1. National Strategies Against Cyber-attacks: ITU-
IMPACT’s Global Perspective & Case Study
Philip Victor (philip.victor@impact-alliance.org)
Director, Policy & International Cooperation
18th March 2015

2. 2
Presentation Roadmap
1.ITU-IMPACT
2.Issues & challenges
3.Global Efforts
4.Moving forward
5.Conclusion

3. 3
ITU-IMPACT Collaboration
The International Multilateral Partnership Against Cyber Threats (IMPACT) is a key
strategic partner of the United Nations’ (UN) specialised agency - the
International Telecommunication Union (ITU) – bringing together
governments, academia and industry experts to enhance the global community’s
capabilities in dealing with cyber threats.
152 Countries have joined
the ITU-IMPACT Coalition

4. 4
ITU-IMPACT
A Global Coalition
Industry
Experts
Academia
International
Bodies
Think Tanks
193 Partner
Countries
UN System
Cybersecurity Services

5. 5
Attacks on Governments and CNII
In 2010 alone, the U.S. government was subject to over
300,000 cyber-attacks on its infrastructure.

6. 6
Attacks on Governments and CNII
“One of the biggest flaws in security
networks, as exposed with revelations this
week about a global wave of online
espionage, is human error, they say,
spurred by a lack of basic computer training
for executives and high-ranking officials.”

7. 7
Phishing Attacks
Banking Trojans are a fairly lucrative prospect for
attackers. Today’s threats continue to focus on
modifying banking sessions and injecting extra
fields in the hope of either stealing sensitive banking
details or hijacking the session. Some of the more
common banking Trojans include Trojan. Tiylon and
a variant of the Zbot botnet, called Gameover Zeus.
Symantec’s State of Financial Trojans 2013
whitepaper concluded that in the first three quarters
of 2013, the number of banking Trojans tripled.
More than half of these attacks were aimed at the top
15 financial institutions, though over 1,400
institutions have been targeted in 88 countries.
While browser-based attacks are still common,
mobile threats are also used to circumvent
authentication through SMS messages, where the
attacker can intercept text messages from the
victim’s bank

8. 8
How did these all happen?
Underlying Issues

9. 9
Key Cybersecurity Challenges
 Lack of adequate and interoperable national or regional legal frameworks
 Lack of secure software and ICT-based applications
 Lack of appropriate national and global organizational structures to deal with cyber
incidents
 Lack of information security professionals and skills within governments; lack of basic
awareness among users
 Lack of international cooperation between industry experts, law enforcements, regulators,
academia & international organizations to address a global challenge

10. 10
Addressing The Challenges
• Developing national Computer Incident Response Teams (CIRTs)
• Enhancing public-private partnerships to enhance expertise, knowledge, skills, resources &
experience
• Enhancing international cooperation:
– between nations to mitigate cyber attacks
– Regulator, law enforcement & national CIRT/CERTs
• Cyber laws needs to be put in place and harmonised
• Adoption of international standards and best practices
• Increase capability & capacity building programs

11. 11
OUR EXPERIENCE
CYBERSECURITY
ALERTS
Initially countries
started by
requesting us for
alerts and early
warnings
We started receiving
requests for providing
assistance in the
implementation
CIRT
CNIP
Requests from
countries for
assisting them in the
protection of their
critical
infrastructures
Requests from countries
to provide assistance in
developing a national
level cybersecurity
strategy
NCS
LEGAL
Started responding to
requests from countries to
provide assistance for
cybercrime legal
frameworks review.
Expectations
2009 2010 2011 2012 2013
Resources
Required

12. 12
ITU-IMPACT
Global Partnership
Industry
International
Organisations Academia & TrainingCivil Society

13. ITU-IMPACT
Case Studies

14. 14
The Global Cybersecurity Agenda
5 Pillars Platform

15. 15
The Global Cybersecurity Agenda
5 Pillars Platform
1. Legal measures – Strategies for development of a cybercrime legislation model that is
interoperable and applicable globally
2. Technical & procedural measures – Strategies for development of a global
framework for security protocols, standards, software & hardware accreditation schemes
3. Organisational structures – Global strategies for creation of organisational structures
and policies on cybercrime, watch, warning & incident response
4. Capacity building – Global strategies to facilitate human and institutional capacity
building in 1, 2 & 3
5. International cooperation – Strategies for the development of a cybercrime
legislation model that is interoperable and applicable globally

16. 16
ITU-IMPACT National Cybersecurity Strategy
Structure
NCA
National
CIRT
CNIIP CoE Forensics Centre Research Centre Certification Centre
National Cybersecurity Strategy
Legal &
Regulatory
Technical &
Procedural
Capacity
Building
Cooperation
Policy &
Compliance
National Cybersecurity Agency

17. 17
Computer Incident Response Team
CIRT Assessments and Deployments
Over 50 Assessments
Performed Globally
Afghanistan
Albania
Armenia
Bangladesh
Barbados
Bhutan
Bosnia &
Herzegovina
Botswana
Burkina Faso
Cambodia
Cameroon
Chad
Congo
Dominican
Republic
Ecuador
Gabon
Gambia
Ghana
Grenada
Honduras
Ivory Coast
Kenya
Laos
Lebanon
Lesotho
Macedonia
Maldives
Mali
Montenegro
Myanmar
Nepal
Niger
Nigeria
Senegal
Serbia
St. Kitts & Nevis
St. Vincent & the
Grenadines
Sudan
Tanzania
Togo
Trinidad & Tobago
Uganda
Vietnam
Zambia
Completed Deployment:
Montenegro, Zambia, Kenya, Burkina Faso, Uganda, Tanzania, Ivory Coast, Cyprus
& Ghana
Ongoing Implementation:
Djibouti, Barbados, Jamaica, Burundi, Trinidad & Tobago

18. 18
Cyber Drill
Applied Learning for Emergency Response Team (ALERT)
• Designed to maintain and strengthen international cooperation between partner countries and ensure a
continued collective efforts against cyber threats and exercises designed to enhance communication and
incident response capabilities.
• The cyber drill simulation runs through a scenario with each participating country divided into two roles,
representing a player and an observer.
• Drills conducted:
 Dec 2011 – Cambodia, Lao, Vietnam, and Myanmar
 Jul 2012 – Qatar, Oman, Sudan, Egypt, Tunisia, and UAE
 Oct 2012 – Bulgaria, Armenia, Ukraine, Moldova, Montenegro, Romania, Slovak Republic, and Turkey
 Aug 2013 – Barbados, Bolivia, Chile, Colombia, Ecuador, Paraguay, Peru, Trinidad and Tobago, and
Uruguay
 Oct 2013 – Bahrain, Egypt, Kuwait, Libya, Mauritania, Morocco, Oman, Sudan, Qatar, UAE,
Saudi Arabia, and Tunisia
 Dec 2013 – Cambodia, Laos, Myanmar, and
Vietnam
 May 2014 – International Cyber Drill (Istanbul)
 Americas (Sept 2014) – Host: Peru
 Africa (Sept 2014) – Host: Zambia
Partners: TCG, ABI Research, Nuix, BitDefender,
Trend Micro, F-Secure, Symantec

19. 19
AWARE
Comparison of attack distribution by continent
Public Dashboard

20. • Shows statistics
collected from all
HORNET sensors
for the last seven
(7) days.
Management dashboard
HORNET

21. 21
Best Practices
• No single bullet – “defense-in-depth”
• Risk management approach – assessment - identify critical information and
zones
• Educate users and consumers – awareness is key - periodically
• Policies
• Be proactive and not just reactive (honeynet, drills, etc.)
• Incident response
• Adopt Standards
• Right people to manage key systems – training - certification
Key points but not limited to…..

22. IMPACT
Jalan IMPACT
63000 Cyberjaya
Malaysia
T +60 (3) 8313 2020
F +60 (3) 8319 2020
E contactus@impact-alliance.org
impact-alliance.org
© Copyright 2015 IMPACT. All Rights Reserved.
Thank you
www.facebook.com/impactalliance
philip.victor@impact-alliance.org