2nd ENISA Workshop German CERT-Activities. 5 th October, 2006 Brussels

Transcription

1 2nd ENISA Workshop German CERT-Activities 5 th October, 2006 Brussels

2 Overview Hosting Organisation CERT-Bund Background Projects CERT Services German CERT Activities International Cooperation Lessons Learned Jedlicka Hans-Peter 5 th October 2006 Folie 2

3 Bundesamt für Sicherheit in der Informationstechnik (BSI) Federal Office for Information Security Jedlicka Hans-Peter 5 th October 2006 Folie 3

4 Facts and Figures about BSI Established in 1991 Federal Superior Authority part of to the Federal Ministry of the Interior 430 staff (computer scientists, engineers, mathematicians, physicists) Budget: some 51 million Euro Jedlicka Hans-Peter 5 th October 2006 Folie 4

5 Customer Focus on Government and Administration Security consulting and support R & D of encryption devices Emission Security, Counter-Eavesdropping Operation of the Berlin-Bonn government net CERT Support of the e-government initiative Citizens Awareness campaign common user orientated give away CD BSI - web site Frequent articles in computer magazines Science Cooperation with universities Research contracting Trend analysis Private sector Promotion of electronic signatures IT Grundschutz as an industry standard Certification of IT-products Critical infrastructures IT Security partnership Promotion of biometric methods Jedlicka Hans-Peter 5 th October 2006 Folie 5

6 Section 121 CERT-Bund Jedlicka Hans-Peter 5 th October 2006 Folie 6

7 Background (1) hosted by the Federal Office for Information Security (BSI) part of the Federal Ministry of Interior (BMI) initially created as virtual team 1994, named as BSI-CERT mainly focused on information gathering shift in paradigms in 2000 preparing to set up a real Computer Emergency Response Team Jedlicka Hans-Peter 5 th October 2006 Folie 7

8 Background (2) officialy established on 1st September 2001 renamed as CERT-Bund governmental CERT for the Federal Administration becoming the national CERT Jedlicka Hans-Peter 5 th October 2006 Folie 8

9 Department 1 Strategic Applications, Internet Security Organizational Chart Division 11 Strategic Applications Section 112 Network Platforms and Infrastructures, IVBB Division 12 Internet Security Section 121 Federal Government CERT, Crisis Response Centre Section 122 Internet Security Analysis and Security Procedures Core team 10 people Section 125 IT-Penetration Centre Section 126 Critical Infrastructures Close cooperation with other sections based on a case by case situation. Jedlicka Hans-Peter 5 th October 2006 Folie 9

10 Team of CERT-Bund 1 Team Leader 3 Senior Advisor 5 Security Specialists 1 Secretary Jedlicka Hans-Peter 5 th October 2006 Folie 10

11 Services provided by CERT-Bund Providing central PoC 24/7 for the Federal Administration Running a Situation Centre for monitoring public sources Analyzing incoming incident reports and other information about vulnerabilities Supporting the investigation of incidents and the recovery process Coordinating incident handling & malware reports Jedlicka Hans-Peter 5 th October 2006 Folie 11

12 Services provided by CERT-Bund Disseminating advisories or information on counter measures and/or workarounds by running a Warning & Information Service Running a telephone based Alerting Service for the Federal Administration New: Providing the national PoC for international Cooperation Coming soon: Running the National Crisis Response Centre Jedlicka Hans-Peter 5 th October 2006 Folie 12

13 Strategic Objectives National Plan for Information Infrastructure Protection (NPSI) Prevention: Protecting information infrastructure adequately Preparedness: Responding effectively to IT security incidents Sustainability: Enhancing German competence in IT security Setting international standards Jedlicka Hans-Peter 5 th October 2006 Folie 13

14 Main Tasks Goal 8: Identifying, registering and evaluating incidents [...] will play the role of a national command, control and analysis centre that will be able to provide a reliable assessment of the current IT security situation in Germany at any time [...]. Goal 10: Responding to IT security incidents [...] to respond rapidly to serious incidents. It provides incident analyses and assessments to all relevant bodies and coordinates the cooperation [...] Jedlicka Hans-Peter 5 th October 2006 Folie 14

15 German CERT Activities Jedlicka Hans-Peter 5 th October 2006 Folie 15

16 History of CERTs in Germany Since 1991 many german CERTs / CSIRTs emerged Micro-BIT 1993 DFN-CERT (University of Karlsruhe) (German Research Network) 1994 BSI-CERT / CERT-Bund (Federal Office for Information Security)... and the process of creating Emergency Response Teams is going on CERT-Bw (German Armed Forces) 2003 Mcert (Small & Medium Enterprises) 2005 Bürger-CERT (easy to understand Alert & Warning Service for the average citizen) 200x other CERTs within different Sectors and important Global Players are still following up Jedlicka Hans-Peter 5 th October 2006 Folie 16

17 National Network of CERTs CERTs of Companies / Enterprises CERT-Bw Commercial CERTs Equal amongst equals! CERTs der Bundesländer CERTs for akademic Sector CERT-Bund Jedlicka Hans-Peter 5 th October 2006 Folie 17

18 CERT-Cooperations within Germany CERT Working Group ( CERT-Arbeitsgruppe ) about 30 german CERTs organised in an inofficial working group regular meetings 2 per year CERT Alliance ( CERT-Verbund ) 19 very closely cooperating CERTs, based on signed Code of Conduct & NDA Jedlicka Hans-Peter 5 th October 2006 Folie 18

19 Jedlicka Hans-Peter 5 th October 2006 Folie 19

20 Jedlicka Hans-Peter 5 th October 2006 Folie 20

21 Projects German Advisory Format (DAF) special exchange format for advisories based on EISPP Common Advisory Format Description ( standardized Common Model of System Information (CMSI) incorporated in SIRIOS Incident Handling System (SIRIOS) initiated and funded by CERT-Bund modular application framework focused on incident management and vulnerability handling licensed under the GNU General Public License (GPL) National Early Warning Capability ( CarmentiS ) initiated and funded by CERT-Bund to test the concept for the infrastructure to test new forms of visualization and automatic detection co-operative Information Management and Analysis Platform to recognize and assess current threats in a timely matter Jedlicka Hans-Peter 5 th October 2006 Folie 21

22 Jedlicka Hans-Peter 5 th October 2006 Folie 22

23 Early Warning in the German Internet ( CarmentiS ) Jedlicka Hans-Peter 5 th October 2006 Folie 23

24 Closing the Gaps Mcert Big companies & enterprises usually well protected traditional risk assessment & risk management established procedures professional IT administration What about Small & medium enterprises? Jedlicka Hans-Peter 5 th October 2006 Folie 24

25 Mcert Jedlicka Hans-Peter 5 th October 2006 Folie 25

26 Closing the Gaps Bürger-CERT For? Citizens and Small Business Companies From? Federal Office for Information Security (BSI) and Mcert German Association for IT-Security sponsored by leading business-partners such as: Why? Awareness raising; pointing out the dangers and risks of the Internet use; providing timely Alerts & Warnings; advising counter measures; How? Understandable safety information How much? Free Where? Jedlicka Hans-Peter 5 th October 2006 Folie 26

27 Bürger-CERT Jedlicka Hans-Peter 5 th October 2006 Folie 27

28 International Cooperation Jedlicka Hans-Peter 5 th October 2006 Folie 28

29 International CERT-Cooperation bilateral projects European Governmental CERT (EGC)- Group Cooperation between TERENA / TF-CSIRT An Initiative of TERENA - Trans-European Research and Education Networking Association APCERT Asia Pacific Computer Emergency Response Team FIRST Global Coalition forming the Forum of Incident Response and Security Teams Jedlicka Hans-Peter 5 th October 2006 Folie 29

30 European Governmental CERT Group Finland - CERT-FI France - CERTA Germany - CERT-Bund Netherlands - GOVCERT.NL Norway - NorCERT Sweden - SITIC Switzerland - SWITCH-CERT United Kingdom - UNIRAS/NISCC Jedlicka Hans-Peter 5 th October 2006 Folie 30

31 European Governmental CERT Group EGC is based on common interests strengthens the member organisations is an operational group is based on active participation is part of an international environment welcomes external contacts maintains a public web site (coming soon) can be reached via egc-group.org Jedlicka Hans-Peter 5 th October 2006 Folie 31

32 Lessons learned Jedlicka Hans-Peter 5 th October 2006 Folie 32

33 Lessons Learned (1) Prepare as much as possible Preparing analysis of constituency Critical scrutiny of services to be provided Definition of Service-Level-Agreements Definition of policies Clarification of mandate Clarification of authority Providing human, technical and financial resources Acquiring and extending competence Not everything can be envisioned right from the start Objectives might change over time Jedlicka Hans-Peter 5 th October 2006 Folie 33

34 Lessons Learned (2) Do not underestimate promotion of the team and the services Coordination with partners and constituency travel budget, human resources, time Initiating and extending relations to national and international CERTs, providers and law enforcement Progress is sometimes very slow IT security is not for free! But you can start small and grow with your responsibilty Jedlicka Hans-Peter 5 th October 2006 Folie 34