CYBER SECURITY IN GOVERNMENT:

COOPERATIVE TRUST BUILDING

MEASURES

Center for Special Telecommunications S.E.

Cyber Security Center CERT-GOV-MD

CHISINĂU,

OCTOBER 3rd 2013

DENIS SAPOVALOV

WHO WE ARE?

Cyber Security Center CERT-GOV-MD Governmental Computer

Emergency Response Team Republic of Moldova.

The CERT-GOV-MD was created by the Government Decision nr.

746 of 18.08.2010 and primarily deal with incidents that happen in

informational and telecommunication system of public

administration authorities (AS25319 and AS39279).

OUR MISSION

Provide a single point of contact:

info@cert.gov.md

Assist the constituency and citizens in preventing and handling

computer security incidents

Coordinate response to large-scale incidents

Share data and knowledge

HOW CERT WORKS?

www.md

QUESTIONNAIRE: AWARENESS

0 5 10 15 20 25 30 35 40 45

Yes

No

Don't know

Credeți că organizația dumneavoastră poate

fi ținta unui atac cibernetic în următoarele 6

luni? (%)

QUESTIONNAIRE: WHO TO CALL?

Always

60%

Frequent

30%

Rare

10%

În cazul în care organizația dumneavoastră ar fi

ținta unui atac cibernetic, cât de probabil este să

solicitați suportul CERT-GOV-MD? (%)

Always Frequent Rare

CHALLENGES

Lack of national cyber security strategy and legal framework in cyber crime;

No legal enforcement of reporting to coordination contact point exists;

Lack of systematic approach at national level;

Lack of mandatory cyber security baseline system (ISMS) and institutionalized procedures addressing risk management methodology in public authorities;

Weak (none) awareness on cyber security importance, risks, protection methods, risk minimization etc. of the entire variety of target segments in the society.

ATTACKS

Brute Force Attack (Using Password List)

Website Defacement

DDoS Attacks

Phishing

Targeted Email Attack

SOLUTIONS

Alerts & Warnings (Security Advisories)

Guides & Best Practices

Incident Handling

Major Incidents

Monitoring

Network

Email Protection

IPS/IDS – eServices Protection

Risk Mitigation

TOP 3 Attack type on eServices:

Exploits:

MS-SQL: Slammer-Sapphire Worm (25)

SipVicious Brute Force SIP Tool (1569)

HTTP: Acunetix Security Scanner (220)

Reconnaissance :

FPSE: author.dll/exe Access (4)

IP: Short Time To Live (15443)

TCP: Port Scan (90678)

Vulnerabilities:

HTTP: IIS Extended Unicode Directory Traversal (86)

iSCSI: Linux Kernel iSCSI Buffer Overflow Vulnerability (48)

DNS: Suspicious Localhost PTR Record Response (132)

CHANGES FOR YOU!

LOCAL & INTERNATIONAL COOPERATION

Cooperation with NATO

Cooperation with other CERTS

Cooperation with security companies

CERT-GOV-MD Listed in Trusted Introducer Database in 2013

CTS became LIR in 2013

Cooperation with Law Enforcement Agencies

Cooperation with SIS

Cooperation with MTIC

Cooperation with ISPs

REPORTING

INCIDENTS

MATTERS!

You may not be the one affected

Other’s solution may work for you as well

Your solution may work for others

CERT-GOV-MD acts as focal point

Make it possible!

THANK YOU!

Questions?