![Page 1: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/1.jpg)
IT Security system in Latvia - achievements, statistics and
challenges
DSS Conference - 07.11.2013, Riga, Baiba Kaškina, CERT.LV
![Page 2: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/2.jpg)
Outline
• Legal environment• CERT.LV overview• Current situation overview• CERT.LV awareness rising activities
![Page 3: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/3.jpg)
Legal environment and policies
![Page 4: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/4.jpg)
IT Security Law
• In force since 1 February 2011• Sets CERT.LV tasks and
responsibilities• Defines responsibilities for:
• Public sector• Internet Service Providers (ISPs)• Critical IT infrastructure owners
![Page 5: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/5.jpg)
IT Security Law – Public sector
• In every institution – IT security officer responsible for:• IT security document creation• IT security audit execution• Annual employee education• Security incident reporting to CERT.LV• Participation in CERT.LV seminars
![Page 6: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/6.jpg)
IT Security Law – ISPs
• All ISPs submit «Action plan for continuous operations»
• Report to CERT.LV on major incidents• CERT.LV can request
• IT Security incident information• IT Security audits• Disconnection of an end user for 24h
![Page 7: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/7.jpg)
IT Security Law – CII
• Critical infrastructure list – state secret• Report incidents to CERT.LV• Establish IT Security documentation• CERT.LV can do black-box penetration
testing
![Page 8: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/8.jpg)
National IT security strategy
• Improvement of legal regulations
• Increasing human and material-technical resources for state institutions
• Rising cooperation at a national scale
• Intensifying international cooperation
• Hardening of education, science and social responsibility
![Page 9: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/9.jpg)
CERT.LV overview
![Page 10: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/10.jpg)
CERT.LV
• Information technology security incident response institution
• Mission: “Fostering IT security in Latvia”• From 1 January 2013 - CERT.LV
supervised by the Ministry of Defence
![Page 11: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/11.jpg)
CERT.LV
• Used to be CERT.NIC.LV est. 2006• Operational since 1 February 2011• Operates on basis of IT Security Law• State funded• All services are free of charge• Tasks delegated to Institute of
Mathematics and Computer Science, University of Latvia
![Page 12: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/12.jpg)
CERT.LV constituency
![Page 13: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/13.jpg)
What is CERT.LV?
• “Family doctor” and “fire-fighter” in the virtual environment
![Page 14: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/14.jpg)
CERT.LV main activity areas
• Incident response• “Security through cooperation”• Awareness raising
![Page 15: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/15.jpg)
CERT.LV collaboration
• State and municipal institutions• IT Critical infrastructure• Private sector
• ISPs• Financial institutions
• National Armed Forces• International collaboration
• NATO, EU, ENISA, CCD CoE• TF-CSIRT, FIRST
![Page 16: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/16.jpg)
January 2012 – MoU with NATO
![Page 17: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/17.jpg)
CERT.LV participation
• Cyber Defense Exercises:– CCD CoE «Locked Shields»
– NATO «Cyber Coalition»
– EU «Cyber Europe»
![Page 18: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/18.jpg)
Responsible ISP
Symbol of quality, received by IPS that:• Cooperates with CERT.LV and provides incident information to end users• Cooperates with Net-Safe Latvia for illegal material takedown off the Internet• Provides free Internet content filter setup upon customers request
![Page 19: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/19.jpg)
Current situation overview
![Page 20: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/20.jpg)
Current situation
• Large amount of incident reports every day
• High and low priority incidents
![Page 21: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/21.jpg)
Q1Q2
Q3
2013
20120
200
400
600
800
1000
1200
1400
1600
1800
High priority incidents
![Page 22: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/22.jpg)
Q1Q2
Q3
2013
20120
10000
20000
30000
40000
50000
60000
Low priority incidents
![Page 23: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/23.jpg)
Low priority incidents Q3 2013
1538994
567 450 370 335 311 232 203 171 153 129 127 119255269
497566
3934
74212531771
184719412055
284306
447918710
1
10
100
1000
10000
100000
do
wn
ad
up
op
en
reso
lve
rs
Ze
roA
cce
ss
Vir
ut_
bo
tne
t
Ze
uS
sle
nfb
ot.5
05
0
an
dro
id-s
tels
spa
m
pu
shd
o
viru
t
cutw
ail
cita
de
l-si
nkh
ole
kelih
os
viru
t-si
nkh
ole
torp
ig
sca
ns
sca
nn
ers
salit
y
fast
-flu
x
Ra
nso
mw
are
sin
kho
le
irc-
bo
tne
t
B5
8-D
GA
2
do
rkb
ot
un
kno
wn
18
95
B5
4-B
AS
E
wo
rm_
do
rkb
ot
Sa
nd
bo
x U
rl
salit
y2
![Page 24: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/24.jpg)
Current trends
• Botnet numbers are still very large
• Infections via browsers (Drive-by Exploits) – the most common vector
• Server hacking, phishing, DoS
• Malware distribution
• Attacks in socially sensitive moments
![Page 25: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/25.jpg)
![Page 26: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/26.jpg)
Banking trojan LV
================================Cau! Ir problema! Nosutu Tev failu, ja tas info noklus
prese, bus lielas nepatiksanas...
http://failiem.lv/u/goefclr
Juris================================
![Page 27: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/27.jpg)
Latest deface
![Page 28: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/28.jpg)
CERT.LV activities and awareness raising
![Page 29: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/29.jpg)
Information and recommendations
• Available and tailored for everyone• Information on newest viruses and
threats• Articles and suggestions• Examples for IT security principles and
rules• Portal www.esidross.lv (“be safe”)• Twitter and Facebook accounts
![Page 30: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/30.jpg)
![Page 31: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/31.jpg)
![Page 32: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/32.jpg)
New colleague - “Computerologist”
• Born on E-skills week 2012
• Twitter account
![Page 33: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/33.jpg)
E-skills week 2013
![Page 34: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/34.jpg)
Training and education events
• “Be safe” seminars for state institutions• Theoretical and technical IT Security
exercises, «Snow Storm 2013»• Seminar for Internet Service providers• Targeted events
• Legal issues• How to organize exercises• Risk assessment• Monitoring with Netflow• ENISA seminar on targeted attacks using social media
![Page 35: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/35.jpg)
Security Experts Group
• Information Technology and Information Systems Security Experts Group:
• Voluntary IT/IS security experts group• Advance IT/IS security and security
awareness culture in Latvia• Supports CERT.LV• Group has Statutes and Code of Ethics
![Page 36: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/36.jpg)
Cyber Defence Unit
• Estonian example• Concept developed in 2013• ~80 people interested• Unit operational within National Guards in 2014
– Exercises– Support of CERT.LV in case of crisis– Transfer of knowledge
![Page 37: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/37.jpg)
Success factors
• Security through cooperation• CERT.LV based on previous achievements and experience• Dedicated personnel• The carrot over the stick approach
http://hikingartist.files.wordpress.com/2012/12/carrot-stick-set.jpg
![Page 38: DSS ITSEC 2013 Conference 07.11.2013 - CERT.LV](https://reader033.vdocuments.net/reader033/viewer/2022061221/54bce9b94a795998658b458d/html5/thumbnails/38.jpg)
Next steps, challenges
• Increased funding in 2014– Hard to find employees
• To finalize National IT security strategy– To develop Action plan
• To start Cyber Defence Unit•«Esi drošs» («Be safe») seminar on 3 December 2013