APNIC Senior Security Specialist Adli Wahid gave a keynote presentation on the essential component of a CERT at the 2023 NCIT, held in Suva, Fiji from 17 to 18 August 2023.
7. Entities & Capabilities
CERT with
National
Responsibilities
Enterprise
CERTs/CSIRTs
CERT of the
Last Resort
Ad-Hoc
Incident
Response
Check out www.first.org
Trusted Point of Contacts
7
9. Managing Things
9
• Managing Security Incidents
o Reduce Impact of Security Incidents
o Prevent Security Incident from Occurring
o Fixing actual vulnerabilities
o Gain insights about emerging threats or incidents (Information Security & Analysis
Centers, Threat Intel Feeds)
o Collaborate with other stakeholders (i.e. investigation, policy/strategy)
• Managing Security Incident Response Teams
o Establishing CSIRT
o Operationalizing CSIRT
o Having the right skill-sets, knowledge and tools
o Being part of the community
o Mentoring
11. Don’t Phish Me!
• Online Banking
• Traditional Phishing (email ->
Web)
• Multiple Banks
• CERT receiving reports but
coordination is needed
• Money Mules!
• Outcomes – coordinated plan,
LEA engagement, Awareness for
Customers, Browser Plugin
Anti Phishing Working Group
(2007)
11
12. Key Ingredient – People
• Who is going to work in the team
• Role/Position = $$
• Training and capacity development
oGo deeper and wider
• Transitioning from non-security, non-secops
• Upskilling for tech folks – management
12
Sri Lanka CERT Cyber Security Awareness Week (2016)
13. Annual National Cyber Security
Exercise 2007 - XMAYA
National Cyber
Crisis
Management
Plan for Critical
Infrastructure
Process
Coordination /
Escalation
People /
Technology
Capabilities and
Communication
o National Security Council
o Support by Sector Lead of
Critical Infrastructure
o Drill Development &
Preparation by National
CERT
o Good view of policy vs
implementation
o Roles & Responsibilities
o Capacity Development –
Experience Incident
13
14. Challenges
• Different Set of Challenges for National vs Enterprise CERTs
• Getting started **
• Organisational – Mandate/Responsibility, Sustainability and Expansion
• Operational – visibility, resources, collaboration & coordination
14
15. Challenges - Continuity
• Continuity – change is expected
• Consistent policy, vision needed
• Positive = CERT expanding into a cyber security agency
• Negative = No funding for CERT, hostile takeovers
• Strengthening the Stakeholders
• User base and technology is dynamic
• Supporting the ecosystem – Resources, Training & Infrastructure
15
16. CERT/CSIRT in the Pacific Project
• Interest in setting up a National CERT (starting with CERT
Tonga) in 2016
• Kick Start – Series of Workshops
• Focus
o Establishing & Operationalizing a CERT in the context of the
Pacific
o Collaboration + Networking (with other partners PACSON,
APCERT & FIRST)
o On the job training
o Sharing ideas, success stories etc
• Created momentum in other areas of cyber security i.e.
education & awareness, support for LEAs and other
stakeholders
16
17. Where are we?
1. Do you have an incident response plan?
2. What are the top 5 threats last year or last month?
3. Where do cyber security incidents* get reported?
4. Is there an active information sharing network for security
practitioners or security teams?
5. Is there good visibility of what is happening in the environment?
6. Are organisations assessed to deal with data breach incidents or
ransomware? How is the coverage?
7. Are there any activities related to the coordination of incidents
within a specific economic sector or at the national level.
17
19. Take Aways
• Appreciation of Incident Response in the
Bigger Security Picture
• Cyber Resilience is not an option
• Continuous process
• Dedicated Teams & Capabilities
• Challenges – Getting Started, Expanding
and Maintaining
• Requires planning, resources and
persistence
• Our role – support & do something now
19
20. Thank you
Adli Wahid (LInkedIn)
adli@apnic.net
www.apnic.net
academy.apnic.net
20