1

Case StudyESTABLISHING

NATIONAL CERT By

Saleem Al-BalooshiEtisalat - AE

2

Internet Wonderful and Terrible

“The wonderful thing about the Internet is that you’re connected to everyone else.The terrible thing about the Internet is that you’re connected to everyone else.”Vint Cerf

3

CERT Main Services

1. Alerting

2. Reporting

3 Examples:AusCERTCERT-CC

GOVCERT.NL

4

Alerting Services:

• Purpose of the alerting Service: – AusCERT:

To provide timely early warning advice to the Australian public about computer network threats and vulnerabilities which could compromise confidentiality, integrity of availability

5

Alerting Services:

• Purpose of the alerting Service: – CERT-CC:

To provide information on critical incidents and vulnerabilities to system and network administrators around the globe and to other CSIRT teams.

6

Alerting Services:

• Purpose of the alerting Service: – GOVCERT.NL:

• To create an independent and free alerting service for IT security related incidents aimed at Dutch home users and small companies (up to 10 PCs)

7

Sponsors of the alerting service:

• AusCERT: The Australian Commonwealth Government.

• CERT-CC: The U.S. government and industry.

• GOVCERT.NL: The ministry of economic affairs in the Netherlands.

8

Alerting Services

• Target Groups of the alerting service:– AusCERT: The target group is Australian individuals

and small to medium Enterprises (SMEs).

– CERT-CC: System and network administrators, technology managers, other CSIRT teams around the world.

– GOVCERT.NL: Target Group of the service is Dutch home users and small enterprises (up to 10 PC’s)

9

Reporting Services

• What is a Reporting service: – A system to collect, process and analyze

computer security incident reports and share sanitized aggregate reporting to appropriate audience.

10

Reporting Services• Purpose of the reporting service:

– AusCERT: • To provide a source of “current” data about malicious network activity

which, when collated and analyzed can provide meaningful intelligence about:

– Computer network attack trends, malicious network attack activity, threats and vulnerabilities,

• To provide reporting groups (and others if appropriate) access to sanitized aggregate reporting to :

– Promote the use of appropriate mitigation strategies – Raise awareness of computer security issue – Keep them up to date with changing or emerging threat activity and trends– Give them access to computer network attack data beyond their own networks

(which they would not otherwise obtain)– Provide value-added assessment of aggregate data trends and activity to

encourage their continued reporting

11

Reporting Services

• Purpose of the reporting service:– GOVCERT.NL:

• Improving the quality of GOVCERT.NL’s output by acting as an extra CERT-Source

• Generating trends analysis of IT related security incidents for stakeholders

• Central reporting and monitoring point for (relevant) IT related security incidents

12

How to set up an alerting and reporting services?

• (GOVCERT.NL)– Operational CERT:

• Center of operations • Technical expertise • Information process up & running

– Technical Systems:• Web Server • Content management system • Mailing list software

– Organization (project team): • Project and office management • Technical, communication, legal, information analysis

13

How to set up an alerting and reporting services?

– Legal: • Develop General terms & conditions • Develop privacy policy and disclaimers • Take position in Market regulation issues • Develop Contracts and Service level agreements

– Communication and PR:• Organize Content-production and editing • Determine your media mix for alerts• Organize Co-writing of alerts for website, e-mail and SMS • Organize public campaign management

– Internal Processes:• Revise your information and operational processes • Establish escalation procedures for public warning.

14