1

OVERVIEW ON CYBERCRIMEINTRODUCTION

2

Global CoalitionITU-IMPACT’s Global Alliances

3

IMPACT

• The International Multilateral Partnership Against Cyber Threats (IMPACT) was established in 2008 with a seed fund of $ 13 million from the Government of Malaysia.

Introduction

• This fund was utilisedtowards setting up the infrastructure, facilities and initiating various services for ITU-IMPACT partner countries such as:

• Threat Information• Collaboration tools• Awareness• Capacity building

4

ITU-IMPACT CollaborationThe International Multilateral Partnership Against Cyber Threats (IMPACT) is the cybersecurityexecuting arm of the United Nations’ (UN) specialised agency - the International Telecommunication Union (ITU) – bringing together governments, academia and industry experts to enhance the global community’s capabilities in dealing with cyber threats.

ITU & IMPACT signs a Memorandum of Understanding in 2008. IMPACT becomes the physical home of ITU’s Global Cybersecurity Agenda to operationalise cybersecurityservices across 193 countries.

ITU & IMPACT signs a Cooperation Agreement in May 2011. IMPACT becomes the cybersecurity executing arm of the United Nations’ specialised agency, ITU. IMPACT now will expand its services to the UN System.

5

Cybersecurity Services Deployed146 Countries have joined the Coalition

6

ITU-IMPACTGlobal Partnership

IndustryInternational Organisations

Academia(200+)Civil Society

7

ITU-IMPACTServices

Technical Services

• Network Early Warning System (NEWS)

• Collaborative Platform for Experts (ESCAPE)

• IMPACT Government Security Scorecard (IGSS)

• Computer Incident Response Team (CIRT)

• Vulnerability and Web Assessment

• Penetration Testing

Non-technical

• Advisory Services on Policy and Regulatory Issues to Partner Countries

• Partner Country Coordination

• Partner Engagement (Industry, Academia, Intl. Organisations)

• Child Online Protection

Capacity Building

• Partner Country Cybersecurity Assessment

• Training

• Workshops

• Seminars

• High level briefings

• Cyber drills

Activities and Milestones2008 - 2013

9

OUR EXPERIENCECYBERSECURITY

ALERTSInitially countries started by requesting us for alerts and early warnings

We started receiving requests for providing assistance in the implementation

CIRT

CNIPRequests from countries for assisting them in the protection of their critical infrastructures

Requests from countries to provide assistance in developing a national level cybersecurity strategy

NCS

LEGALStarted responding to requests from countries to provide assistance for cybercrime legal frameworks review.

Expectations

2009 2010 2011 2012 2013

Resources Required

10

Global Response Centre (GRC)NEWS & ESCAPE

a) ITU-IMPACT have deployed cybersecurity services to over 145 partner countries globally to better prepare countries in dealing with cyber threats through its Network Early Warning System (NEWS).

b) NEWS provides global threat information through its partners; Symantec, KasperskyLab, Trend Micro, F-Secure, Satorys, SANS Internet Storm Center, Arbor Networks, etc.

c) The ESCAPE (Electronically Secure Application Platform for Experts) platform enables the GRC to act as a one-stop coordination and response centre for countries in times of crisis, enabling the swift identification and sharing of available resources.

11

CIRT Readiness AssessmentComputer Incident Response Team• Cybersecurity readiness assessment (conducted for over 40 countries):

• The main objective is to study and evaluate the partner country CIRT's structure andcapability to ensure that cybersecurity incidents, intrusion attempts, andemergencies are appropriately managed to levels consistent with industry standardsand good business practices

• ITU-IMPACT reports on key issues and analysis, recommending a phasedimplementation plan for national CIRT.

Activities planned for: • Conducting CIRT assessment from the

following regions:• Africa• Arab• South America• Asia Pacific• Eastern Europe• Caribbean

• At least 10 country assessments in 2014.

12

CIRT DeploymentComputer Incident Response Team• To assist countries to setup national CIRTs to proactively manage cyber incidents and

responding to cyber threats.

• ITU-IMPACT has deployed 5 national CIRTs during 2012-2013• Montenegro• Zambia• Kenya• Burkina Faso• Uganda

Ongoing Implementations:

• Tanzania• Ivory Coast• Barbados• Jamaica• Burundi

13

Training & Skills Developmenta) Trained more than 1600 cybersecurity professionals and practitioners globally.b) ITU-IMPACT has deployed over 350 scholarships to 80 partner countries globally to

create more cybersecurity professionalsc) IMPACT as the Cybersecurity Centre of Excellence for ITU has conducted various training

and workshops for ITU Member States on topics such as Securing Networks, MobileSecurity, Cloud Forensics.

