2nd ENISA Workshop German CERT-Activities. 5 th October, 2006 Brussels

Similar documents
Two Aspects of Exercising Cyber Incidents

Bradford J. Willke. 19 September 2007

National Cyber Security Strategy 2016

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Building Global CSIRT Capabilities

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 68/243),

Working with the EU Directive High common level of network and information security. Martin Apel, SANS ICS Summit, Munich und

NIS-Directive and Smart Grids

Defining Computer Security Incident Response Teams

Cyber Security in Europe

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

Panel 1 National CSIRT Experience

Package of initiatives on Cybersecurity

Directive on Security of Network and Information Systems

The Case for National CSIRTs

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Directive on security of network and information systems (NIS): State of Play

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Global Security Advisor

CENTER FOR SECURITY STUDIES

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

Ian Bryant (VEDEF WG Co-Chair) 26 th May 2006

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Italian government CERT: INITIAL RESULTS

CERT.LV activities, role in Latvia and globally. Baiba Kaskina, CERT.LV , Sofia, Bulgaria

A framework for community safety and resilience

Security Director - VisionFund International

Security and Privacy Governance Program Guidelines

Swedish IT Incident Centre

Stakeholders Analysis

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

ITU-ACMA Asia Pacific Regulators Roundtable July 2014

IT Governance Framework at KIT

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction

22nd TF-CSIRT Meeting, Porto

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

The German IT Security Certification Scheme. Joachim Weber

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Local Action for Building Resilience at Nations and Communities

Discussion on MS contribution to the WP2018

Cyber Security Beyond 2020

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Co-operation against cybercrime CSIRTs LE private sector

Romania - Cyber Security Strategy. 6th IT STAR Workshop on Digital Security

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

ISAO SO Product Outline

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

INTERNATIONAL TELECOMMUNICATION UNION

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Security and resilience in Information Society: the European approach

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

STRATEGIC PLAN. USF Emergency Management

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/56/561/Add.2)]

CCISO Blueprint v1. EC-Council

Implementation Strategy for Cybersecurity Workshop ITU 2016

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Resolution adopted by the General Assembly on 14 December [without reference to a Main Committee (A/61/L.44 and Add.1)]

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

Member of the County or municipal emergency management organization

National Policy and Guiding Principles

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

Valérie Andrianavaly European Commission DG INFSO-A3

TURNING STRATEGIES INTO ACTION DISASTER MANAGEMENT BUREAU STRATEGIC PLAN

ACTIVE SHOOTER RESPONSE CAPABILITY STATEMENT. Dynamiq - Active Shooter Response

HOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through

Security. The total budget is CHF 0.8m (USD 0.8m and EUR 0.5m) (Click here to go directly to the summary budget of the plan).

EISAS Enhanced Roadmap 2012

EUROPEAN ICT PROFESSIONAL ROLE PROFILES VERSION 2 CWA 16458:2018 LOGFILE

ACAMS (Association of Certified AML Specialist)

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

The latest version of this profile can be found on the location specified in 1.3

Itu regional workshop

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Department of Homeland Security Updates

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

13967/16 MK/mj 1 DG D 2B

ASEAN REGIONAL COOPERATION ON DISASTER MANAGEMENT

Securing Europe's Information Society

The cybersecurity platform for industrial small and medium-sized enterprises (SME) Andreas Harner, Head of

How to communicate with your government - Lessons from Japan -

Earthquake Preparedness

Data Protection System of Georgia. Nina Sarishvili Head of International Relations Department

Statement for the Record

Strengthening Disaster Readiness. Moving from capacity to capability

Centre for cybersecurity Belgium : Role, Missions et future capacities

National Coordinator - DRR & Disaster Management

Transcription:

2nd ENISA Workshop German CERT-Activities 5 th October, 2006 Brussels

Overview Hosting Organisation CERT-Bund Background Projects CERT Services German CERT Activities International Cooperation Lessons Learned Jedlicka Hans-Peter 5 th October 2006 Folie 2

Bundesamt für Sicherheit in der Informationstechnik (BSI) Federal Office for Information Security www.bsi.bund.de Jedlicka Hans-Peter 5 th October 2006 Folie 3

Facts and Figures about BSI Established in 1991 Federal Superior Authority part of to the Federal Ministry of the Interior 430 staff (computer scientists, engineers, mathematicians, physicists) Budget: some 51 million Euro Jedlicka Hans-Peter 5 th October 2006 Folie 4

Customer Focus on Government and Administration Security consulting and support R & D of encryption devices Emission Security, Counter-Eavesdropping Operation of the Berlin-Bonn government net CERT Support of the e-government initiative Citizens Awareness campaign common user orientated give away CD BSI - web site www.bsi.bund.de www.bsi-fuer-buerger.de Frequent articles in computer magazines Science Cooperation with universities Research contracting Trend analysis Private sector Promotion of electronic signatures IT Grundschutz as an industry standard Certification of IT-products Critical infrastructures IT Security partnership Promotion of biometric methods Jedlicka Hans-Peter 5 th October 2006 Folie 5

Section 121 CERT-Bund www.bsi.de/certbund/index.htm Jedlicka Hans-Peter 5 th October 2006 Folie 6

Background (1) hosted by the Federal Office for Information Security (BSI) part of the Federal Ministry of Interior (BMI) initially created as virtual team 1994, named as BSI-CERT mainly focused on information gathering shift in paradigms in 2000 preparing to set up a real Computer Emergency Response Team Jedlicka Hans-Peter 5 th October 2006 Folie 7

Background (2) officialy established on 1st September 2001 renamed as CERT-Bund governmental CERT for the Federal Administration becoming the national CERT Jedlicka Hans-Peter 5 th October 2006 Folie 8

Department 1 Strategic Applications, Internet Security Organizational Chart Division 11 Strategic Applications Section 112 Network Platforms and Infrastructures, IVBB Division 12 Internet Security Section 121 Federal Government CERT, Crisis Response Centre Section 122 Internet Security Analysis and Security Procedures Core team 10 people Section 125 IT-Penetration Centre Section 126 Critical Infrastructures Close cooperation with other sections based on a case by case situation. Jedlicka Hans-Peter 5 th October 2006 Folie 9

Team of CERT-Bund 1 Team Leader 3 Senior Advisor 5 Security Specialists 1 Secretary Jedlicka Hans-Peter 5 th October 2006 Folie 10

Services provided by CERT-Bund Providing central PoC 24/7 for the Federal Administration Running a Situation Centre for monitoring public sources Analyzing incoming incident reports and other information about vulnerabilities Supporting the investigation of incidents and the recovery process Coordinating incident handling & malware reports Jedlicka Hans-Peter 5 th October 2006 Folie 11

Services provided by CERT-Bund Disseminating advisories or information on counter measures and/or workarounds by running a Warning & Information Service Running a telephone based Alerting Service for the Federal Administration New: Providing the national PoC for international Cooperation Coming soon: Running the National Crisis Response Centre Jedlicka Hans-Peter 5 th October 2006 Folie 12

Strategic Objectives National Plan for Information Infrastructure Protection (NPSI) http://www.bsi.de/english/themes/kritis/kritis_e.htm Prevention: Protecting information infrastructure adequately Preparedness: Responding effectively to IT security incidents Sustainability: Enhancing German competence in IT security Setting international standards Jedlicka Hans-Peter 5 th October 2006 Folie 13

Main Tasks Goal 8: Identifying, registering and evaluating incidents [...] will play the role of a national command, control and analysis centre that will be able to provide a reliable assessment of the current IT security situation in Germany at any time [...]. Goal 10: Responding to IT security incidents [...] to respond rapidly to serious incidents. It provides incident analyses and assessments to all relevant bodies and coordinates the cooperation [...] Jedlicka Hans-Peter 5 th October 2006 Folie 14

German CERT Activities Jedlicka Hans-Peter 5 th October 2006 Folie 15

History of CERTs in Germany Since 1991 many german CERTs / CSIRTs emerged. 1991 Micro-BIT 1993 DFN-CERT (University of Karlsruhe) (German Research Network) 1994 BSI-CERT / CERT-Bund (Federal Office for Information Security)... and the process of creating Emergency Response Teams is going on... 2002 CERT-Bw (German Armed Forces) 2003 Mcert (Small & Medium Enterprises) 2005 Bürger-CERT (easy to understand Alert & Warning Service for the average citizen) 200x other CERTs within different Sectors and important Global Players are still following up Jedlicka Hans-Peter 5 th October 2006 Folie 16

National Network of CERTs CERTs of Companies / Enterprises CERT-Bw Commercial CERTs Equal amongst equals! CERTs der Bundesländer CERTs for akademic Sector CERT-Bund Jedlicka Hans-Peter 5 th October 2006 Folie 17

