1
OVERVIEW ON CYBERCRIMEINTRODUCTION
2
Global CoalitionITU-IMPACT’s Global Alliances
3
IMPACT
• The International Multilateral Partnership Against Cyber Threats (IMPACT) was established in 2008 with a seed fund of $ 13 million from the Government of Malaysia.
Introduction
• This fund was utilisedtowards setting up the infrastructure, facilities and initiating various services for ITU-IMPACT partner countries such as:
• Threat Information• Collaboration tools• Awareness• Capacity building
4
ITU-IMPACT CollaborationThe International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurityexecuting arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union (ITU) – bringing together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats.
ITU & IMPACT signs a Memorandum of Understanding in 2008. IMPACT becomes the physical home of ITU’s Global Cybersecurity Agenda to operationalise cybersecurityservices across 193 countries.
ITU & IMPACT signs a Cooperation Agreement in May 2011. IMPACT becomes the cybersecurity executing arm of the United Nations’ specialised agency, ITU. IMPACT now will expand its services to the UN System.
5
Cybersecurity Services Deployed146 Countries have joined the Coalition
6
ITU-IMPACTGlobal Partnership
IndustryInternational Organisations
Academia(200+)Civil Society
7
ITU-IMPACTServices
Technical Services
• Network Early Warning System (NEWS)
• Collaborative Platform for Experts (ESCAPE)
• IMPACT Government Security Scorecard (IGSS)
• Computer Incident Response Team (CIRT)
• Vulnerability and Web Assessment
• Penetration Testing
Non-technical
• Advisory Services on Policy and Regulatory Issues to Partner Countries
• Partner Country Coordination
• Partner Engagement (Industry, Academia, Intl. Organisations)
• Child Online Protection
Capacity Building
• Partner Country Cybersecurity Assessment
• Training
• Workshops
• Seminars
• High level briefings
• Cyber drills
Activities and Milestones2008 - 2013
9
OUR EXPERIENCECYBERSECURITY
ALERTSInitially countries started by requesting us for alerts and early warnings
We started receiving requests for providing assistance in the implementation
CIRT
CNIPRequests from countries for assisting them in the protection of their critical infrastructures
Requests from countries to provide assistance in developing a national level cybersecurity strategy
NCS
LEGALStarted responding to requests from countries to provide assistance for cybercrime legal frameworks review.
Expectations
2009 2010 2011 2012 2013
Resources Required
10
Global Response Centre (GRC)NEWS & ESCAPE
a) ITU-IMPACT have deployed cybersecurity services to over 145 partner countries globally to better prepare countries in dealing with cyber threats through its Network Early Warning System (NEWS).
b) NEWS provides global threat information through its partners; Symantec, KasperskyLab, Trend Micro, F-Secure, Satorys, SANS Internet Storm Center, Arbor Networks, etc.
c) The ESCAPE (Electronically Secure Application Platform for Experts) platform enables the GRC to act as a one-stop coordination and response centre for countries in times of crisis, enabling the swift identification and sharing of available resources.
11
CIRT Readiness AssessmentComputer Incident Response Team• Cybersecurity readiness assessment (conducted for over 40 countries):
• The main objective is to study and evaluate the partner country CIRT's structure andcapability to ensure that cybersecurity incidents, intrusion attempts, andemergencies are appropriately managed to levels consistent with industry standardsand good business practices
• ITU-IMPACT reports on key issues and analysis, recommending a phasedimplementation plan for national CIRT.
Activities planned for: • Conducting CIRT assessment from the
following regions:• Africa• Arab• South America• Asia Pacific• Eastern Europe• Caribbean
• At least 10 country assessments in 2014.
12
CIRT DeploymentComputer Incident Response Team• To assist countries to setup national CIRTs to proactively manage cyber incidents and
responding to cyber threats.
• ITU-IMPACT has deployed 5 national CIRTs during 2012-2013• Montenegro• Zambia• Kenya• Burkina Faso• Uganda
Ongoing Implementations:
• Tanzania• Ivory Coast• Barbados• Jamaica• Burundi
13
Training & Skills Developmenta) Trained more than 1600 cybersecurity professionals and practitioners globally.b) ITU-IMPACT has deployed over 350 scholarships to 80 partner countries globally to
create more cybersecurity professionalsc) IMPACT as the Cybersecurity Centre of Excellence for ITU has conducted various training
and workshops for ITU Member States on topics such as Securing Networks, MobileSecurity, Cloud Forensics.
