national cybersecurity preparation to deal with cyber attacks
TRANSCRIPT
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
1/15
1
National Cybersecurity preparation todeal with Cyber Attacks
Dr. Chaichana Mitrpant Assistant Executive Director,
Electronic Transactions Development Agency(ETDA)
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
2/15
2
Over all Internet usage in Thailand
- Computers 32 %
- Mobile devices
66.4%
- Home use 13.4%
- Commercial use 16.6%
- Social Network (persons) 14,142,620
(facebook )
e-Transaction1) e-Payment 4) e-Certificate
2) e-Trading & service 5) e-Medical record
3) e-Filing and e-Reporting
(e-Commerce = 56%, e-Auction = 44%)
Analog to Digital Era
Trust on CybersecurityChallenges
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
3/15
3
Potential Attacks
1980: Physical Attack 1990: Network Attack
Physical attack is normally in the past 20-30 years.
Nowadays, it becomes Network attack.
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
4/154
Potential Attacks
2000s: Wireless
2000s: Application
In the past 10 years, the threatis more complicate. The most
common is email phishing,
unauthorized wireless access and
attack via vulnerability of Web Application.
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
5/155
Potential Attacks
2010s: Client-Side
2010s: Social Networking2010s: Client-Side (Malware)
Malware is usually transmitted via
PDF, Mobile Application and Social
Media Software
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
6/156
North Korea behind hacking attack inMarch, claims Seoul
South says computers in North were used for
onslaught that wiped hard drives on PCs inTV stations and disrupted banks
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
7/157
Current Situation of ThailandIn 2012, There were 772,938 IP
addresses of all IP numbers 8,559,616
(9%) of computers in Thailand that
compromised and malicious used as the
tools for DDoS attack.
In 2012, There were 534 websites
reported as fraudulent financial. From
January to March 2013, 707 websites
were attacked and change data
(Defacement). An approximately 50%
of this number was from the Institution.
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
8/15
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
9/15
9
Importance of National Cybersecurity
No center of command
National agenda Increasing number of security threats
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
10/15
10
Management approach to Cybersecurity
Prime Minister's statement on 76/2555 on March 19, 2555 was
to establish the committee of the National Cyber securityhaving Prime Minister is the Chairman. (Assigned Deputy PrimeMinister Chalerm Yubamrung).
Prime Minister assigned ETDA: To be Secretary of the National Cybersecurity in order to
To Prepare a draft policy framework for National Cybersecurity /Cybersecurity Master Plan for Thailand.
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
11/15
11
Stakeholders in Cyber Security
- Regulatory work
- Justice work
National
Cyber
Security
Economic
Stability
Military
Stability- National Defense
& Security Council
- Intelligence Work
- Facilities & Retaliation
- Ministry of Defence
& Army.
- National Defense
& Security Council
- Intelligence Work
- Facilities & Retaliation
- Ministry of Defence
& Army.
Social Peace
Strengthening Capacity & Raising Public Awareness
Center of Command
ThaiCERT & Other CERTs
Urgent
Need
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
12/15
12
Thailand Cybersecurity Policy
National Cyberecurity Committee (Prime Minister is Chairman)
(Draft) Thailand
Computer Crime
Act
(Second Edition)
Prevention &suppression.
ISO/IEC
27001:2005Driving Law
Compliance.
Develop
standard
according to
Electronic
Transactions Act
National BCPDevelop plan to
support the
availability of
emergency or
disaster. (Continue
from NESDB)
Security
Professional
StandardEnhance
professional skill /Increase number
of Expert /
Compensation
Urgent tasks (Prepare and develop framework )
Other Messures
Infrastructure
to encourage.
- Sector-based
CERTs
- NRCA
- Government
Monitoring- National
Archive
(e-Authen
tication)
Internal
Security
Operations
Command
National Security
Council
Policy/Promotion/ Regulator
.
.
.
Royal Thai
Arm Force &
Law Enforcement
Office of
Electronic
Transactions
Commission
Best Practices &
Guidelines- Use of Smart Phone
- Use of Social Network
- Privacy Policy
NBTC
NIA
Critical
Infrastructure
Group
Policy & Defense
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
13/15
13
Authority duties of National Cybersecurity
Committee
1. Developpolicy andNational
CybersecurityModelScheme
2. Set anddevelopguideline formeasure, planandcybersecurityprograms
3. Monitorand evaluatemeasures andplansaccording tothe guideline
4. Provideprogress,
situation andrisk analysisof cyberthreats reportto theCouncil ofMinisters
5. Appointsubcommittees or working
groups tosupport theoperations
6. Coordinate with local andinternationalcybersecurity
7. Otheroperations asassignment
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
14/15
14
(Draft) National Cybersecurity Policy Framework
PrimaryStrategic
1 Governance and OrganizationalStructure
2 Cybersecurity Emergency Readiness
3 National Critical InformationInfrastructure Readiness
4 Public-Private Partnership5 Capacity & Capability Building
6 Legal Measures
7 Research and Development8 International Cooperation
SecondaryStrategic
-
8/12/2019 National Cybersecurity Preparation to deal with Cyber Attacks
15/15
15
2013 Working plan of National Cyberecurity1st Quarter 2nd Quarter 3 rd Quarter 4 th Quarter
Collaborate with
involved Agencies
Develop plan and
Workflow for
interoperability
when
incidents occurDevelop
Security
Framework
Build Public Awareness
Incidents Drill
Practice
SetupCERT as internal unit
for other organization
Capacity Building
National
Assessment
FIRST event
preparation