Nell’iperspazio con Rocket: il Framework Web di Rust!
Strengthening Global Cybersecurity Cooperation
1. Enhancing Cybersecurity Readiness Through
International Cooperation
Mohd Noor Amin (mohd.amin@impact-alliance.org)
Chairman, Management Board
31 May 2012
4. Top 30 Attack Destination Countries
Attack Percentage Scale
High 1.55 –41.52
Med 0.16– 1.49
Low 0.02 – 0.14
Very 0 – 0.01
Low
4
5. Top 30 Attack Source Countries
Attack Percentage Scale
High 1.41 % – 31.30 %
Med 0.29 % – 1.15 %
Low 0.00% – 0.28 %
5
6. Global Statistics
Top Malware for April 2012
HUER/HTML.Malware
HTML/Infected.Webpage.
Gen2
ADSPY/AdSpy.Gen2
TR/Downloader.Gen2
TR/Crypt.XPACK.Gen3
Spam Outbreak from January 2012 to April 2012
Top Malware Affected Sectors Worldwide
4000000 Finance - 45 %
3000000 Personal Sites - 3 %
2000000 Business - 3 %
1000000 Computers & Tech - 7%
0 Pornography - 2 %
9/1/2012 9/2/2012 9/3/2012 9/4/2012
Forums and newsgroups - 3
%
Top Spam Relaying countries Search Engines - 4 %
40.00% Shopping - 7%
20.00%
Business-3%
0.00%
social networking-6%
Other Categories-14%
Statistical Information Sources: Symantec, Kaspersky, McAfee, Sophos, Commtouch, Trendmicro, Websense Securitylabs, Atlas Arbor, ThreatExpert
6
7. Key Cybersecurity Challenges
Lack of adequate and interoperable national or regional legal frameworks
Lack of secure software and ICT-based applications
Lack of appropriate national and global organizational structures to deal with
cyber incidents
Lack of information security professionals and skills within governments; lack of
basic awareness among users
Lack of international cooperation between industry experts, law enforcements,
regulators, academia & international organizations to address a global challenge
7
8. Addressing The Challenges
• Developing national Computer Incident Response Teams (CIRTs)
• Enhancing public-private partnerships to enhance expertise, knowledge, skills, resources &
experience
• Enhancing international cooperation:
– between nations to mitigate cyber attacks
– Regulator, law enforcement & national CIRT/CERTs
• Cyber laws needs to be put in place and harmonised
• Increase capability & capacity building programs
8
10. ITU–IMPACT Collaboration
The International Multilateral Partnership Against Cyber Threats (IMPACT) is the
cybersecurity executing arm of the United Nations’ (UN) specialised agency - the
International Telecommunication Union (ITU) - bringing together governments,
academia and industry experts to enhance the global community’s capabilities in dealing with
cyber threats.
ITU & IMPACT signs a Memorandum of Understanding in ITU & IMPACT signs a Cooperation Agreement in May
2008. IMPACT becomes the physical home of ITU’s Global 2011. IMPACT becomes the cybersecurity executing arm
Cybersecurity Agenda to operationalise cybersecurity of the United Nations’ specialised agency, ITU. IMPACT
services across 193 countries. now will expand its services to the UN System.
10
12. ITU’s Global Cybersecurity Agenda (GCA)
Framework for International Cooperation
ITU’s Global Cybersecurity Agenda (GCA) – UN backed framework to enhance
confidence and security in the information society.
Capacity
Building
International
Legal Measures
Cooperation
Global Cybersecurity
Agenda
Technical &
Organisational
Procedural
Structure
Measures
12
14. ITU-IMPACT’s Partners
International
Organisations
Academia
Alliance (200+) Child Online Protection
Industry
14
15. International Cooperation
Dr Hamadoun Touré – Secretary General, ITU
“Without international
cooperation, the problem
cannot be adequately
addressed since, more
often than not, the
criminal is not resident in
the same country where
the crime takes place”
15
16. International Cooperation
Why International Cooperation?
Estonian Minister for Economic Affairs and
Communications, Juhan Parts
“Adequate international cooperation is essential.” "Because if something happens in
cyberspace... it's a border crossing issue. We have to have horizontal cooperation globally," he
added.
16
17. Key Partnership Milestones
ITU-IMPACT
• Capacity building
a) Trained over 200 cybersecurity professionals and practitioners in 2010
b) Deployed 250 scholarships to 43 partner countries globally (SANS & EC-Council)
c) Trained 50 law enforcement officers globally on Network Investigation
d) Conducted the world’s first UN-backed Cyber Drill for CLMV (Cambodia, Lao, Myanmar & Vietnam)
countries
• CIRT/CERT Implementation
a) Conducted over 30 country readiness assessments
b) Deployed and implemented CIRT for Montenegro
• IMPACT Government Security Scorecard (IGSS)
a) Successfully deployed the pilot IGSS implementation for the Malaysian government
• Child Online Protection (COP)
a) Successfully conducted the first COP National Strategy Framework for Brunei
• Cybercrime Investigation
a) Conducted 3 cybercrime investigations with key partners
17
18. Key Initiatives Planned
ITU-IMPACT
• New enhanced version of ESCAPE to be rolled out for better and greater information sharing and
collaboration between key stakeholders in cybersecurity
• Cybersecurity readiness to be conducted for the Caribbean & Ivory Coast
• To deploy National CIRTs for Burkina Faso, Zambia, Uganda, Kenya & Tanzania
• Training planned for the following regions:
• Eastern Europe (Host: Turkey)
• Asia Pacific (Host: Lao)
• Africa (Host: Cameron)
• Pacific Island (Host: Fiji)
• Cyber Drill is planned to be held at the following regions (Partners: Kaspersky, F-Secure, Trend Micro &
ABI Research):
• Arab region – July 2012
• African region
• Eastern Europe region
• COP National Strategy Framework – to be deployed in other regions in 2012
18
19. Moving Forward
ITU-IMPACT
• ITU-IMPACT has created a politically neutral platform for governments,
academia, industry and international organisations to come together on
a single platform
• IMPACT’s Electronically Secured Collaborative Applications Platform for
Experts (ESCAPE) is a community based platform where knowledge,
expertise, experience, ideas can be shared, exchanged and discussed. A
platform where various communities can be created to look into a
myriad of areas from law enforcement, regulators, policy makers,
security experts, judiciary, CERT/CIRTs, specialised groups, etc.
• ITU-IMPACT welcomes governments, industry, academia, security
experts and international organisations to come together to work
towards a common goal of addressing cyber threats globally on this
platform.
19
20. Conclusion
Dr. Hamadoun Touré
“There are no borders in cyberspace and therefore only a global coalition
can tackle this problem. We need a global framework where everyone
commits to not attacking everyone else”
20