2008

2009

2010

2011

2012

2013

1 12100

227324 350

Participants from the countries mentioned above have attendedcapacity building programs conducted by ITU-IMPACT

Number of scholarships that were deployed by ITU-IMPACT to its partner countries

AfghanistanAndorraBangladeshBulgaria Brunei DarussalamBurkina FasoCambodiaCameroonChileChinaCroatiaCyprusEgyptEthiopiaFijiIndiaIndonesia

IranIraqLao LaosMalaysiaMauritiusMongoliaMontenegroNepalOmanPakistanPalestineQatarRwandaSamoaSaudi ArabiaSingapore

SomaliSri LankaSudanSwedenTanzaniaTogoleseTurkeyUgandaUnited Arab EmiratesUSAVietnamYemenZambia

14

Cyber Drill

• Designed to maintain and strengthen international cooperation between partnercountries and ensure a continued collective efforts against cyber threats and exercisesdesigned to enhance communication and incident response capabilities.

• The cyber drill simulation runs through a scenario with each participating countrydivided into two roles, representing a player and an observer.

• Over 57 countries have participated in the Cyber drills conducted by ITU-IMPACT.

Cyber drills conducted:• Dec 2011 – Asia Region• July 2012 – Arab Region• Oct 2012 – Europe & CIS Region• Aug 2013 – Americas Region

Planned Cyber drills

• Arab Region 4th quarter 2013

• Asia-Pacific Region 4th quarter 2013

ITU-IMPACT Regional Forums on Cybersecurity

15

Child Online Protection

a) ITU-IMPACT has been identified as the implementer for the ITU COPframework

b) ITU-IMPACT has also focused on the development of tools, policies, procedures and materials specific to COP

Moving forward - COP National Strategy Framework:

a) ITU-IMPACT will conduct the next COP National Strategy Framework Workshop in Oman in October 2013.

b) Eastern Europe

c) Arab

d) Americas

COP

16

Collaboration with Kaspersky

• In July 2011, Kaspersky Lab began deep research/analysis of Xpaj samples from infected customer and multiple reports from all around the world started to arrive.

• Kaspersky Lab worked with ITU-IMPACT to investigate this malware in over half a dozen Eastern European countries and to trace the criminals behind it.

• Kaspersky Lab handled the technical side of investigation while ITU-IMPACT assisted at the organisational part and coordination with law enforcement and other relevant stakeholders.

• Though the investigation was not able to capture the criminal, we were able to shut down the main C&C servers, subsequently crippling the criminal’s activities.

Cybercrime Investigation

17

Collaboration with Kaspersky

• ITU-IMPACT initiated malware investigations in 2012 with Kaspersky Labs.

• Kaspersky Labs detected the Flame & Gauss malware.

• In both the cases above, Kaspersky responded swiftly to develop the removal tool.

• ITU-IMPACT immediately made the tool available to all its 144 partner countries globally and thiscollaboration and effort has helped nations mitigate these attacks that could have potentiallycause major disruption any economic losses to these nations.

Flame and Gauss Malware

18

Collaboration with INTERPOLMemorandum of UnderstandingIMPACT and INTERPOL have signed a Memorandum of Understanding (MoU) to exchange information, expertise as well as to enhance both organisations’ knowledge base in the field of cybersecurity.

The MoU will see collaboration in the following areas:

• To promote capacity building in the area of cybersecurity.

• To share and exchange information on digital forensics, malware and information relevant to cybersecurity.

• To assist in cybercrime investigation.

Secretary General of INTERPOL, Ronald Noble with IMPACT’s Chairman, Datuk Mohd Noor Amin

Witnessed by Noburu Nakatani, Executive Director, INTERPOL and

Dr Hamadoun Touré, Secretary General of ITU

19

IMPACT – Over the Years

No of Partner Countries

2008

0

146

2013

From very humble beginnings ITU‐IMPACT today has become the largest UN backed Cybersecurity Coalition in the world.Today we serve the Cybersecurity needs of nearly 2/3rd of the ITU member statesWe have achieved much but we realise that there is much more that needs to be done

IMPACTJalan IMPACT 63000 CyberjayaMalaysia

T +60 (3) 8313 2020F +60 (3) 8319 2020E contactus@impact-alliance.orgimpact-alliance.org

© Copyright 2013 IMPACT. All Rights Reserved.

Thank youwww.facebook.com/impactalliance