National Information & Communication Security Taskforce...
Transcript of National Information & Communication Security Taskforce...
2016 Taiwan National Computer Emergency Response Team 1
National Information & Communication Security Taskforce, Executive Yuan, Taiwan R.O.C. Organization Chart
NICST Convener: Vice Premier
Deputy Convener: Minister Without Portfolio and one Specified Minister Co-Deputy-Convener: Advisory Committee Member of National Security Council
Committee Members: Deputy Ministers of Ministries; Deputy Mayors of Municipalities; Deputy Minister of National Security Bureau; scholars and experts
Cyberspace Protecting System (Department of Cyber Security)
Cybercrime Investigation System
( MOI / MOJ )
Standard and Norm Group
(Department of Cyber Security)
Awareness and Training Group
(MOE)
Government Cyber Security Protection
Group (Department of Cyber
Security)
Personal Information
Protection and Legislation
Group (MOJ)
Cybercrime Prevention Group
( MOI / MOJ )
Cyber Environment and Internet
Content Security Group (NCC)
Department of Cyber Security
(Staff Unit) Information Security
Consulting Committee (Consulting Unit)
National Center for Cyber Security Technology
(TWNCERT)
Cyber Security
Standard
Information Service
Cyber security Education
Com
petition and Industry
Com
munication
Telecomm
unication
Health and M
edical
Financial Affairs
Transportation B
usiness
Critical Industry
Control System
Science Park
National Standard
Critical Information Infrastructure
Protection Management Group (Department of Cyber
Security)
Industry Development
Group (MOEA)
Critical Infrastructure Protection System
(Office of Homeland Security)
Other Cyber Security-Related Systems
(Competent Authorities)
E-government
2016 Taiwan National Computer Emergency Response Team 2
Critical Infrastructure Sectors
Energy
WaterResources
TransportationHigh-TechIndustrialPark
Banking&Finance
Communication&Broadcast
EmergencyServices&PublicHealthCare
Government
Database
Data/Info
Network
Communication System
Middleware IT System/IDC
End Points
2016 Taiwan National Computer Emergency Response Team 3 3
Cyber Security Measures of Government Sector
• Agency Business Continuity Drill
• Agency Cyber Drills (e.g. Social Engineering Drill)
• Annual Internal and 3rd Party Audit (including Cyber Health Check)
• Cyber Offensive and Defensive Exercise• Cyber Governance and Defense Capability
Indicator
Act Plan
DoCheck
• NICST Committee Meeting• NICST Working Group Meeting • Cyber Security Technology Workshop • CIO and CISO Meeting • Quarterly Workshop for
IT Personnel
• Baseline Security Measures of Agencies (ISMS/Dedicated Personnel/Defense-in-depth/24x7 Monitoring)
• Baseline Security Measures of IT Systems• Personnel Competence and Certification• Public Private Partnership
(G-SOC Co-defense / G-ISAC)
• National Strategy for Cyber Security • Cyber Security Policy Whitepaper • Agency Responsibility Ranking• IT System Classification
2016 Taiwan National Computer Emergency Response Team 4 4
Framework of Government ISMS
• Honeypot R&D and Deployment • Botnet Tracing • GSN Backbone Intel. Gathering • Domestic Intel Exchange • International Intel Exchange • Threat and Alert Light
Early W
arning
• 2nd Tier G-SOC for Co-defense • Incident Handling • Alert Projects for National Celebrations • Special Projects for Critical Incidents • Digital Forensic Services
• Agency Responsibility Ranking • IT System Risk Classification • Annual Government IS Audit • Security Governance Maturity and Defense Index
Incident R
esponse
• National Software Asset Control Database • IT System Defense Baseline • Government Configuration Baseline • Secure Software Development • Penetration Testing • Cyber Health Check • Cyber Offensive and Defensive Exercise • Government Mobile App Security Test
System
Security
Mgm
t Process
A
wareness
Training
• Training of IT/IS Officials • Certification of IT/IS Officials • IS Competence Training Certification/Accreditation Scheme
• Awareness Raising Workshop • IS Legal Case Study Booklet
Detection Rules Alert Intelligences
Incident Tickets Security Logs
Security Appliances
SIEM Platform
Point of Contact CSIRT Team
IT Assets
ISMS
Government Officials
Incident Response Services
Incident Report
System Security Services
System Security Status
Customized Controls
Management and Audit Results
Training and Campaigns
Test and Accreditation
Situation Awareness 5 Perspectives / 30 Key Services 3,039 Agencies
G-ISAC
2016 Taiwan National Computer Emergency Response Team 5
5
G-ISAC for Early Warning
Botnet
APT
Malware
SPAM
Threat Precursor A
nalysis
Threat Intelligence Generation
Information S
haring
Gov. Agencies 3,039 Agencies
CIIP Authorities Telecom (NCC) / Banking(FSC) Utilities & e-Commerce (MOEA)
Internet Service Provider Gov.(GSN) /Academic (TANET) /All private ISPs
MSSP Chunghwa Telecom / Acer TradeVAN / ISSDU…etc
International Cooperation FIRST / APCERT / US-CERT CERT-EU…etc
HoneyBEAR
HoneyNET
Botnet Tracer
G-ISAC Government Information Sharing and Analysis Center
G-SOC
Legend HoneyBEAR: Behavior-based Email Anomaly Reconnaissance NCC:National Communication Commission FSC:Financial Supervisory Commission MOEA:Ministry of Economic Affairs GSN:Government Service Network MSSP: Managed Security Service Provider FIRST: Forum for Incident Response and Security Teams
