countries operational. Establish process flows and operational/technical procedures for delivering core CERT services as:
• Alerts and Warnings;• Announcements;• Incident Handling;
•Establish cooperation with ENISA and other CERTs in the region;
•Draft recommendations, action plans and road map.
![Page 18: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/18.jpg)
ADVICE ON STRENGTHENING OF NATIONAL CERT’S
TASKS:
• Identify the right stakeholders - COMPLETED
•Review of the current situation in Moldova - COMPLETED;
• Interview relevant staff of CERT - COMPLETED;
• Conduct needs assessment of further training - COMPLETED
• Review of present CERT operational rules - COMPLETED;
• Identify which services and trainings must be provided in priority;
• Implement these recommendations;
![Page 19: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/19.jpg)
FACILITATION OF
TWO - CYBER SECURITY EXERCISES
Month
14Month
20
![Page 20: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/20.jpg)
METHODOLOGY
![Page 21: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/21.jpg)
FACILITATION OFPARTICIPATION IN RELEVANT CYBER SECURITY MEETINGS
![Page 22: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/22.jpg)
OTHER TAILOR MADE ACTIVITIES BASED ON SPECIFIC COUNTRY NEEDS
![Page 23: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/23.jpg)
23
COUNTRYFOCAL POINTS 7
![Page 24: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/24.jpg)
COUNTRY FOCAL POINTSTHE FORMER YUGOSLAV REPUBLIC OF MACEDONIA
National team’s representatives: The Cyber Crime Unit – MoI;Ministry of Information Society and AdministrationAgency for Electronic Communications - (CERT)Ministry of Interior University, MASIT ...
![Page 25: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/25.jpg)
COUNTRY FOCAL POINTSKOSOVO
National team’s representatives:Office of the Prime MinisterAgency of Information SocietyThe Cyber Crime Unit – MoI;Regulatory Authority of Electronic and Postal Communications – C.E.R.T.Ministry of JusticeUniversity
![Page 26: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/26.jpg)
COUNTRY FOCAL POINTSMOLDOVA
National team’s representatives: CERT – GOV – MDMinistry of Internal AffairsOffice of the Prosecutor GeneralNational Center for Protection of Personal DataUniversity
![Page 27: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/27.jpg)
27
CERT’s in PARTNER
COUNTRIES 8
![Page 28: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/28.jpg)
FYROM - MACEDONIA
LOCATION: Agency for Electronic Communications
LEGAL FRAMEWORK: Ministry for Information Society and Administration in coordination with AEC – in a process of ammending the Law on Electronic Communications – Indicative expected ammendment of the Law – December 2014
STAFF: AEC – 140 Employees - CERT – up to 5 persons
Proposed MKD- CERT implementation phases are:
![Page 29: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/29.jpg)
FYROM - MACEDONIA
Phase 3
•Reactive services1.Security audits and
assessments
•Proactive services1.Forensic analysis
•Security quality management services
1.Risk analysisSecurity consulting
Phase 1
•Reactive services1. Incident response
and handling (both remote and onsite)
2. Alerts and warnings
3. Vulnerability response
•Proactive services
1. Announcements and basic awareness
2. Education Training
Phase 2
• Reactive services
1. Incident response coordination
2. Vulnerability response coordination
3. Thread analysis• Proactive
services1. Vulnerability
analysis2. Technology
watch• Security quality1. Advanced
awareness2. Education
Training
![Page 30: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/30.jpg)
KOSOVO
LOCATION: Regulatory Authority for Electronic and Postal Communications (RAEPC)
LEGAL FRAMEWORK: Regulated with the • Law on Electronic Communications No. 04/L-109 – November 2012 and• Electronic Comm. Sectoral Policy Digital Agenda for Kosovo ‐2013 2020‐
STAFF: RAEPC – 39 Employees - CERT – up to 5 persons and by the end of 2016 – in KOS-CERT are planning to work 8-10 people
Current situation:
Job advert published:
By end of September 2014 KOS-CERT – 2 people should be employed
• High officer for Network Security and • Officer for Service developing
Services
Basic KOS-CERT services (2014-2015):
Reactive services• Incident analysis
and response • Alerts and warnings
Proactive services• Announcements • Training
![Page 31: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/31.jpg)
KOSOVO
Mobile Penetration rates in Kosovo:
Broadband Penetration rates:
![Page 32: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/32.jpg)
MOLDOVA
CERT-GOV-MD is a governmental computer security incident response team founded within State Enterprise “Center of Special Telecommunications”.CERT-GOV-MD's constituency are public authorities and critical information infrastructure providers of the Republic of Moldova.
Host organization
Government
Constituency
State Chancellery
S.E. Center of Special Telecommunications
Cyber Security Center CERT-GOV-MD
Public Authorities
Critical information infrastructure providers
ABOUT CERT-GOV-MD
![Page 33: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/33.jpg)
MOLDOVA
Reactive services:
- Alerts and warnings;- Incident handling; - Incident response support;- Incident response
coordination.
CERT-GOV-MD
Proactive services:- Announcements;
- Security-related information dissemination (Bulletins,
Newsletters, Good practice guides).
Security quality management services:
- Awareness building;- Security Consulting.
Additional Services:- Security audit;
- ISO 27000 implementation.
CERT-GOV-MD SERVICES
![Page 34: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/34.jpg)
MOLDOVA
INTERNATIONAL COOPERATION
![Page 35: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/35.jpg)
35
TEAM-
NEXT STEPS 9
![Page 36: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/36.jpg)
TEAM
KEY EXPERTS:
Besnik LIMAJ, KE 1: TEAM LEADER
Emilio BUGLI INNOCENTI KE 2: C.S. EXPERT
POOL OF NON KEY EXPERTS:
SENIOR EXPERTS:
JUNIOR EXPERT:
MORE S.T.E. TO BE IDENTIFIED PER SPECIFIC TASKS OF THE PROJECT
![Page 37: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/37.jpg)
PROGRESS UP TO - JULY 2014
• Project team mobilised;
• Overlaps with other projects identified and avoided
• Development of a detailed and updated Project Work Plan
• Training Needs Analysis conducted;
• Based on the Training Needs Analysis results, suggestions
on the capacity building proposed in a detailed plan of
activities;
• Networks with relevant national stakeholders and
international partners established;
• Inception and 1st Progress Report submitted to the
Contracting Authority.
![Page 38: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/38.jpg)
NEXT STEPS – UNTIL END OF DECEMBER, 2014
• ROME, ITALY - 43rd TF-CSIRT Meeting – 18-19 September, 2014 • SIBIU, ROMANIA TRAINING, CONFERENCE AND WORKSHOP ON CYBER
SECURITY 30 SEP-4OCT 2014
• PARIS, FRANCE WORKSHOP ON CYBER SECURITY STRATEGY AND PPP • 23-24 OCT 2014
• MENTORING SESSIONS PER COUNTRY – NOVEMBER 2014
• TRANSIT I – TRAINING, PRAGUE• CEH - ETHICAL HACKING TRAINING
• RECRUITMENT OF FURTHER SHORT TERM EXPERTS
![Page 39: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/39.jpg)
SHORT TERM EXPERTS
![Page 40: IFS/2013/329397 Presented by: Besnik LIMAJ Team Leader EU funded Enhancing Cyber Security Project 19/09/2014](https://reader037.vdocument.in/reader037/viewer/2022102900/551bed06550346b4588b640f/html5/thumbnails/40.jpg)
Contact:Besnik Limaj, Team LeaderEmail: [email protected]: +377 44 506 403www.encysec.eu