cyber security week 2015: get involved and contribute
TRANSCRIPT
Issue Date:
Revision:
Get Involved and Contribute! Adli Wahid
Security Specialist, APNIC
2
About Adli
• Friend of Jacomo!
• Lets connect! – @adliwahid (Twitter, LInkedIn) – Blog: https://blog.apnic.net
• Security Specialist @ Asia Pacific Network Information Centre (APNIC) – www.apnic.net/security
• Board Member of the Forum of Incident Response & Security Teams (FIRST)
Jacomo!
APNIC’s Vision:
A global, open, stable, and secure Internet that serves the entire Asia Pacific community.
How we achieve this:
• Serving Members
• Supporting the Asia Pacific Region
• Collaborating with the Internet Community
3
Security Outreach
4
Craig Ng
Promoting security best practices in the
APNIC community
NOGs, CSIRTS and LEA events
PK, CN, HK, KR, JP, PH SG, MY, ID, AU, TW
Collaboration with JICA and KISA to deliver
regional CERT training
Geoff Huston member of ICANN SSAC
Adli Wahid member of FIRST Board
MoU with APCERT
Interpol Global Cyber Crime Group
Adli Wahid
www.apnic.net/security
Security Response Community:
Are We There Yet?
Responding to Security Incidents
6
National Cyber Security Agency
National CERT / CSIRTs
Enterprise CERTs/CSIRTs
End-Users
Critical Infrastructure, Network Providers, Hosting, Cloud, Government, Financial Services, SMEs =
7
Thinking about the the problem
National Regional Global
8
Challenge #X Human Resources
9
Education
Technical
Soft skills
Formal
Informal
10
Where or how do I start?
Breaking down • Knowledge & skills
• Access to threat intelligence – On to trusted communities
• Access to people, expertise – Mentoring, coaching– Sharing of experience & lessons learned
• Challenge – Trust – “Don’t know anyone”
Can we teach this faster?
12
The power of communities
13
Different communities• Open Source projects
– Github!– Many security projects to join
• Local communities – Activities – Sharing ideas – Mentoring
• Special Interest Groups – FIRST (www.first.org) – Honeynet Project (www.honeynet.org) – OWASP (www.owasp.org)
• Examples – Network Operators Group (NOGs) – New Zealand Internet Task Force (NZITF)
14
Can I trust you? Who are you?
• Certain security groups are not easy to get involved with
• What am I sharing? – Ongoing investigation – My data / access
• Solutions – Trusted introducers – Web of trust – Traffic light protocol
15
Not this community!
16
What can you do?
• Individual– Start now – Get together – Make introductions
• Leaders– Encourage & motivate
• Businesses & government – Support – Provide platform & resources
• Law Enforcement – Awareness
• Everyone has a role to play
APNIC’s approach
• Capacity development – Internet Infrastructure – Cyber Security*
• Online training– http://training.apnic.net
• Strategic partnership – Various stakeholders– Regional & global – Shared goals
17
18
Get involved & contribute!
Internet Operational Research Grants
19
New fund supporting the Internet research community in the Asia Pacific
Research aiming to improve availability, reliability, and security of the Internet in the
Asia Pacific
Network measurement and analysis
IPv6 deployment BGP Routing Network Security