1 / 16

APCERT Activity Updates Asia Pacific Computer Emergency Response Team

APCERT Activity Updates Asia Pacific Computer Emergency Response Team. Yonglin Zhou, CNCERT/CC On behalf of APCERT AP* Retreat, Xi’an 26 August 2007. About APCERT. APCERT (Asia Pacific Computer Emergency

george-carlson
Download Presentation

APCERT Activity Updates Asia Pacific Computer Emergency Response Team

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APCERT Activity UpdatesAsia Pacific Computer Emergency Response Team Yonglin Zhou, CNCERT/CCOn behalf of APCERTAP* Retreat, Xi’an26 August 2007

  2. About APCERT • APCERT (Asia Pacific Computer Emergency Response Team) is a coalition of the forum of CSIRTs(Computer Security Incident Response Teams). • The organization was established to encourage and support the activity of CSIRTs in the Asia Pacific. • Started (in 2002) with 15 teams / 12 economies → Now 20 teams / 14 economies

  3. Full Members • AusCERT – Australia • BKIS – Vietnam • CCERT – People's Republic of China • CNCERT/CC – People's Republic of China • HKCERT/CC – Hong Kong, China • IDCERT – Indonesia • JPCERT/CC– Japan • KrCERT/CC – Korea • MyCERT – Malaysia • PH-CERT – Philippine • SingCERT – Singapore • ThaiCERT – Thailand • TWCERT/CC –Chinese Taipei • TWNCERT – Chinese Taipei

  4. General Members • BP DSIRT – Singapore • BruCERT – Negara Brunei Darussalam • CERT-In – India • GCSIRT – Philippine • NUSCERT – Singapore • VNCERT – Vietnam (Newly joined in April 2007)

  5. Network Security Cooperation Objectives • Encourage and support regional and international cooperation on information security in the Asia Pacific region; • Jointly develop measures to deal with large-scale or regional network security incidents; • Facilitate info sharing and technology exchange, including info security, computer virus and malicious code, among its members; • Promote collaborative research and development on subjects of interest to its members; • Assist other CSIRTs in the region to conduct efficient and effective computer emergency response capability; • Provide inputs and/or recommendations to help address legal issues related to info security and emergency response across issues regional boundaries; Emergency Response • Organize an annual conference to raise awareness on computer security incident responses and trends. Computer Security Awareness

  6. Cyber Security Incident is Changing Large scale, wide spreading incident (e.g. virus, worm outbreak) Specific targeted attacks, powerful tools (e.g. Botnet) Script kiddies, crackers Professionals, criminals Motivation: For fun, peer recognition Specific motivation: For financial gain, espionage

  7. Incident Handling Among Members is Changing Start handling more complicated incidents 2002 - 2003 (when APCERT was formed) Recent Incident Response • Response to Wide-spreading Incidents • Slammer incident response case • Reporting network traffic flows, updating local activities • Sharing technical information and vendor’s notes Response to “Specific Targeted” – pin point attacks Members sharing info e.x.) public monitoring info, attack announcement, targeted site, attacking tool info to help each team to protect their constituency ・Phishing site coordination ・Law enforcement involvement

  8. How APCERT Works • CSIRT: Computer Security Incident Response Team • Independent from politics, market, industry • Do not focus on WHO (attribute) and WHY (motivation) • Focus on technically what is happening, how to stop the incident, how to prevent it, from technical perspective coordination • CSIRT Common Policy • My security is Depending on your security • Web of trust – CSIRT trust relationship is developed based on a long time operation collaboration relationship • Systematic Handling – with repeatable procedure, POC agreement • Time manner • Each team has appropriate domestic contact to handle / respond to incidents (ISPs, critical infrastructure, government…) • Reaching to disconnected place using CSIRT network, where it is difficult to reach

  9. Consistent Efforts • Developed close collaboration relationship (Bridge the gap) • Regular face to face meetings between teams (develop trust) • Developing long time tactical strategy addressing cyber related issues, and working together • Training/Education/Awareness program • Daily communication not only incident information but about team structure, problem, trend, project • Site visiting time to time, organizing regular gatherings • POC arrangement between members • 24 hours hotline • Encrypted communication tools • Practice - Incident Handling Drill • APCERT Drill 2005 (10 teams / 9 economies) • APCERT Drill 2006 (Participation of 15 teams/ 13 economies)

  10. Consistent Efforts • Practice - Incident Handling Drill • APCERT Drill 2005 (10 teams / 9 economies) • APCERT Drill 2006 (Participation of 15 teams/ 13 economies)

  11. Based on operational experience – Outreach to multiple sectors • One important role of APCERT is education and training to raise awareness and encourage best practice. • APEC-TEL: APCERT provides recommendation / situation awareness / trend to AP regional intergovernmental initiative as security experts group in AP • APCERT received the General Guest status at APEC-TEL • ASEAN: APCERT members provide CSIRT training and Outreach program to newcomer economies • Many APCERT members joined the 2007ASEAN incident handling drill. • CNCERT/CC and JPCERT visited several ASEAN CSIRTs and relevant government departments, giving training courses, building incident handling and info sharing cooperation.

  12. Based on operational experience – Outreach to multiple sectors • Cross regional collaboration • TF-CSIRT (TERENA’s Task Force of Computer Security Incident Response Teams): European Counterpart of APCERT • FIRST: • Implement “TRANSITS” standard CSIRT training material, add regional modules on top of the core material • TRANSITS program ––from EU • *April 12–16, 2007 FIRST Technical Colloquium Doha, Qatar,  MyCERT represented on behalf of APCERT • *August 22–24, 2007 FIRST Technical Colloquium Kuala Lumpur, Malaysia, Hosted by MyCERT–CyberSecurity Malaysia

  13. APCERT Recent Activity Updates • APCERT 2007 AGM, February 2007, Malaysia • Hosted by MyCERT • APEC-TEL 35 Malware Workshop, April 2007, Manila • AusCERT, CNCERT/CC, KRCERT/CC • APCERT International Incident Handling Drill 2007 • Coming soon • Other International Relationships & Engagements • FIRST SC representative (JPCERT/CC) • APEC Tel SPSG Deputy Convener (KrCERT/CC)

  14. APCERT 2007 Open Session 7-9 February, 2007 in Langkawi Island, Malaysia Hosted by MyCERT, NISER http://www.niser.org.my/apcert/index.html

  15. APCERT 2007 AGM 7-9 February, 2007 in Langkawi Island, Malaysia Hosted by MyCERT, NISER http://www.niser.org.my/apcert/index.html

  16. Thank you APCERT General Contact apcert-sec@apcert.org APCERT Website http://www.apcert.org

More Related