International CERTs/CSIRTs Collaboration
apnic
151 views
17 slides
Oct 15, 2024
Slide 1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
About This Presentation
Adli Wahid, Senior Internet Security Specialist at APNIC, presented on 'International CERTs/CSIRTs Collaboration' at Brunei CySec Conference 2024 held in Bandar Seri Begawan, Brunei Darussalam from 18 to 19 September 2024.
Slide Content
International CERTs/CSIRTs
Collaboration
Adli Wahid
Collaboration
Adli Wahid
Let’s Connect!
•LinkedIn: Adli Wahid
•Senior Internet Security Specialist @ APNIC (2014 -now)
oCERT/CSIRT Engagements
oAPNIC Community Honeynet Project
oFIRST.orgboard member (2014 –2018)
•LinkedIn: Adli Wahid
•Senior Internet Security Specialist @ APNIC (2014 -now)
oCERT/CSIRT Engagements
oAPNIC Community Honeynet Project
oFIRST.orgboard member (2014 –2018)
APNIC –www.apnic.net
•Regional Internet Registry
•IP addresses & ASNs for the Asia Pacific
Region
•Based in Brisbane, Australia
•Capacity Building / Training (
•network infrastructure related including security
•https://academy.apnic.net
•Free!
•Self-paced courses
•Virtual Lab
•Webinars
•Regional Internet Registry
•IP addresses & ASNs for the Asia Pacific
Region
•Based in Brisbane, Australia
•Capacity Building / Training (
•network infrastructure related including security
•https://academy.apnic.net
•Free!
•Self-paced courses
•Virtual Lab
•Webinars
Acronyms
•CERT = Computer Emergency Response Team
•CSIRT = Computer Security Incident Response Team
•CIRT = Computer Incident Response Team
•+ some other variations
•CERT = Computer Emergency Response Team
•CSIRT = Computer Security Incident Response Team
•CIRT = Computer Incident Response Team
•+ some other variations
CERTs/CSIRTs -Different Responsibilities /
Constituencies
National
Enterprise /
Organisation
Sector –
based
Product
(PSIRTs)
“CERT/CSIRT
of the Last
Resort”
Constituencies
National
Enterprise /
Organisation
Sector –
based
Product
(PSIRTs)
“CERT/CSIRT
of the Last
Resort”
Other Interesting Facts about CERTs/CSIRTS
•Differences
oSize
oCapabilities
oExperience (new vs established)
oFunding ($$)
oMandate
•Similarities
oDeal with Threats & Threats
Actors
oNature of work
oMany things to do, Too Little
Time
oPowered by People
•Differences
oSize
oCapabilities
oExperience (new vs established)
oFunding ($$)
oMandate
•Similarities
oDeal with Threats & Threats
Actors
oNature of work
oMany things to do, Too Little
Time
oPowered by People
Community Collaboration is Not An Option
1.Need to train/upskill CERT/CSIRT staff
oTechnical & Non-Tech work
2.Nature of Threats – some will experience or see it first
oSharing threat related information for quick mitigation / early warning
3.Addressing the The Threat
oGetting information / Request for assistance
oJoint operation to disrupt activities of adversaries
4.Tools for supporting CERT work
oScripts, Software etc
5.Share resources for a common goal
oProjects, Initiatives etc
1.Need to train/upskill CERT/CSIRT staff
oTechnical & Non-Tech work
2.Nature of Threats – some will experience or see it first
oSharing threat related information for quick mitigation / early warning
3.Addressing the The Threat
oGetting information / Request for assistance
oJoint operation to disrupt activities of adversaries
4.Tools for supporting CERT work
oScripts, Software etc
5.Share resources for a common goal
oProjects, Initiatives etc
Examples
APCERT 2007 Drill
•Drills are not CTFs (i.e CyberBattle) ☺
•Participation of National CERTs in the Asia
Pacific Region
•12 teams from 13 economies
•In preparation for Beijing Olympics in 2008
•Scenarios & Drill Execution by AusCERT &
MyCERT
•Focus on communication & information
sharing
•APCERT runs the drill Annually until today
•Drills are not CTFs (i.e CyberBattle) ☺
•Participation of National CERTs in the Asia
Pacific Region
•12 teams from 13 economies
•In preparation for Beijing Olympics in 2008
•Scenarios & Drill Execution by AusCERT &
MyCERT
•Focus on communication & information
sharing
•APCERT runs the drill Annually until today
KrCERT/CC Annual CERT
Workshop
•Annual CERT Workshop supported by
KrCERT/CC (KISA) since early 2000*
•Focus on bringing new CERTs staff from the
region and beyond
•Opportunity to interact, meet and get to know
others in the community
•Uses content developed by TF-CSIRT
community (TRANSITs)
•Instructors are those who does CERT/CSIRT
work
https://tf-csirt.org/transits/
APISC 2015 (Seoul, KR)
Workshop
•Annual CERT Workshop supported by
KrCERT/CC (KISA) since early 2000*
•Focus on bringing new CERTs staff from the
