ITU-IMPACT Capacity Building for Least Developed & Developed Countries Marco Obiso Cybersecurity Coordinator International Telecommunication Union (ITU) 30 January 2012
ITU and cybersecurity 2003 2005 WSIS entrusted ITU as sole facilitator for WSIS Action Line C5 Building Confidence and Security in the use of ICTs 2007 ITU Secretary General launched the Global Cybersecurity Agenda (GCA) A framework for international cooperation in cybersecurity 2008 2010 ITU Membership endorsed the GCA as the ITU wide strategy on international cooperation. 2
ITU-IMPACT strategy IMPACT s partners Industry Experts Academia International Bodies Think Tanks 3
Training & Skills Development
Training & Skills Development Mission To increase knowledge and skills in cybersecurity domains for ITU-IMPACT partner countries. Vision To become a global training provider in cybersecurity to effectively understand and manage cybersecurity to prevent, defend against and respond to cyber threats. 5
Training & Skills Development Providing world class capability & capacity programmes Specialised training programs IMPACT SecurityCore IMPACT Network Forensics IMPACT Developing & Implementing a CIRT IMPACT Forensics Investigation for Law Enforcement IMPACT Malware Analysis Scholarship - partnership with global certification body EC-Council (USD $1mil. grant) Global certification courses and Partners ITU Centres of Excellence (ISC) 2 EC-Council 6
Training & Skills Development Training Roadmap 7
ITU-IMPACT Training Milestones 2009-2011 Trained over 200 cybersecurity professionals and practitioners in 2010 Deployed 220 scholarships to 41 partner countries globally Trained 50 law enforcement officers globally on Network Investigation for Law Enforcement Trained 40 government, CIRT & telecom officers from 19 Countries on Securing Networks under ITU CoE (Asia Pacific) Developed IMPACT SecurityCore Programme to meet needs of partner countries and governments 8
ITU-IMPACT CIRT Assessment & Implementation Project
Developing National CIRTs Encourage the creation of national computer incident response teams, particularly for developing countries There is still a low level of computer emergency preparedness within many countries particularly developing countries The high level of interconnectivity of ICT networks could be affected by the launch of an attack from networks of the less-prepared nations, which are mostly the developing countries The importance of having an appropriate level of computer emergency preparedness in all countries The need for establishment of computer incident response teams (CIRTs) on a national basis Importance of coordination within and among the regions, 10
ITU-IMPACT Support for Member States Proposed CIRT Model ITU IMPACT Support 11
CIRT Deployment Phase 1 : Basic CIRT Services (6 Months) Proactive Services» Cybersecurity Training & Awareness Activities within the country Reactive Services» Incident response & handling (both remote and on-site).» Alerts & warnings» Vulnerability response Key Activities (sub phases) :- Assessment Planning & Design Implementation & Testing Operations Collaboration 12
Current Status ITU IMPACT performed readiness assessment Countries are now moving to the implementation phase 13
CYBER DRILL ITU-IMPACT ALERT (Applied Learning for Emergency Response Team)
Objectives The objectives of the ITU-IMPACT ALERT are to encourage participants to: Recognize the growing importance of cross-border cooperation and coordination in cyber security; Enhance the communication and participating teams incident response capabilities; and Enhance the CERT/CIRTs current processes and procedures in handling cyber threats and attacks. 15
ITU-IMPACT ALERT Execution The cyber drill exercise was based on real life scenarios to gauge the CERT/CIRTs incident handling capabilities such as: Spam Web defacement Malware 16
ITU-IMPACT ALERT Execution (Contd.) Start The attack details were sent by the organizer to the participants in the form of e-mails. The participants performed their analysis on the incident and came out with the mitigation solution Player receives incidents via email Player performs incident analysis Done Team observer assists the players Prepare advisory report on the incident and submit to the organizer via email. Submit advisory report to organiser via email Organiser sends an acknowledgement End 17
Participants The ITU-IMPACT ALERT 2011 participants included members of Computer Emergency / Incident Response Team (CERT/CIRT) from four countries Cambodia, Lao P.D.R., Myanmar and Vietnam. 18
ITU-IMPACT ALERT 2011 Yangon, Myanmar Drill is a good supplemental way for capacity building said Dr. Hoang Dang Hai, Deputy Director General of Vietnam Computer Emergency Response Team (VNCERT). 19
Thank you www.facebook.com/impactalliance IMPACT Jalan IMPACT 63000 Cyberjaya Malaysia T +60 (3) 8313 2020 F +60 (3) 8319 2020 E contactus@impact-alliance.org impact-alliance.org Copyright 2010 IMPACT. All Rights Reserved.