Public Private Partnership

Combating CyberCrime
Mohamed Shihab

Growing Cybersecurity
Threats
ICTs have become an integral part of information society.

No geographical borders, no boundaries and tremendous destructive

power

ICT networks are regarded as basic national infrastructure.

ICTs are also exposing our societies to the threat of cyberattacks.
Vulnerability of national infrastructures increases as the use of ICTs
take root.
Cyber attacks on ICTs are borderless and can be launched from virtually
anywhere.
As global reliance on ICTs grows, so does vulnerability to attacks on
critical infrastructures through cyberspace.

Key Cybersecurity Challenges

Lack of adequate and interoperable national or regional legal
frameworks
Lack of secure software and ICT-based applications
Lack of appropriate national and global organizational structures to
deal with cyber incidents
Lack of information security professionals and skills within
governments; lack of basic awareness among users
Lack of international cooperation between industry experts, law
enforcements, regulators, academia & international organizations to
address a global challenge

5
Source : Symantec.
http://uk.norton.com/content/en/uk/home_homeoffice/html/cybercrimereport/

Cybercrime
No limits
The number of cyber threats are growing
A combination of the tools can be a powerful weapon

Cost of War
Cost of a stealth bomber? $737 Million to $1.1 billion

Cost of a stealth fighter?

$80 to $120 million

Cost of a cruise missile?

$1 to $2 million

$300 to $50,000
Cost of using cyber space as a weapon?

Cyberia
A Case Study

FACT FILE

Country : Cyberia
Terrain : Island, with beautiful beaches
Density : 3,064/km2
Ethnic Groups : Cyberians
Official Language : Binary, JAVA and C
------------------------------------------------------------------

Country is well known for tourism and

trading. Houses one of the most prominent
harbour in the world. One of the finest
technology driven countries in the world with
state of the art infrastructure.
8

???

Harbour
Harbour
Server
Down
Down

Internet
Internet
Congested
Congested

DdO
S

Air
Air traffic
traffic
controller not
responding
responding

One fine day............

9

We cannot
contain
the attack

Statu
s

Where is the
actual attacker?

All attacks
from
overseas

We do not
have
diplomatic
ties

Stock market is
crashing... Its
havoc outside

Panic Starts.......
10

In the future all wars will be preceded by:

Chaos
Panic
Disinformation
Disruption of services

48hrs later.......
11

Living Examples
Estonia

Wave 3: Banks
Wave 2: Servers
Wave 1: Government
Education
Government
SPAM
Wave 2 ctd..
SPAM
Cyber Vandalism

Wave 4: ISP
Media
Banks
Wave
3 ctd..

12

Living Examples
Georgia

Stage 4: Physical Attack

Stage 1: Bot Harvesting

Stage 2: Training / Recruiting Stage 3: Continued Attack

Wave 2: Financial Institutions

Wave 3: Networks
Wave 1: Government / Media
Business Establishments
SCADA
Educational Institutions
SPAM
Government / Media
Wave 2 ctd

13

Cross Border Crime

WE HAVE
PROBLEMS

Lack of Knowledge

Lack of Resources No Direction

No legal framework
New Problems

Management Challenges

Capital intensive solutions

Need proactive solutions

Organisations working in silos Delays in Response

No emergency telephone
numbers

Lack of international collaboration

Crimes have become organised

Need better early warning system Addressing different type of attacks

The suspect is in
another country. What
do I do?

I wish somebody had

foreseen that this was
coming

I wonder if it is possible to
have more intelligence
on this situation

How can I notify this threat

to others?

I need more data for my research! I

wonder if somebody else is working
on the same thing

14

Cybercrime vs Conventional
Crime
Click icon to add picture

Click icon to add picture

Crime Comparison

Nearly all crimes were local

Evidence never far from the
crime scene
Language and
communication restrictions
Not internationally coordinated
Often isolated to a region

Conventional

Internet crimes span multiple

jurisdictions
Organised
Ever-evolving and complex
Evidence across borders
No proper cyber laws
It is not targetted on a specific
individual alone anymore.
Need not have specialised
knowledge

Cyber

16

17

18

IMPACT

20

21

22

Global Response Centre

Centre for Policy & International Cooperation
CIRT
GRC Services Capacity
Centre for Training & Skills Development
Centre for Security Assurance & Research

144 Countrie

Building

ITU-IMPACT
A combined effort to tackle growing cybercrime

Working Together

Academia
Research

UNODC

At UN level if we try to avert cyberwar we can

achieve:
Early mediation
Build a global security council
INTERPOL
Credible body
Trustedthe
source
of information
Private Org.
Bridging
digital
A reliable global body to express the problems

divide in cyber crime

Government
25

26

Provide Point of Contacts with different Countries

Establish contact with ITU-IMPACT partners for instant remedy
Provide heads up information on possible threats
king
a lookaat
Cyberia again...
Co-ordinate
collaborative
effort to tackle the attack
Develop human capacity within Cyberia
Setup Incident Response Team within Cyberia

27

Bridging the Resources

ITU-IMPACTs Global Alliances

Industry Experts

International
Organisations

Academia

Expertise

Technology

Skills

Resources

Think Tanks

Experience

Cybersecurity services/expertise

193 Countries

UN Agencies
28

4 Pillars of IMPACT

Global Response Centre

Network Early Warning System
(NEWS)
Cyber threat reference centre
Aggregation of cyber threats
across the globe
Collaboration with global industry
partners

Electronically
Secure
Collaborative
Application
Platform for Experts (ESCAPE)
Key experts and personnel from
partner countries (law
enforcement, regulators, country
focal, cybersecurity experts, etc)
Facilitate & coordinate with
partner countries during cyber
attack

30

Centre for Security Assurance &

Research
Security Assurance:
IMPACT Government
Security Scorecard (IGSS)
CIRT-Lite (Computer
Incident Response Team)
Professional services
(vulnerability assessment,
security audits, etc)
Research:
Facilitation & coordination
of cybersecurity research
Bringing together the
research community and
the industry

31

Workshops & CIRT

Objectives:
Deployment

- To assist partner countries assessment of its readiness to implement a National

CIRT.
- IMPACT reports on key issues and analysis, recommending a phased
implementation plan for National CIRT.
- In later stages the national CIRT will also be provided with enabling tools.
No
- Conducted
workshops for 33 countries globally
Partner Countries
Assessment Status
.