Indicators Of
Compromise
2016 Taiwan National Computer Emergency Response Team 6
G-ISAC Intelligence Sharing
G-ISAC
Private Sectors ISAC
Gov. Agencies
Law Enforcement
Gov. Service Network
Antivirus & Related Industry
MSSPsIntelligence
Intelligence
TW Network Info. Center
Telecom ISAC (NCC-ISAC)
Academic ISAC (A-ISAC)
Financial ISAC (F-ISAC)
TACERT
TWAREN
ISPs
Insurance
Stocks Banks
CERT
E-Commerce CERT (EC-CERT)
TWCSIRT
TWCERT
● G-ISAC has covered IPs of GSN, Academic Network and 34 ISPs (Taiwan IP coverage > 99%)
2016 Taiwan National Computer Emergency Response Team 7
Domestic Information Sharing Status
2011 2012 2013 2014 2015 2016 (Q3)
ANA 720 1,432 1,646 756 1,222 1,410
EWA 17,327 6,455 3,710 3,865 4,782 2,410
INT 60,980 135,527 84,210 107,405 76,757 48,051
DEF 69 507 407 225 867 582
FBI 164 158 338 265 399 397
Total 79,260 144,079 90,311 112,516 84,027 52,850
From:2011/1/1~2016/9/30
60,980
135,527
84,210
107,405
76,757
48,051
79,260
144,079
90,311
112,516
84,027
52,850
0
20000
40000
60000
80000
100000
120000
140000
160000
2011 2012 2013 2014 2015 2016(Q3)
ANA
EWA
INT
DEF
FBI
Total
2016 Taiwan National Computer Emergency Response Team 8
Collaboration of Members - Mobile Device Malware Sample Sharing
● Criminal Investigating Bureau (CIB) established mobile device malware sample sharing channel with SOC members via G-ISAC
1. CIB Collect suspicious fraud messages , URL, and APK from various sources
2. TWNCERT receives intel, extracts malicious APKs and shares with SOC members
3. SOC members feedback APK analysis results
4. TWNCERT integrates all results and share the results with all members
G-ISAC
1
4
2
32
4
3 4
Share Intel with SOC Members SOC Members Feedback Results Integrate & Share the Final Results
Receive Intel Source
TWNCERT
2016 Taiwan National Computer Emergency Response Team 9
● Build government-wide situation awareness of cyber security ● Promote Public-private-partnership for better decision making
2nd Tier G-SOC for Co-Defense
External Threat
Existing Vulnerability
Regulation Compliance
Incident Handling
1st Tier MSSP
2nd Tier G-SOC
3rd Tier NICST
Actionable Intelligence
Government-Wide Situation Awareness
National-Level Decision Making Support
Co-defense Detection Rules
Trend Statistics Classification Data Modeling Prediction
Monitoring Data
2016 Taiwan National Computer Emergency Response Team 10
Current Situation Review
● Public-Private-Partnership now is weighted more on public sectors
● There are only three ISACs established (G-ISAC, NCC-ISAC and A-ISAC), although all operate and collaborate smoothly, but the sector coverages are limited
● Moreover, the sector level CERTs are also very few, thus the incident handlings do not performed very effectively
● There were no specific working groups for CI & CII sectors until this year in NICST organization
● There are no comprehensive regulations for cyber security, most cyber security tasks were limited within government agencies
2016 Taiwan National Computer Emergency Response Team 11
The Fifth National IC Security Development Plan
National Security Cyber Security Management
Industry Development
Technology R&D Talent Incubation
1. Develop national cyber security risk assessment mechanism
2. Establish national network and communication emergency recovery mechanism
3. Build national network defensive and offensive capabilities
4. Complete national cyber security policies, regulation & standards
5. Enhance cyber security defense among gov. and CI & CII sectors
6. More International collaborations
7. Increase cyber crime prevention and solve effectiveness
8. Promote related policies and development of cyber security industries
9. Reduce cyber security risks for industry supply chains
10. Combine and raise the values of academic and industrial cyber security R & D capabilities
11. Develop a privacy protected digital identification framework
12. Perfect the incubation and demand of cyber security professionals
13. Promote cyber security awareness and child online protection
2016 Taiwan National Computer Emergency Response Team 12
Complete Law and Regulation, Promote CIIP
ICT Security Management Act and Enforcement Rules
CIIP Steering Group
G-ISMS
CI Sector Specific Guidelines
Common Baseline Of CIIP
Power
Water
Transportation
High Tech Parks
Banking & Finance
Comm. & Broadcasting
Medical
CI Cyber Security Committees
Law Supervise
Help define
Provide References Provide references
Define
CI Cyber Security Promotion Mechanisms CI Sectors
Join
Execution
Government ISMS Framework
• CIIP Steering Group is formed by NICST and MOST • CI Cyber Security Committees is led by competent authority of that CI sector
2016 Taiwan National Computer Emergency Response Team 13
Conclusion
● Taiwan has set cybersecurity as national policy priority since 2001, 8 sectors have been defined as CI and central government had lead the way
● TWNCERT is a Government CERT, which recognized the need for an integrated approach of government coordination, public-private partnerships and international cooperation to better cybersecurity environment
● To enhance cyber resilience and preparedness of CII, a draft of ICT security management act is under development and public consultation is also on the way