BUENOS AIRES 2019

CERTuy 3.0

Ing. Santiago Paz

santiago.paz@agesic.gub.uy @santipez

A M E M B E R O F D X

DIGITAL DEVELOPMENT

DIGITAL GOVERNMENT

1st IN THE REGION

1st IN THE REGION

digital plan 2020 Universalised e-interaction

Integrated and unified access

Transforming services (priority areas)

Transparency and accountability

Participation and collaboration Open data by default

Evidence-based decision making

Predictive analytics for proactive services

Intensive use of data and emerging technologies

Administrative and documental management

Common services and shared assets

Public records’ digitalisation

Digital Government Platform evolution

Platforms in strategic sectors Data architecture

Strengthen the ecosystem

Risk management and biz continuity

Universalised e-ID

Regulatory framework

PROXIMITY GOVT

OPEN GOVT

SMART GOVT

EFFICIENT GOVT

WHOLE-OF GOVT

RELIABLE DIGITAL GOVT

• Creado por Ley en 2018, con capacidades nacinales

• Alojado en la Agencia de Gobierno Electrónico, AGESIC

• Coordina el Consejo Honorario de Seguridad Informatica

• CSIRTamericas and FIRST Member

CERTuy 1.0 (2008-2011)

- Marco Institucional - Desarrollo de

Capacidades - Gestión del

Conocimiento

CERTuy Evolución

CERTuy 1.0 (2008-2011)

- Marco Institucional - Desarrollo de

Capacidades - Gestión del

Conocimiento

CERTuy 2.0

(2012-2018)

- Capacidad Operativa - Infraestructura propia - SOC 24x7 - Orientación a

Ecosistema

CERTuy Evolución

CERTuy 1.0 (2008-2011)

- Marco Institucional - Desarrollo de

Capacidades - Gestión del

Conocimiento

CERTuy 2.0

(2012-2018)

- Capacidad Operativa - Infraestructura propia - SOC 24x7 - Orientación a

Ecosistema

CERTuy 3.0 (2018-…)

- SOC Sectorial - Orientado a

Ecosistema - Centro de Excellencia

CERTuy Evolución

Ecosistema Ciberseguridad Uruguay

AGESIC

CC Unit Police DCSIRT CERTuy

SeCIU (ccTLD)

FING

Ceibal

Cibercrimen Ciberdefense Government Academia Telecom Servicios Financieros

Sector Privado

OT

4 Universidades

Antel CSIRT

Security Services

ISP Priv.

5 ISPs

Bancos Privados

Bancos Publicos

Petroleo ANCAP

CSIRT HEALTH

Servicio Publico

Servicio Privado

Salud

Electrica

UTE Justice

Fiscal

Comuni. Legal

CERTuy

SOC

Mesa de Coordinacion

Lab

CERT

La estrategia de Ciberseguridad esta enfocada en desarrollo de capacidades y sinergia

CERT SOC LAB

Mesa de Coordinación

Sectoriales CSIRT/SOC (incubator)

Comunidad (inluding International)

IRTs coordination, public and private)

Development, trainning, Information sharing y IR services

Networking, information sharing, POC

CERTuy Building Blocks

Cybersecurity KillChain

Mejorar la detección

SOC

• Feeds • IoC • Threat intelligence • Operations

• Trainning • Skill Transfer • Facilities

• SIEM • BigData • Vulnerability manager

• Monitoring and Incident Management 24x7

• Knowledge, Context

• “Contact list”

Multiple Data Sources

• Source Data normalization

• Custom Sources • Correlation Rules.

Correlación de Eventos, SIEM

• Cybersecurity Events and NetFlow ¡ ! • FW Security Events

• Traffic not allowed by policy

• Abnormal traffic

Service Level 1

Probing

Service Level 2

Vulnerabilities

Probing

Service Level 3

Vulnerabilities

Probing

@certuy

santiago.paz@agesic.gub.uy @santipez