Afghanistan

Completed in October 2009

Uganda, Tanzania, Kenya & Zambia

Completed in April 2010

Nigeria, Burkina Faso, Ghana, Mali, Senegal & Ivory Coast

Completed in May 2010

Maldives, Bhutan, Nepal & Bangladesh

Completed in June 2010

Serbia, Montenegro, Bosnia & Albania

Completed in November 2010

Cameroon, Chad, Gabon, Congo & Sudan

Completed in December 2010

Senegal, Gambia, Togo, Niger

Completed in November 2011

Lao P.D.R
Completed in November 2011
Cambodia, Myanmar, Vietnam (Assessment for CMV national
9
Completed in October and November 2011
CIRTs)
10 Armenia
Completed in November 2011
11 South America and Arab region

2012

32

CIRT Deployment

CIRT Lite for National deployment

Regional CIRT deployment

33

Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for Afghanistan : October 2009

Session conducted in Kabul, Afghanistan

34

Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for East Africa (Kenya, Tanzania,
Uganda and Zambia) : 26th 29th April 2010

Session conducted in Kampala, Uganda

35

Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for West Africa (Burkina Faso,
Cte d'Ivoire, Ghana, Nigeria, Mali and Senegal) : 17th 21st May 2010

Session conducted in Ouagadougou, Burkina Faso

36

Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for Bhutan & Bangladesh : 1st
11th June 2010

37

Cybersecurity Assessment
ITU-IMPACT conducted cybersecurity assessment for Nepal & Maldives: 14th 25th
June 2010

38

Cybersecurity Workshop
/Assessment

39

Centre for Training & Skills

Providing
world class capability & capacity
Development
programmes

Specialised training programs

IMPACT SecurityCore
IMPACT Network Forensics
IMPACT Forensics Investigation for
Law Enforcement
IMPACT Malware Analysis

Scholarship - partnership with

global certification body
EC-Council (US$1 mil grant)
SANS Institute (US$1 mil grant
completed)

Global certification courses

(ISC)2
EC-Council

40

Training & Skills Development

Courses conducted for partner countries and in collaboration with IMPACTs
partners

41

Training & Skills

Development
IMPACT-Microsoft Network Forensics & Investigation Course: 6th 9th April 2010
(Brunei)

Closed session for law enforcement agencies 4 countries participated

42

Training & Skills

Development
IMPACT Network Forensics Course: 3rd 7th May 2010 (IMPACT Global HQ)

Class conducted for 22 participants from 5 countries

43

Training & Skills

Development
IMPACT-SANS IPv6 Training: 26th May 2010 (IMPACT Global HQ)

Training conducted by Dr Johannes Ullrich (SANS Internet Storm Center) 72

participants

44

Centre for Policy & International

Cooperation
Policy:
Workshops and seminars
Policy advisory & best
practices
e-Newsletter
International cooperation:
Partner country coordination
Partnership, cooperation and
collaboration with industry,
academia, think tanks &
international organisations
Child Online Protection (COP)
45

IMPACT ISRA Collaboration

GRC has been collaborating with ISRA (Information Security Research
Association) since June 2012
ISRA provides IMPACT with regular feeds for the GRC Portals.
Feeds contain information regarding:
ISRA looks at the vulnerabilities in various government websites, attack
plans and patterns from different countries around the world on voluntary
basis.
ISRA teams verify those initial findings of insecure systems by checking the
live systems and then upload this verified data to its database.
This information is then sent to IMPACT via email service on a weekly basis
using excel files.
GRC publishes this weekly information for its member countries so that they
can patch and secure the system before hackers exploit the systems and
damage them.
Collaboration Interest for both sides:
ISRA through this collaboration is looking for a safe and secure cyber space
where they can report their vulnerability findings and IMPACT already had those
platforms in the form of NEWS and ESCAPE with the target users in place.

46

Partnership with Interpol

Areas of Co-operation

Establishing key contact point in member states

Exchange of information
Capacity building programs for law enforcement officials
Consultation of key initiatives for the law enforcement agencies
Joint development efforts on enhancing forensic capabilities of
member states

47

IMPACTs Partners
International
Organisations

Industry

Alliance

Academia
(200+)

Child Online Protection

48

Areas of Co-operation
Public/Private Partnership

Access to key security industry players

Establishing key contact point in member states
Exchange of information
Capacity building programs for law enforcement officials
Establishing a framework for protecting children online
Jointly establishing a Centre of Excellence :
Research on tools/technologies
Capacity building programs for Law enforcement officials from
other regions as well as international agencies
Implementation of best practices and solution sets in the field of
CyberSecurity for key agencies
Annual regional/international workshop for LEAs on CyberSecurity

49

Thank you
www.facebook.com/impactalliance

IMPACT
Jalan IMPACT
63000 Cyberjaya
Malaysia

T +60 (3) 8313 2020

F +60 (3) 8319 2020
E contactus@impact-alliance.org
impact-alliance.org

Copyright 2011 IMPACT. All Rights Reserved.