2008
2009
2010
2011
2012
2013
1 12100
227324 350
Participants from the countries mentioned above have attendedcapacity building programs conducted by ITU-IMPACT
Number of scholarships that were deployed by ITU-IMPACT to its partner countries
AfghanistanAndorraBangladeshBulgaria Brunei DarussalamBurkina FasoCambodiaCameroonChileChinaCroatiaCyprusEgyptEthiopiaFijiIndiaIndonesia
IranIraqLao LaosMalaysiaMauritiusMongoliaMontenegroNepalOmanPakistanPalestineQatarRwandaSamoaSaudi ArabiaSingapore
SomaliSri LankaSudanSwedenTanzaniaTogoleseTurkeyUgandaUnited Arab EmiratesUSAVietnamYemenZambia
14
Cyber Drill
• Designed to maintain and strengthen international cooperation between partnercountries and ensure a continued collective efforts against cyber threats and exercisesdesigned to enhance communication and incident response capabilities.
• The cyber drill simulation runs through a scenario with each participating countrydivided into two roles, representing a player and an observer.
• Over 57 countries have participated in the Cyber drills conducted by ITU-IMPACT.
Cyber drills conducted:• Dec 2011 – Asia Region• July 2012 – Arab Region• Oct 2012 – Europe & CIS Region• Aug 2013 – Americas Region
Planned Cyber drills
• Arab Region 4th quarter 2013
• Asia-Pacific Region 4th quarter 2013
ITU-IMPACT Regional Forums on Cybersecurity
15
Child Online Protection
a) ITU-IMPACT has been identified as the implementer for the ITU COPframework
b) ITU-IMPACT has also focused on the development of tools, policies, procedures and materials specific to COP
Moving forward - COP National Strategy Framework:
a) ITU-IMPACT will conduct the next COP National Strategy Framework Workshop in Oman in October 2013.
b) Eastern Europe
c) Arab
d) Americas
COP
16
Collaboration with Kaspersky
• In July 2011, Kaspersky Lab began deep research/analysis of Xpaj samples from infected customer and multiple reports from all around the world started to arrive.
• Kaspersky Lab worked with ITU-IMPACT to investigate this malware in over half a dozen Eastern European countries and to trace the criminals behind it.
• Kaspersky Lab handled the technical side of investigation while ITU-IMPACT assisted at the organisational part and coordination with law enforcement and other relevant stakeholders.
• Though the investigation was not able to capture the criminal, we were able to shut down the main C&C servers, subsequently crippling the criminal’s activities.
Cybercrime Investigation
17
Collaboration with Kaspersky
• ITU-IMPACT initiated malware investigations in 2012 with Kaspersky Labs.
• Kaspersky Labs detected the Flame & Gauss malware.
• In both the cases above, Kaspersky responded swiftly to develop the removal tool.
• ITU-IMPACT immediately made the tool available to all its 144 partner countries globally and thiscollaboration and effort has helped nations mitigate these attacks that could have potentiallycause major disruption any economic losses to these nations.
Flame and Gauss Malware
18
Collaboration with INTERPOLMemorandum of UnderstandingIMPACT and INTERPOL have signed a Memorandum of Understanding (MoU) to exchange information, expertise as well as to enhance both organisations’ knowledge base in the field of cybersecurity.
The MoU will see collaboration in the following areas:
• To promote capacity building in the area of cybersecurity.
• To share and exchange information on digital forensics, malware and information relevant to cybersecurity.
• To assist in cybercrime investigation.
Secretary General of INTERPOL, Ronald Noble with IMPACT’s Chairman, Datuk Mohd Noor Amin
Witnessed by Noburu Nakatani, Executive Director, INTERPOL and
Dr Hamadoun Touré, Secretary General of ITU
19
IMPACT – Over the Years
No of Partner Countries
2008
0
146
2013
From very humble beginnings ITU‐IMPACT today has become the largest UN backed Cybersecurity Coalition in the world.Today we serve the Cybersecurity needs of nearly 2/3rd of the ITU member statesWe have achieved much but we realise that there is much more that needs to be done
IMPACTJalan IMPACT 63000 CyberjayaMalaysia
T +60 (3) 8313 2020F +60 (3) 8319 2020E [email protected]
© Copyright 2013 IMPACT. All Rights Reserved.
Thank youwww.facebook.com/impactalliance