How Can NRA Contribute to the Improvement of IT Security? Rytis Rainys, Communications Regulatory Authority of the Republic of Lithuania

Transcription

1 How Can NRA Contribute to the Improvement of IT Security? Rytis Rainys, Communications Regulatory Authority of the Republic of Lithuania 1

2 Outline of the presentation Introduction and survey. NRA actions area. Examples of public and private sectors partnerships. Conclusions. 2

3 Introduction Territory: km² Inhabitants: 3.5 mln. 1 major fixed operator 3 GSM operators 115 ISP Number of internet users increases more than twice each year and has reached 1.4 mln. 3

4 Survey The study demonstrated that the majority of Internet users face computer viruses and spam Users Enterprises ISP Lithuanian case Viruses Spam Intrusions Phishing DoS attacks Illegal content 4

5 Survey Despite the fact, that majority of users employ security tools, the quarter of home users and enterprises and most of ISPs suffer from threats to security. 68 Home users Enterprises ISP Lithuanian case Incurred damage due to security incidents Since all the Internet traffic goes over ISPs networks, they naturally incur the biggest damage of security incidents. 5

6 NRA response: Consumer education and awareness rising; Reduction of negative impact of security incidents; Management of security incidents (CERT); Development of legal and standardisation tools; Inter-institutional and international cooperation. 6

7 Rising of awareness (example 1) Interactive web site developed by numerous partners to have a central Internet portal for information on IT security in LT. For home users For enterprises For institutions CERT 7

8 Rising of awareness (example 2) In cooperation with the banks flyers on phishing have been distributed in Lithuania. Taking timely actions when growing phishing activities are observed. 8

9 Reduction of negative impact NRA in cooperation with security vendors works on project on producing the particular tools for home users. About CDs have been issued and distributed for free in all regions. 9

10 Management of incidents The ISP sector is a critical spot in safeguarding against security incidents. If efficient management of incidents in the ISP sector is ensured, there will be no need to solve the problems at the users level. Separate CERT teams need a coordination centre. CERT-IPT, ACADEM-CERT CERT-GOV, CYBER-POLICE DECISIONS CERT-LT Local CERTs INFORMATION 10

11 Drafting a law Drafting the Law on Network and Information Security is a new policy making challenge in LT. It should be a piece of a comprehensive primary legislation that systematically covers the most important network and information security issues and defines institutional structure in Lithuania. 11

12 Inter-institutional cooperation The Memorandum of Understanding on the Progress in the Area of Security of Information and Networks has been signed: Between NRA, Association of Lithuanian Banks and the Association Infobalt. Memorandum Implementation Committee, formed of the representatives of the parties, has been established to take care of implementation of the Memorandum and working projects. 12

13 International cooperation 2006 November the Conference Ensuring Information and Network Security a Guide for Managing Security in Public and Business Environment with a pre- Conference Workshop on November 15, Topics - security policy, Standardization, CIIP; Audience governmental and private organizations working in the NIS area; Geographical coverage Baltic region, EU MS, EU accession states; Website Other International cooperation course: ENISA; IRG; ISACA; London action plan. 13

14 Conclusions NRA should pay a particular attention to the education of users, as only an aware user can counter security challenges. It is essential to develop security incidents management via special CERT services in the future, especially at ISP sector. The success of NRA s activities can be ensured by a close and continuous multistakeholder partnership. 14

15 Thank you for your attention Rytis Rainys Head of Network and Information Security Division Communications Regulatory Authority (RRT) of the Republic of Lithuania Telephone: