Centre for cybersecurity Belgium : Role, Missions et future capacities

Size: px

Start display at page:

Download "Centre for cybersecurity Belgium : Role, Missions et future capacities"

Buddy Joseph
5 years ago
Views:

1 Centre for cybersecurity Belgium : Role, Missions et future capacities NLO meeting 30/01/2018 Phédra Clouner Deputy Director

2 CCB 01 CCB mission & services Page 2

3 Legal Basis R.D. 10/10/2014 Contribute to build a safer and reliable Internet Create a national policy and capabilities with existing actors Belgian policies & Coordination Page 3

4 Legal Basis R.D. 10/10/2014 Create a national policy and capabilities with existing actors Coordination Laws, standards, guidelines Ensuring crisis management Page 4

5 Legal Basis 1. Monitoring, coordinating and supervising the implementation of Belgian policy on the subject; 2. Managing the various projects on the topic of cybersecurity using an integrated and centralized approach; 3. Ensuring coordination between the relevant government departments and governments, as well as the public authorities and the private or scientific sectors; 4. Formulating proposals aimed at adapting the regulatory framework in the field of cybersecurity; 5. Ensuring crisis management in case of cyber incidents in cooperation with the government's Coordination and Crisis Centre; 6. Preparing, disseminating and supervising the implementation of standards, guidelines and security standards for the various information systems of the governments and public institutions; 7. Coordinating the Belgian representation in international cybersecurity forums, coordinating the monitoring of international commitments and national proposals on this subject; 8. Coordinating the security evaluation and certification of information and communication systems; 9. Informing and raising awareness among users on information and communication systems. Page 5

6 Chapter 1 stakeholders CCB Police CERT.be Crisis Centre SGRS Judiciary ((Federal )prosecution) OCAM VSSE Federal Public Service Foreign Affairs Conseil national de sécurité/ comité stratégique/ comité de coordination renseignement et sécurité Critical Infrastrctures /Vital sectors Belnis (Belgian network on information security) Privacy Commision Cyber security coalition ISP Vendors Academics International collaboration Page 6

7 STRATEGIC Awareness Botnet Eradication Anti-phishing Cyber Security guides Webinars Training (Gov only) Partnerships Reliable technologies Page 7

8 STRATEGIC OBJECTIVES Early warning-system Threats, vulnerabilities, incidents Detection & monitoring MISP Standard IDS - SIEM Baseline security norm & audit Directives, guidelines, norms Incident response Diagnosis, response Incident management system Page 8

9 ENABLERS It s all about people Encourage academic institutions Stimulate youth participation Exercises & training Specific HR 9

10 Enablers Situational awareness Cyber threat against Belgium Vital Sector specific risks and vulnerabilities Efficient information exchange Information portal for the population and companies Secured network for the Vital Sectors 10

11 CCB 02 Cyber Security (CySec) PROJECTS Page 11

12 CURRENT PROJECTS Cyber Security Early Warning system & National IOC exchange platform Botnet Eradication System National Cyber Security Awareness Campaign National Cyber Security Emergency Plan Cyber Security Risk Assessment tools & Baseline Security Norm for Vital Sectors Cyber Security expert training National incident handling communication system (ICMS COBRA) Responsible disclosure policy ISACS (Vital Sectors, Academic, RS-IV, industry ) Cyber Diplomacy Framework (Cyber Diplomat) Standard Intrusion Detection System online courses - webinars EU NIS Directive transposition New cyber strategy will based on the NCSS Good practice guide+ art 7 NIS directive+ ENISA s help? Page 12

13 Vital Sector Early Warning System Page 13

14 DÉFI 9 % des Belges, victimes de messages frauduleux Identifiez le phishing et agissez! Page 14

15 RESPONSIBLE DISCLOSURE For Ethical Hackers Authorization to access the IT systems to inform on vulnerabilities without committing an external hacking crime (550 bis of the Criminal Code) Page 15

16 NATIONAL CYBER SECURITY EMERGENCY PLAN Upscaling National CySec CRISIS National CySec INCIDENT Small INCIDENT Definition of responsibilities Procedures Tested during exercises (CMX/Cyber Europe 2016) Page 16

17 CCB 03 What about the CERT.be? Page 17

18 TOWARDS A STRONGER CERT.BE Better CERT.BE CCB collaboration/integration Mission: detect/observe/ analyse cybersec problems+ Users s information More capabilities (24 FTE) High level technical experts End : 36 FTE 24/7- monitoring IDS - CSOC > 60 % information sharing Incident handling Know-how Trust CERT@CERT.BE Page 18

19 CERT.BE 2017 CERT.BE 2017 Cyber Security Information Sharing Collect incoming information Collect open source, partner & commercial IOCs and rules Information analysis & registration (quality control, correlation and linkage ) Distribute of advisories & warnings Participate in cyber threat information sharing communities Threat assessment reporting (constituents, management, partners, ) Register & evaluate incoming messages (assessment, triage, prioritization) Monitor detection tool alerts for Gov sites Trigger necessary actions based on the message evaluation Page 19

20 CERT.BE 2017 CERT.BE 2017 Incident Response & Intrusion detection Coordinate incident response (24/7 on call at home) Design the IDS platforms Design architecture to search through logs with SIEM Digital Forensics & artefact analysis (malware analysis, sandboxing ) Creation and distribution of IOCs and rules Vulnerability and penetration testing (on demand) Development and maintenance of systems for handling automated feeds Page 20

21 CERT.BE 2017 CERT.BE 2017 Admin ICT ICT ICT BELNET NW-Info BELNET Customers CCB CERT.BE Info Sharing Incident Handling Critical Gov Kanselarij Admin, ICT, HR ICT Shared Services FedPol ADIV VSSE Critical Infrastructure &OES Transport Telecom Financial Energy etc Page 21

22 CCB <?> QUESTIONS? Page 22

Discussion on MS contribution to the WP2018

Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several