Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004!...
Transcript of Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004!...
![Page 1: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/1.jpg)
Tunisian experience in the National
Cyberspace Security
Nadhir LOGHMARI Software and Information Security Engineering, NSCA
ANSI © 2016
![Page 2: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/2.jpg)
Agenda
• National Agency for Computer Security (NACS, Tunisia)
• State of the art
• CSIRT • SAHER • Awareness
• New challenges
• Collaboration and Coordination
2
![Page 3: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/3.jpg)
National Agency for Computer Security
3
2004 Creation
2006 Member of the
OIC-‐CERT
2007 Member of
FIRST
And
AfricaCERT
2008 Network of Centres
of Excellence
CNUCED
2009 Assistance to the creation of the Private
Tunisian CSIRT
2011 Honynet Project
2014 Assistance in
the establishment
of the Nigerian CSIRT and support for membership in FIRST
2015
Membre of TF-‐CSIRT
![Page 4: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/4.jpg)
National Agency for Computer Security
4
Trust in the use of information technology
Protect citizens and public and private property against cyber threats.
Execution of national strategies Insure the technological awakening
Encourage the R&D of national solutions Insure the execution of periodical audit
Building skills Awareness
Threat Intelligence Open Sources
![Page 5: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/5.jpg)
National Agency for Computer Security
5
National Cyber Security Strategy Guidelines:
• Secure national information systems
• Secure the national cyberspace • Investing in “expertise”
• Education and awareness
• Legislation and regulation frame (Update) Critical Infrastructure Information Protection Data Protection Mobility
![Page 6: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/6.jpg)
National Agency for Computer Security
6
• 65 Engineer and Technician at the Agency
• Preparing the ISO 27001: Information security management
• Chief Information Security Officer (CISO) ~ 250 at the national scale
• +300 experts auditors certified from the NACS
• 8 audit firms certified from the NACS
![Page 7: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/7.jpg)
National Agency for Computer Security
7
NACS
CSIRT
Department Audit
Department
Technical Department
![Page 8: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/8.jpg)
8
State of the art: CSIRT
Threat intelligence
Penetration test
Patch management
Incident Handling
Monitoring
Vulnerability management
![Page 9: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/9.jpg)
State of the art: CSIRT
9
CSIRT team Collaboration network
• Information exchange • Attack Tracking • Assistance
• Trained Team • Technical means (Investigation) • Procedural means • Platform of incident management
Reporting incident System 24/7
Watch CSIRT ISAC
• Email : [email protected] • Web : on line forms • Tel: : 71 846020
• Massive attack Detection • Critical failure Detection • Web site attack Detection
• Email : cert-‐[email protected] • Call center: 71 843200 • Green N° : 80 100 267
Incident Analysis and handling
![Page 10: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/10.jpg)
State of the art: SAHER
10
SAHER
* New components under intergration
*
*
![Page 11: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/11.jpg)
State of the art: SAHER
11
SAHER
+ SAHER TUNISIAN CYBER THREAT (Private sources)
![Page 12: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/12.jpg)
State of the art: Education and Awareness
12
![Page 13: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/13.jpg)
New challenges: Critical Infrastructure Information Protection -‐ CIIP
13
![Page 14: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/14.jpg)
New challenges: Deep Web
14
ü Deep Web: Internet not indexed by traditional search engines.
ü Dark Net: Private overlay network.
ü Dark Web: WWW hosted on Dark Nets.
“The Deep Web is vast. Thousands of times larger than the surface web.”
Alex Winter, Deep Web Documentary, 2015
![Page 15: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/15.jpg)
New challenges: Big data
15
Malware
APT
Script kiddies
Exploit kit
DDoS
Data breach
![Page 16: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/16.jpg)
Collaboration and Coordination
16
TunCERT
ISPs
ANSI
Administration
Telecom Operators
Media
Constructors Vendors
Industry Sectors
Finance and Banks
Energy Sector
Health Sector
Transport Sector
Coordination
Health Sector CSIRT
Banks CSIRT
Telecom CSIRT
ICS /SCADA CSIRT
Goverment CSIRT
Universities CSIRT
![Page 17: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/17.jpg)
17
Collaboration and Cooperation
![Page 18: Tunisian!experience!in!the!National!! …...NationalAgency’forComputerSecurity’ 3! 2004! Creation! 2006! Member! ofthe OICCERT 2007! Memberof FIRST! And! AfricaCERT 2008! Network!](https://reader033.fdocuments.us/reader033/viewer/2022042112/5e8d61d1057b7926cb4edc4d/html5/thumbnails/18.jpg)
Thank your for your attention
18