ROLE OF CERT-GOV-MD and cooperation at national level Na Natalia SPINU NU, Ch Chief, C , CERT-GO GOV-MD MD, S , S.E .E. C . CTS
AGENDA 1. Introduction 2. CERT-GOV- MD: organization and operational capacities 3. CYBERSECURI TY INCIDENTS: CHALLENGES, CURRENT SITUATION AND PAST ATTACKS 4. Future: Cybersecurity in moldova 5. CONCLUSION S
There are only two types of companies: Those that have been hacked , and those that will be . Robert Mueller, FBI Director, 2012
Introduction
CYBER THREATS ARE INTERCONNECTED CYBER THREATS 2017 WA WANNACRY (MAY 2017) PETYA / NONPE PE PETYA / GO GOLDENEYE (JUNE 2017) SH SHADOW W BROKERS S LE LEAK (APRIL 2017)
SHADOW BROKERS LEAK August 2016 § Shadow brokers group claimed to obtain NSA spy tools. April 2017 § The most significant leak of spy exploits done by the group. April’s leak led to the most serious consequences.
WANNACRY § On Ma May 12 a strain of ransomware called WannaCry spread around the world. § The ransomware used leaked by Shadows Brokers exploit to attack the targets.
PETYA / NONPETYA / GOLDENEYE § A month or so after WannaCry, another wave of ransomware infections that partially leveraged Shadow Brokers Windows exploits hit targets worldwide
WHY THIS MATTERS TO YOU § Gr Growing space with rapid expansion § Cy Cyber is a chaot otic and ungo governed environmen en ent – Across all sectors: individuals, – Increasing tension between commerce, governments governments, individuals, – Growing pervasiveness in private enterprises, commence. everything we do – What is cyber defense? § Ma Many threats § Ea Early stages of cyber expansion § Cy Cyber Security is an unclear con oncept – Technological advancement – Considerable uncertainty, broad scope, and ever-changing – Fast and intense competition dimensions – An uncertain future of the cyber domain, the internet – Cyber security definitions vary and more widely and lack true conformity
THE CYBER SECURITY CHALLENGE… Wh When… • In the Cyber world, security was an afterthought • The Cyber world lacks a single central cyber architect • The Cyber world is a system of insecure systems • The Cyber world is not static but constantly evolving • Innovation is constant, and highly unpredictable
CERT-GOV-MD ORGANISATION AND OPERATIONAL CAPACITIES
WHO WE ARE? SUBORDINATION HIERARCHY FACTS 2010 Established by Government decision № nr. 746 of State Chancellery Government 18.08.2010 2013 Implemented ISO 27001 2014 CERT-GOV-MD became Clients accredited by Trusted Introducer Private sector S.E. Center of Special 2016 FIRST membership Telecommunications Public Authorities Cyber Security Center Security CERT-GOV-MD department
Benefits of CERT-GOV-MD § Serve as a trusted point of contact § Develop an infrastructure for coordinating response § Develop a capability to support incident reporting § Conduct incident, vulnerability & artifact analysis § Participate in cyber watch functions § Help organizations to develop their own incident management capabilities § Provide language translation services Make security best practices & guidance available § § Provide awareness, education & trainings
THREATS CYBERSECURITY
THREATS Threats in Cyberspace INFORMATION & ABUSE Targeted government • control and influence of citizens Propaganda • • Consciously communicating false information • State espionage Data breach • Identity theft • • Hackers Internet crimes, • encouraging sedition Terrorism •
THREATS Threats are Becoming More Complex Increasingly more complex software programs Supply chain isn’t New types of viruses transparent every day THREATS ARE BECOMING Tablet computer Cloud storage MORE COMPLEX Mobile data storage Several updates daily
THREATS High Foreign state sponsored cyber espionage Insecure codes Cyber terrorism Cyber warfare Critical infrastructure attacks BUSINESS Malware Cyber crime IMPACT: Identity theft Data breach § Citizen trust Hackers § Cost to protect DATA EVERYWHERE; Network attacks USER EXPERIENCE § Legal/ regulatory DRIVEN § Critical infrastructure § Wearable technology ACCESS ANYWHERE & INTERNET ACCESS AND § Internet of things ANYTIME HIGHLY CONNECTED Smart devices § DATA IN SECURE SYSTEMS Integrated online eligibility § BUSINESS SYSTEMS systems Drones § Online access to citizen data § Mainframe systems Big data § § § Artificial intelligence § Advances in § Internetworking internetworking § Cloud § Mobile payment Low Emergence of open systems Citizen self service Mobile Etc. § § § § 1990s 2000s 2010-2014 Now
CYBERSECURITY INCIDENTS CHALLENGES, CURRENT SITUATION AND PAST ATTACKS
CYBER INCIDENTS IN GOVERMENTAL SECTOR NUMBER OF INCIDENTS INCIDENTS BY CATEGORY (2016) 70% 60% 6 644 949 2016 50% 40% 6 285 590 2015 30% 6 570 938 2014 20% 5 636 172 2013 10% 60% 80% 100% 120% 0% SPAM Network Information Botnets Intrusion attacks gathering attempts
THREATS 3 3 882 882 529 529 unsolici cited ed em emails block cked ed as of 2016 2016 SPAM Seems legitimate and Many email accounts have spam filtering are sent to an email account Contains often dangerous links (to download) or invoices for Can also be sent on social alleged online orders networks or apps
THREATS 57 57 575 575 malware e block cked ed as of 2016 2016 ATTACKER TROJANS & VICTIM WORMS ARE SENT VIA INFECTED EMAILS hacker Can transfer sensitive data such as passwords, banking information, personal data Various new forms of malware appear Nest undetected in computer systems on the internet every day. or creep in during downloads
THREATS 3 678 3 678 Botnets infect ections detect ected ed ATTACKER BOTNETS INFECTED TARGET CONTROLERS Networks consisting of INFEC INFEC INFEC Can send infected and TED TED TED several computers dangerous (spam) emails INFEC INFEC INFEC TED TED TED hACK ER INFEC INFEC INFEC TED TED TED Can send infected and INFEC INFEC INFEC TED TED TED dangerous (spam) emails INFEC INFEC INFEC TED TED TED hACK ER Can attacks all IT systems
THREATS 124 575 Distri ributed Denial-of of-ser service ce (D (DOS) ) at attacks stopped ATTACKER BOTNETS INFECTED TARGET CONTROLERS Networks consisting of several computers Are also used as a distraction while malicious software is being installed INFEC INFEC INFEC TED TED TED Block internet services hACK ER INFEC INFEC INFEC TED TED TED INFEC INFEC INFEC TED TED TED INFEC INFEC INFEC hACK TED TED TED ER INFEC INFEC INFEC TED TED TED It purpose is to Interrupt web servers which then causes a mass of data packets to be sent to the server
CAPACITY BUILDING Cyber Security Trainings and Workshops Joint educational activities
INFORMATION SECURITY AWARENESS CERT-GOV-MD’s awareness activities
POWER OF PARTNERS Working together to ensure high level of cybersecurity
FUTURE CYBERSECURITY IN MOLDOVA
SECURITY Continuous Steps of a Security Management Process 1 Risk analysis Security 4 2 Policies, Validation and Manageme organizational improvement measures nt Process 3 Technical measures
FUTURE New Research Program of the Government with Four Focus Areas NEW SECURE HIGH- INFORMAT TECH ION & PRIVACY INFORMAT APPLICATI COMMUNI & DATA ION ONS CATIONS PROTECTI TECHNOL ON TECHNOL OGIES OGY (ICT) FOR MORE SYSTEMS SAFETY Security measures and Protection of critical More control over citizens’ New encryption capabilities solutions for networked infrastructures and personal data on the and security measures systems networked industrial plants Internet
CONCLUSIONS
CONCLUSION Cyber security is a global problem that has to be addressed globally by all governments jointly; No government can fight cybercrime or secure its cyberspace in isolation; International cooperation is essential to securing cyberspace; It is not a technology problem that can be ‘solved’; it is a risk to be managed by a combination of defensive technology.
THANK YOU! Na Natalia alia SP SPINU natalia.spinu@cts.md natalia.spinu@cert.gov.md
Recommend
More recommend
