Centre for cybersecurity Belgium : Role, Missions et ...
Transcript of Centre for cybersecurity Belgium : Role, Missions et ...
Centre for cybersecurity Belgium :
Role, Missions et future capacities
NLO meeting
30/01/2018
Phédra Clouner
Deputy Director
CCB
01CCB mission & services
Page 2
The Centre for Cyber security Belgium
Page 3
Legal Basis
Page 3
• R.D. 10/10/2014
Contribute to build a safer and reliable Internet
Create a national policy and capabilities with existing actors
Belgian policies & Coordination
The Centre for Cyber security Belgium
Page 4
Legal Basis
Page 4
• R.D. 10/10/2014
Create a national policy and capabilities with existing actors
Coordination
Laws, standards, guidelines
Ensuring crisis management
The Centre for Cyber security Belgium
Page 5
Legal Basis
Page 5
1. Monitoring, coordinating and supervising the implementation of Belgian policy on the subject;
2. Managing the various projects on the topic of cybersecurity using an integrated and centralized approach;
3. Ensuring coordination between the relevant government departments and governments, as well as the
public authorities and the private or scientific sectors;
4. Formulating proposals aimed at adapting the regulatory framework in the field of cybersecurity;
5. Ensuring crisis management in case of cyber incidents in cooperation with the government's Coordination
and Crisis Centre;
6. Preparing, disseminating and supervising the implementation of standards, guidelines and security standards
for the various information systems of the governments and public institutions;
7. Coordinating the Belgian representation in international cybersecurity forums, coordinating the monitoring
of international commitments and national proposals on this subject;
8. Coordinating the security evaluation and certification of information and communication systems;
9. Informing and raising awareness among users on information and communication systems.
The Centre for Cyber security Belgium
• CCB
• Police
• CERT.be
• Crisis Centre
• SGRS
• Judiciary ((Federal )prosecution)
• OCAM
• VSSE
• Federal Public Service Foreign Affairs
• Conseil national de sécurité/ comité stratégique/ comité de coordination renseignement et sécurité
• Critical Infrastrctures /Vital sectors
• Belnis (Belgian network on information security)
• Privacy Commision
• Cyber security coalition
• ISP
• Vendors
• Academics
• International collaboration
Chapter 1
Page 6
stakeholders
The Centre for Cyber security Belgium
• Awareness
• Botnet Eradication
• Anti-phishing
• www.safeonweb.be
Page 7
STRATEGIC OBJECTIVES
• Cyber Security guides
• Webinars
• Training (Gov only)
• Partnerships
• Reliable technologies
@work
The Centre for Cyber security Belgium
Early warning-system
Threats, vulnerabilities, incidents …
Detection & monitoring
MISP – Standard IDS - SIEM
Baseline security norm & audit
Directives, guidelines, norms
Incident response
Diagnosis, response
Incident management system
Page 8
STRATEGIC OBJECTIVES
The Centre for Cyber security Belgium
• Encourage academic institutions
• Stimulate youth participation
• Exercises & training
• Specific HR
9
ENABLERS
It’s all about people
The Centre for Cyber security Belgium
• Situational awareness
• Cyber threat against Belgium
• Vital Sector specific risks and vulnerabilities
• Efficient information exchange
• Information portal for the population and companies
• Secured network for the Vital Sectors
10
Enablers
CCB
02Cyber Security (CySec) PROJECTS
Page 11
The Centre for Cyber security Belgium
• Cyber Security Early Warning system & National IOC exchange platform
• Botnet Eradication System
• National Cyber Security Awareness Campaign
• National Cyber Security Emergency Plan
• Cyber Security Risk Assessment tools & Baseline Security Norm for Vital Sectors
• Cyber Security expert training
• National incident handling communication system (ICMS – COBRA)
• Responsible disclosure policy
• ISACS (Vital Sectors, Academic, RS-IV, industry…)
• Cyber Diplomacy Framework (Cyber Diplomat)
• Standard Intrusion Detection System Architecture
• @Work online courses - webinars
• EU NIS Directive transposition …
• New cyber strategy will based on the NCSS Good practice guide+ art 7 NIS directive+
ENISA’s help?
Page 12
CURRENT PROJECTS
The Centre for Cyber security Belgium
Page 13
Vital Sector Early Warning System
The Centre for Cyber security Belgium
9 % des Belges, victimes de messages frauduleux
Identifiez le phishing
et
agissez !
Page 14
DÉFI
The Centre for Cyber security Belgium
Page 15
RESPONSIBLE DISCLOSURE
For Ethical Hackers
Authorization to access the IT systems
to inform on vulnerabilities
without committing an external hacking
crime (550 bis of the Criminal Code)
The Centre for Cyber security Belgium
• Upscaling
• National CySec CRISIS
• National CySec INCIDENT
• Small INCIDENT
• Definition of responsibilities
• Procedures
• Tested during exercises
• (CMX/Cyber Europe 2016)
Page 16
NATIONAL CYBER SECURITY EMERGENCY PLAN
CCB
03What about the CERT.be?
Page 17
The Centre for Cyber security Belgium
• Better CERT.BE – CCB collaboration/integration
• Mission: detect/observe/ analyse cybersec problems+ Users’s
information
• More capabilities (24 FTE) – High level technical experts
• End 2018-2019: 36 FTE 24/7- monitoring IDS - CSOC
• > 60 % information sharing
• Incident handling
• [email protected] 18
TOWARDS A STRONGER CERT.BE
Know-how
Trust
The Centre for Cyber security Belgium
• Cyber Security Information Sharing
• Collect incoming information
• Collect open source, partner & commercial IOCs and rules
• Information analysis & registration (quality control, correlation and linkage… )
• Distribute of advisories & warnings
• Participate in cyber threat information sharing communities
• Threat assessment reporting (constituents, management, partners, …)
• Register & evaluate incoming messages (assessment, triage, prioritization)
• Monitor detection tool alerts for Gov sites
• Trigger necessary actions based on the message evaluation
CERT.BE – 2017
Page 19
CERT.BE 2017
The Centre for Cyber security Belgium
• Incident Response & Intrusion detection
• Coordinate incident response (24/7 on call at home)
• Design the IDS platforms
• Design architecture to search through logs with SIEM
• Digital Forensics & artefact analysis
• (malware analysis, sandboxing…)
• Creation and distribution of IOCs and rules
• Vulnerability and penetration testing (on demand)
• Development and maintenance of systems for handling automated feeds
CERT.BE – 2017
Page 20
CERT.BE 2017
The Centre for Cyber security Belgium CERT.BE – 2017
Page 21
CERT.BE 2017
BELNETCERT.BE
BELNET Customers
NW-InfoAdmin
ICTICTICT
CCB
Critical Gov
Critical Infrastructure &OES
Energy
Transport
Telecom
Financial
Info Sharing
IncidentHandling
FedPol – ADIV – VSSE …
Kanselarij
Admin, ICT, HR…
ICT Shared Services
etc
CCB
<?>
QUESTIONS ?
Page 22