Transcript The Role of National CSIRTs and the protection of

The Role of National CSIRTs and the
protection of Critical Information
Infrastructure
Barend J. E. Taute, Chair: National Cybersecurity Advisory Council
Outline
1.
2.
3.
4.
The cybersecurity threat landscape
The National Cybersecurity Policy Framework
National CSIRTs and the Cybersecurity Hub
National Critical Information Infrastructure
Protection
CYBERSECURITY THREAT
LANDSCAPE
ICT growth and Cybersecurity
• By 2025, Digital Economy 50% of industrialised GDP
• With growth comes risk
– Biggest threat to socio-economic development
– UN resolution 2000 of 2014: Global Threat
– Requires a global Culture of Cybersecurity
• Africa: > 1 bn people, 10 fastest growing economies
– Fastest growing mobile market (44% of new connections)
– 650 mn mobile subscribers, 80% on Facebook via mobile
– ME and Africa, e-commerce share from 1,6% (2013) to
2,3% (2016)
Cybersecurity in Africa
• Symantec Corporation Cybercrime is increasing at a
more rapid rate in Africa than in
any other continent.
• The number of targeted cyber
attacks in Africa increased by 42%
• 31% of these attacks, categorized
as cyber espionage, have hit both
large and small businesses.
NATIONAL CYBERSECURITY
POLICY FRAMEWORK (NCPF)
The National Cybersecurity Policy
Framework (NCPF) - March 2012
Coherent approach to address
–
–
–
–
–
–
–
–
Coordination, regulation, awareness, capacity & skills
National cybersecurity structures, threat reduction
Guidelines for policy development
Identification and securing of National Critical Information
Infrastructure (NCII) – public and private
Public-private partnerships for national action
Comprehensive legal framework
Promote international cooperation
Promote a culture of cybersecurity
The National Cybersecurity Policy
Framework (NCPF)
March 2012
• Objectives
g)
Compliance
with
technical
and
operational
standards
a) Aims and
objectives of
the South
African
Government
b)
Centralize
coordination
NCPF
f) Promote a
culture of
Cybersecurity
e) To
develop
skills and
R&D
capacity
d) To
promote
international
cooperation
c) Cooperation
and
coordination Government,
Private Sector
& Civil society
NCPF progress
• Cybercrimes and Cybersecurity Bill (DoJ&CS) in process
– Offences, investigation, 24/7 point, structures
– Evidence, obligations of Electronic Communications SPs
– NCII identification and auditing
• National policies and strategies
– Cybersecurity, cybercrime, awareness, cyber defence,
cybersecurity R&D, e-identity
• National Critical Infrastructure Bill (SAPS) in process
DTPS Mandate
• To establish a Cybersecurity Hub to serve as a central
nodal point for consultation and coordination on
cybersecurity matters with stakeholders (public,
private, civil society including any other interest
groups etc.);
• To promote cybersecurity awareness.
NATIONAL CSIRT’S
National CSIRT
"Computer Security Incident Response Team (CSIRT)" is a
team of dedicated information security specialists that
prepares for and responds to cybersecurity breaches or
incidents
– Also CERT – computer emergency response team
– National CSIRT – national responsibility
•
•
•
•
•
•
Focal points for communication
Assist organisations
Awareness, education, training
Announcements and alerts
Incident classification
Information sharing and international incident handling
National CSIRT partners
•
•
•
•
•
•
•
•
Government including intelligence agencies
Critical infrastructure / operators
ISPs
Academia & Researchers
Cybersecurity vendors
Other CSIRTs in the country
Regional / international organisations
International peers, including other CSIRTs
National CIRTs for enhancing global resilience
16 in Africa
103 globally
ALGERIA, BURKINA FASO, CAMEROON, COTE D’IVOIRE,
EGYPT, ETHIOPIA, GHANA, KENYA, NIGERIA, RWANDA,
SOUTH AFRICA, SUDAN, TANZANIA, TUNISIA, UGANDA,
ZAMBIA
Cybersecurity Hub (since Oct 2015)
• National CSIRT for South Africa (DTPS)
– Point of contact for coordination
• Cooperation with Government CSIRT (SSA)
• Creation & cooperation with Sector CSIRTs (SABRIC, SANREN, …)
– Public-private partnerships
• Analyse, share threat and security information, route incidents
• Appropriate consultation between JCPS cluster departments, private
sector, civil society
• MOUs with Transnet, SARB, SACF, IT sector companies
• Public website, threat platform, awareness, body of knowledge
• Currently – first Cybersecurity Baseline Readiness Survey
• International collaboration, FIRST membership
www.cybersecurityhub.gov.za
CRITICAL INFORMATION
INFRASTRUCTURE PROTECTION
(CIIP)
National Critical Information
Infrastructure Protection (NCIIP)
• NCII identification
– Vital to national law and order, health, social services,
government, economic growth, environmental matters, ..
– Owned by government AND/OR industry
– Infrastructures, control, data, connections, information flows
– Traditionally closed systems – now Internet protocol
– Compromise cause negative impact on RSA, critical services
• Energy, financial, manufacturing, transport, healthcare, emergency
– Multiple, competing government relationships with ISPs, ICT
giants, telcos, cybersecurity industry, law enforcement
– Regional, continental, international cooperation & jurisdictions
Critical information infrastructure
protection (CIIP)
The State of NCIIP in South Africa
- Wolfpack Report, 2016
NCII Policy – in process
• Dependence – thus need redundancy, scrutiny, resilience, auditing
• Government – NCII owners / co-owners
– Central coordination – to identify, protect, secure
– Cybersecurity measures, policies, practices
– Capacity building and awareness – common interest, pre-competitive
• Industry and Civil Society – NCII owners / co-owners
–
–
–
–
–
Cooperation with government to develop policy, address threats
Implement minimum standards
Time period to comply
Importance of industry self-regulation
Information sharing with government – timely, actionable, accurate, impact
• Goal: Deter, Protect, Detect, Respond, Recover
• Public-private cooperation – facilitated by Cybersecurity Hub
“The measure of success for a PPP is the right
people coming together to do the right things
in the right way”
CONCLUSIONS
Conclusions
•
•
•
•
NCPF – national approach
NCII needs protection
NCIIP needs PPPs
Cybersecurity Hub to
support Sector CSIRTs and
PPPs
THANK YOU
Dr Barend Taute