enhancing security incident response capabilities in the ap
TRANSCRIPT
Issue Date:
Revision:
Enhancing Security Incident Response Capabilities in the Asia Pacific Region
6th APT Cybersecurity Forum
Adli Wahid
Security Specialist, APNIC
2
Agenda
1. About APNIC
2. Enhancing Incident Response Capabilities
3. Recent and future activities
About APNIC
3
What is APNIC?• Regional Internet Registry (RIR) for the
Asia Pacific region– Comprises 56 economies
• Secretariat located in Brisbane, Australia– Currently employs around 70 staff
• Not-for-profit, membership-based organization
• Governed by the Executive Council (EC), who are elected by the Members
4
APNIC’s Vision:
A global, open, stable, and secure Internet that serves the entire Asia Pacific community.
How we achieve this:
• Serving Members
• Supporting the Asia Pacific Region
• Collaborating with the Internet Community
5
Enhancing Incident Response Capabilities in the AP Region
6
7
Responding to Security Incidents
National Cyber Security Agency
National CERT / CSIRTs
Enterprise CERTs/CSIRTs
End-Users
Critical Infrastructure, Network Providers, Hosting, Cloud, Government, Financial Services, SMEs =
8
Network Operators / Service Providers
• A key player in the Incident Response process • Availability is important
– Critical Infrastructure (Internet Exchange)– Increasing becoming a target
• Need to be aware of the (changing) threat landscape – Help increase resilience the infrastructure by applying best practices – Provide timely assistance & mitigation – Emerging Trends - IOTs– CERT/CSIRT of the last resort
• Network Operators Groups (NOGs) – Local & Regional NOGs – APRICOT & APNIC Conference
Network Operators – Incident Response Relationship
• Interdependent entities
• Expectations – Resources are not misused or
abused – Fast ‘take-downs’ or response– Share information (logs, billing etc) – Communicate with Users /
Technical support – 24x7x365
• Frequently, at the receiving end
9
Network Operator
End-Users Customers
Security Response Community
Law Enforcement
10
Incident Response Capabilities • Managing Security Incidents
– Reduce impact of security incidents – Prevent security incident from occurring – Fixing actual vulnerabilities – Gain insights about emerging threats or incidents (ISACs, threat intel
feeds) – Collaborate with other stakeholders (i.e. investigation,
policy/strategy)
• Managing Security Incident Response Teams – Establishing CSIRTs – Operationalizing CSIRTs– Having the right skill sets, knowledge and tools – Being part of the community – Mentoring
11
APNIC’s Approach
• Capacity development – Internet infrastructure – Cyber security*
• Strategic Partnership – Various stakeholders– Regional & global – Shared goals
Security Outreach
12
Craig Ng
Promoting security best practices in the
APNIC community
NOGs, CSIRTS and LEA events
PK, CN, HK, KR, JP, PH SG, MY, ID, AU, TW
Collaboration with JICA and KISA to deliver
regional CERT training
Geoff Huston member of ICANN SSAC
Adli Wahid member of FIRST Board
MoU with APCERT
Interpol Global Cyber Crime Group
Adli Wahid
www.apnic.net/security
CSIRT Best Practice Forum • IGF 2014 & 2015
– Best Practice Forum on Establishing and Supporting Computer Security Incident Response Teams (CSIRT) for Internet Security
• Multistakeholder approach
• Addresses key concerns of establishing & setting up a CSIRTs – Key success factors – Costs & capacity building – Stakeholder engagement – Opportunities & challenges
• Call for Comments– http://intgovforum.org/cms/best-practice-forums/2-establishing-
and-supporting-csirts
13
Upcoming Activities • Support for regional activities
– FIRST & IDSIRTII TC (October)– FIRST & KRCERT/CC TC (November)– Interpol Global Cyber Crime Meeting (December)– APRICOT 2016 in Auckland (February)
• eLearning & Training– https://training.apnic.net
• Follow us for the latest updates– Blog https://blog.apnic.net – Twitter @apnic
Resource Public Key Infrastructure (RPKI)
15
RPKI presentations to NOGs and conferences
‘Ready to ROA’ Campaign – hands-on sessions to help Members create
ROAs
Shirts, stickers, web content to promote
campaign
Regional RPKI adoption has more than doubled in
past year - 0.82% to 1.92% and rising
www.apnic.net/roa
• 10 face-to-face and eLearning RPKI training courses delivered
• Offline simulation of production system• Create and revoke ROAs, observe changes to
routing state in lab
Internet Operational Research Grants
16
New fund supporting the Internet research community in the Asia Pacific
Research aiming to improve availability, reliability, and security of the Internet in the
Asia Pacific
Network measurement and analysis
IPv6 deployment BGP Routing Network Security
Conclusion
• Capacity development is fundamental & critical
• Approach must be flexible and scalable
• Plenty of challenges & opportunities
• Let’s collaborate!
17