region and beyond
•Opportunity to interact, meet and get to know
others in the community
•Uses content developed by TF-CSIRT
community (TRANSITs)
•Instructors are those who does CERT/CSIRT
work
https://tf-csirt.org/transits/
APISC 2015 (Seoul, KR)
CERT/CSIRT in the Pacific Project
•Interest in setting up a National CERT (starting with
CERT Tonga) in 2016
•Kick Start – Series of Workshops
•Focus
oEstablishing & Operationalizing a CERT in the context of the
Pacific
oCollaboration + Networking (with other partners PACSON,
APCERT & FIRST)
oOn the job training
oSharing ideas, success stories etc
•Created momentum in other areas of cyber security
i.e. education & awareness, support for LEAs and
other stakeholders
11
•Interest in setting up a National CERT (starting with
CERT Tonga) in 2016
•Kick Start – Series of Workshops
•Focus
oEstablishing & Operationalizing a CERT in the context of the
Pacific
oCollaboration + Networking (with other partners PACSON,
APCERT & FIRST)
oOn the job training
oSharing ideas, success stories etc
•Created momentum in other areas of cyber security
i.e. education & awareness, support for LEAs and
other stakeholders
11
FIRST.org
Fellowship Program
•How do we share information or get
help from places that do not have
CERT/CSIRT yet
•“CERT of Last Resort” doesn’t
always work
•Initiative by FIRST community to have
teams from least developed
ecomomies
•Started in 2014
•Identify possible reps / contacts
•Invite to FIRST Annual Conference
•Support with mentorship to help
establish National CERT/CSIRT
•Established team then joins FIRST
(not always but hopefully)
•Funded by FIRST members and
generous donors
https://www.first.org/global/fellowship/
Fellowship Program
•How do we share information or get
help from places that do not have
CERT/CSIRT yet
•“CERT of Last Resort” doesn’t
always work
•Initiative by FIRST community to have
teams from least developed
ecomomies
•Started in 2014
•Identify possible reps / contacts
•Invite to FIRST Annual Conference
•Support with mentorship to help
establish National CERT/CSIRT
•Established team then joins FIRST
(not always but hopefully)
•Funded by FIRST members and
generous donors
https://www.first.org/global/fellowship/
How to Get Help from Another Country?
•Official Version
Send Official Request
to Embassy
Embassy will Process
& Escalate to Ministry
in Home Country
Ministry will discuss
and contact the
appropriate Agency
Help?
•Official Version
Send Official Request
to Embassy
Embassy will Process
& Escalate to Ministry
in Home Country
Ministry will discuss
and contact the
appropriate Agency
Help?
How to Get Help From Another Country
•Community Edition
SMS
Puan XYZ, anda sudah dapat courier service document, sila
tandatangan atas electronik certification http://goo.gl/dGraHH
hxxps://www.dropbox.com/s/2spbfs86wsj2l8l/sijil.apk
** APK sends data to Command and Control in TW
1
2
3
•Community Edition
SMS
Puan XYZ, anda sudah dapat courier service document, sila
tandatangan atas electronik certification http://goo.gl/dGraHH
hxxps://www.dropbox.com/s/2spbfs86wsj2l8l/sijil.apk
** APK sends data to Command and Control in TW
1
2
3
Cyber Security Ecosystem
Network
Operators
Law
Enforcement
Policy
Makers /
Gov
Researchers
Vendors
CERTS/ISA
Cs/CSIRTs
Individual
Users
Organizations
15
Network
Operators
Law
Enforcement
Policy
Makers /
Gov
Researchers
Vendors
CERTS/ISA
Cs/CSIRTs
Individual
Users
Organizations
15
Summary
1.If you’re working alone, you are doing it wrong
•May need to change the mindset of Top Management
•External Engagement can be a dedicated role
2.Get yourself plugged in to the CERT/CSIRT Community
•May require additional resources (i.e. to attend meetings or extra time for
community work)
3.Be Proactive in your own community
•Don’t wait but initiate with others
•Someone needs to lead
4.Improve overall security together – build trust & make new
friends!
1.If you’re working alone, you are doing it wrong
•May need to change the mindset of Top Management
•External Engagement can be a dedicated role
2.Get yourself plugged in to the CERT/CSIRT Community
•May require additional resources (i.e. to attend meetings or extra time for
community work)
3.Be Proactive in your own community
•Don’t wait but initiate with others
•Someone needs to lead
4.Improve overall security together – build trust & make new
friends!
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 151
- Slides 17
- Age 413 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
30 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views