CERT-Cooperations within Germany CERT Working Group ( CERT-Arbeitsgruppe ) about 30 german CERTs organised in an inofficial working group regular meetings 2 per year CERT Alliance ( CERT-Verbund ) 19 very closely cooperating CERTs, based on signed Code of Conduct & NDA http://www.cert-verbund.de Jedlicka Hans-Peter 5 th October 2006 Folie 18

Jedlicka Hans-Peter 5 th October 2006 Folie 19

Jedlicka Hans-Peter 5 th October 2006 Folie 20

Projects German Advisory Format (DAF) special exchange format for advisories based on EISPP Common Advisory Format Description (http://www.eispp.org/documents) standardized Common Model of System Information (CMSI) incorporated in SIRIOS Incident Handling System (SIRIOS) initiated and funded by CERT-Bund modular application framework focused on incident management and vulnerability handling licensed under the GNU General Public License (GPL) National Early Warning Capability ( CarmentiS ) initiated and funded by CERT-Bund to test the concept for the infrastructure to test new forms of visualization and automatic detection co-operative Information Management and Analysis Platform to recognize and assess current threats in a timely matter Jedlicka Hans-Peter 5 th October 2006 Folie 21

Jedlicka Hans-Peter 5 th October 2006 Folie 22

Early Warning in the German Internet ( CarmentiS ) Jedlicka Hans-Peter 5 th October 2006 Folie 23

Closing the Gaps Mcert Big companies & enterprises usually well protected traditional risk assessment & risk management established procedures professional IT administration What about Small & medium enterprises? Jedlicka Hans-Peter 5 th October 2006 Folie 24

Mcert Jedlicka Hans-Peter 5 th October 2006 Folie 25

Closing the Gaps Bürger-CERT For? Citizens and Small Business Companies From? Federal Office for Information Security (BSI) and Mcert German Association for IT-Security sponsored by leading business-partners such as: Why? Awareness raising; pointing out the dangers and risks of the Internet use; providing timely Alerts & Warnings; advising counter measures; How? Understandable safety information How much? Free Where? www.buerger-cert.de Jedlicka Hans-Peter 5 th October 2006 Folie 26

Bürger-CERT Jedlicka Hans-Peter 5 th October 2006 Folie 27

International Cooperation Jedlicka Hans-Peter 5 th October 2006 Folie 28

International CERT-Cooperation bilateral projects European Governmental CERT (EGC)- Group Cooperation between TERENA / TF-CSIRT An Initiative of TERENA - Trans-European Research and Education Networking Association http://www.terena.nl/tech/task-forces/tf-csirt/ APCERT Asia Pacific Computer Emergency Response Team http://www.apcert.org FIRST Global Coalition forming the Forum of Incident Response and Security Teams http://www.first.org/ Jedlicka Hans-Peter 5 th October 2006 Folie 29

European Governmental CERT Group Finland - CERT-FI France - CERTA Germany - CERT-Bund Netherlands - GOVCERT.NL Norway - NorCERT Sweden - SITIC Switzerland - SWITCH-CERT United Kingdom - UNIRAS/NISCC Jedlicka Hans-Peter 5 th October 2006 Folie 30

European Governmental CERT Group EGC is based on common interests strengthens the member organisations is an operational group is based on active participation is part of an international environment welcomes external contacts maintains a public web site (coming soon) http://www.egc-group.org can be reached via chair @ egc-group.org Jedlicka Hans-Peter 5 th October 2006 Folie 31

Lessons learned Jedlicka Hans-Peter 5 th October 2006 Folie 32

Lessons Learned (1) Prepare as much as possible Preparing analysis of constituency Critical scrutiny of services to be provided Definition of Service-Level-Agreements Definition of policies Clarification of mandate Clarification of authority Providing human, technical and financial resources Acquiring and extending competence Not everything can be envisioned right from the start Objectives might change over time Jedlicka Hans-Peter 5 th October 2006 Folie 33

Lessons Learned (2) Do not underestimate promotion of the team and the services Coordination with partners and constituency travel budget, human resources, time Initiating and extending relations to national and international CERTs, providers and law enforcement Progress is sometimes very slow IT security is not for free! But you can start small and grow with your responsibilty Jedlicka Hans-Peter 5 th October 2006 Folie 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback