ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Marco ObisoCybersecurity CoordinatorInternational Telecommunication Union (ITU)

30 January 2012

2

ITU and cybersecurity2003 – 2005

WSIS entrusted ITU as sole facilitator for WSIS Action Line C5“Building Confidence and Security in the use of ICTs”

2007ITU Secretary‐General launched the Global Cybersecurity 

Agenda (GCA) A framework for international cooperation in cybersecurity

2008 ‐ 2010ITU Membership endorsed the GCA as the ITU‐wide strategy 

on international cooperation.

3

ITU-IMPACT strategy

IndustryExperts

AcademiaInternational

BodiesThinkTanks

IMPACT’s partners

Training & Skills Development

5

Training & Skills Development

Mission

To increase knowledge and skills in cybersecurity domains for ITU-IMPACT partner countries.

Vision

To become a global training provider in cybersecurity to effectively understand and manage cybersecurity to prevent, defend against and respond to cyber threats.

6

Providing world class capability & capacity programmesTraining & Skills Development

Specialised training programs

• IMPACT SecurityCore

• IMPACT Network Forensics

• IMPACT Developing & Implementing a CIRT

• IMPACT Forensics Investigation for Law Enforcement

• IMPACT Malware Analysis

Scholarship - partnership with global certification body

• EC-Council (USD $1mil. grant)

Global certification courses and Partners

• ITU Centres of Excellence

• (ISC)2

• EC-Council

7

Training & Skills DevelopmentTraining Roadmap

8

2009 - 2011ITU-IMPACT Training Milestones

• Trained over 200 cybersecurity professionals and practitioners in 2010

• Deployed 220 scholarships to 41 partner countries globally

• Trained 50 law enforcement officers globally on Network Investigation for Law Enforcement

• Trained 40 government, CIRT & telecom officers from 19 Countries on Securing Networks under ITU CoE (Asia Pacific)

• Developed IMPACT SecurityCore Programme to meet needs of partner countries and governments

ITU-IMPACT CIRT Assessment & Implementation Project

10

Developing National CIRTs

• There is still a low level of computer emergency preparedness within many countries particularly developing countries

• The high level of interconnectivity of ICT networks could be affected by the launch of an attack from networks of the less-prepared nations, which are mostly

the developing countries

• The importance of having an appropriate level of computer emergency preparedness in all countries

• The need for establishment of computer incident response teams (CIRTs) on a national basis

• Importance of coordination within and among the regions,

Encourage the creation of national computer incident response teams, particularly for developing countries

11

ITU –IMPACT Support

Proposed CIRT ModelITU-IMPACT Support for Member States

12

CIRT Deployment

• Proactive Services

» Cybersecurity Training & Awareness Activities within the country

• Reactive Services

» Incident response & handling (both remote and on-site).» Alerts & warnings» Vulnerability response

Key Activities (sub phases) :-

Assessment Implementation & Testing OperationsPlanning &

Design Collaboration

Phase 1 : Basic CIRT Services (6 Months)

13

Current StatusITU ‐ IMPACT performed readiness assessment

Countries are now moving to the implementation phase 

ITU-IMPACT ALERT(Applied Learning for Emergency Response Team)

CYBER DRILL

15

Objectives

The objectives of the ITU-IMPACT ALERT are to encourage participants to:

• Recognize the growing importance of cross-border cooperation and coordination in cyber security;

• Enhance the communication and participating teams’ incident response capabilities; and

• Enhance the CERT/CIRTs’ current processes and procedures in handling cyber threats and attacks.

16

ITU-IMPACT ALERT Execution

The cyber drill exercise was based on real life scenarios to gauge the CERT/CIRTs incident handling capabilities such as:

•Spam •Web defacement •Malware

17

(Contd.)ITU-IMPACT ALERT Execution

• The attack details were sent by the organizer to the participants in the form of e-mails.

• The participants performed their analysis on the incident and came out with the mitigation solution

• Prepare advisory report on the incident and submit to the organizer via email.

Start

Player receives  incidents via email

Player performs  incident analysis

Team observer  assists the players

Submit advisory report to organiser via email

Organiser sends an acknowledgement

End

Done

18

Participants

The ITU-IMPACT ALERT 2011 participants included members of Computer Emergency / Incident Response Team (CERT/CIRT) from four countries Cambodia, Lao P.D.R., Myanmar and Vietnam.

19

Yangon, MyanmarITU-IMPACT ALERT 2011

“Drill is a good supplemental way for capacity building” said Dr. Hoang Dang Hai, Deputy Director General of Vietnam Computer Emergency Response Team (VNCERT).

IMPACTJalan IMPACT63000 CyberjayaMalaysia

T +60 (3) 8313 2020F +60 (3) 8319 2020E contactus@impact-alliance.orgimpact-alliance.org © Copyright 2010 IMPACT. All Rights Reserved.

Thank youwww.facebook.com/impactalliance