tunisian!experience!in!the!national!! …...nationalagency’forcomputersecurity’ 3! 2004!...
TRANSCRIPT
Tunisian experience in the National
Cyberspace Security
Nadhir LOGHMARI Software and Information Security Engineering, NSCA
ANSI © 2016
Agenda
• National Agency for Computer Security (NACS, Tunisia)
• State of the art
• CSIRT • SAHER • Awareness
• New challenges
• Collaboration and Coordination
2
National Agency for Computer Security
3
2004 Creation
2006 Member of the
OIC-‐CERT
2007 Member of
FIRST
And
AfricaCERT
2008 Network of Centres
of Excellence
CNUCED
2009 Assistance to the creation of the Private
Tunisian CSIRT
2011 Honynet Project
2014 Assistance in
the establishment
of the Nigerian CSIRT and support for membership in FIRST
2015
Membre of TF-‐CSIRT
National Agency for Computer Security
4
Trust in the use of information technology
Protect citizens and public and private property against cyber threats.
Execution of national strategies Insure the technological awakening
Encourage the R&D of national solutions Insure the execution of periodical audit
Building skills Awareness
Threat Intelligence Open Sources
National Agency for Computer Security
5
National Cyber Security Strategy Guidelines:
• Secure national information systems
• Secure the national cyberspace • Investing in “expertise”
• Education and awareness
• Legislation and regulation frame (Update) Critical Infrastructure Information Protection Data Protection Mobility
National Agency for Computer Security
6
• 65 Engineer and Technician at the Agency
• Preparing the ISO 27001: Information security management
• Chief Information Security Officer (CISO) ~ 250 at the national scale
• +300 experts auditors certified from the NACS
• 8 audit firms certified from the NACS
National Agency for Computer Security
7
NACS
CSIRT
Department Audit
Department
Technical Department
8
State of the art: CSIRT
Threat intelligence
Penetration test
Patch management
Incident Handling
Monitoring
Vulnerability management
State of the art: CSIRT
9
CSIRT team Collaboration network
• Information exchange • Attack Tracking • Assistance
• Trained Team • Technical means (Investigation) • Procedural means • Platform of incident management
Reporting incident System 24/7
Watch CSIRT ISAC
• Email : [email protected] • Web : on line forms • Tel: : 71 846020
• Massive attack Detection • Critical failure Detection • Web site attack Detection
• Email : cert-‐[email protected] • Call center: 71 843200 • Green N° : 80 100 267
Incident Analysis and handling
State of the art: SAHER
10
SAHER
* New components under intergration
*
*
State of the art: SAHER
11
SAHER
+ SAHER TUNISIAN CYBER THREAT (Private sources)
State of the art: Education and Awareness
12
New challenges: Critical Infrastructure Information Protection -‐ CIIP
13
New challenges: Deep Web
14
ü Deep Web: Internet not indexed by traditional search engines.
ü Dark Net: Private overlay network.
ü Dark Web: WWW hosted on Dark Nets.
“The Deep Web is vast. Thousands of times larger than the surface web.”
Alex Winter, Deep Web Documentary, 2015
New challenges: Big data
15
Malware
APT
Script kiddies
Exploit kit
DDoS
Data breach
Collaboration and Coordination
16
TunCERT
ISPs
ANSI
Administration
Telecom Operators
Media
Constructors Vendors
Industry Sectors
Finance and Banks
Energy Sector
Health Sector
Transport Sector
Coordination
Health Sector CSIRT
Banks CSIRT
Telecom CSIRT
ICS /SCADA CSIRT
Goverment CSIRT
Universities CSIRT
17
Collaboration and Cooperation
Thank your for your attention
18
