Transcript 2016 04 12 TAIEX WS

Cyber security: Lithuanian National
Regulatory Authority expertise in
monitoring national networks
resilience
Dr. Rytis Rainys | rrt.lt
at TAIEX Multi-beneficiary Workshop
Vilnius, 12 April 2016
Advantages in Internet technologies
Lithuania has modern and advance optical
network infrastructure
Lithuania is a leading country in Europe (No. 8 country in
the world) talking about penetration of broadband internet
provided via optical cable lines
Highest internet speed
47,4 % of subscribers enjoyed internet speeds higher than
30 Mbps in 2013
Cheapest internet price
Monthly internet service subscription (30+ Mbps speeds)
price in Lithuania is the lowest in Europe: 11,26 € (VAT
included)
But how about national network resilience?
How networks are affected by cyber attacks?
2
Do we know our national networks?
•Internet
is very big…
•But
which are exactly those network assets that can
be identified as Critical Information Infrastructure
(CII) and how we can make sure they are secure and
resilient?
✦
Do we understand the whole picture of
country’s network infrastructure?
✦
Do we know how complex network
infrastructure is?
✦
Do we know how interconnection and the
connection to the internet backbone is
performed?
✦
What is a transit/peering connections
distribution?
Lithuanian NRA benefits from TAIEX
Having challenge from increased cyber incidents on Lithuanian network, NRA had a
demand to assess national networks infrastructure and measure its resilience
The amount of incidents fixed by CERT-LT is growing to 41 thousands incidents investigated in 2015
in LT
In 2008 Lithuanian NRA received TAIEX expert mission on „Lithuanian internet
infrastructure resilience assessment“
Since 2008, Lithuanian NRA successfully investigated national networks infrastructure
mapping instrument and developed real time cyber situation monitoring system
Now Lithuanian NRA is one of the leading institution in internet networks mapping
systems and is sharing this best practice to ENISA and other EU NRA‘s
Tasks, methodologies
The main priority for National Regulatory Authority (NRA) is to
evaluate the resilience of the national Internet network infrastructure.
Tasks:
1.
Mapping of the Lithuanian Internet network topology
2.
Identification of critical network interconnection nodes
3.
Constant critical network monitoring
Methodologies
Manual data collecting, by performing surveys (2008-2012)
Automatic data collecting (2012-Now)
Manual data collection results (2008-2012)
Topology assessment presented important findings
114 Lithuanian ISPs, 40 autonomous systems, ~590 interconnections
(national, international)
~80 % of all peering connections (~400) execute in IXP
Peering with IXP (~ 400 (330 in IXP)
peering connections)
Peering without IXP (~ 70 peering
connections)
Automatic data collection results (2012-NOW)
Real Time Topology
assessment presenting
important findings
Lithuania’s Internet
infrastructure
• ASN (LT) – 130
• ASN (upstream) –
55 (connections 157)
• Internet IP range
(inetnum) – 5333
• Routes – 2016
• Root dns ns - 5
Critical components of internet infrastructure
The metrics used selecting those critical internet resources: domain
names, IP addresses, IP address ranges, routes and autonomy
systems (AS)
Internet resources were linked with national critical infrastructures and its
information systems on the internet
1.
ICT sector
2.
Governmental sector
3.
Financial sector
4.
Energy sector
5.
Health sector
6.
Water and food supply
7.
Transport sector
Critical components of internet infrastructure
National CI on Internet map
Lithuania’s critical infrastructures list
•
•
•
•
•
•
•
•
Subdomain/Domain - 784
Root DNS NS – 5
DNS NS – 233
IP addresses – 780
Internet IP range (inetnum) – 169
Routes – 144
ASN (LT) – 52
ASN (upstream) – 46
MAPPI
MAPPI is a tool for visual assessment of internet topology and network
troubleshooting
>
Visual network topology analyzer
Mappi provides the ability to visually analyze the network, to
understand how ASs are interconnected, how information system
connections are redundant and so on.
Automatic data collection
All data collections are done automatically, so ISPs, NRA or
any other parties don't have to submit information manually
Real-time network monitoring
All information is gathered based on BGP and related network
protocols that allow to work is with the real-time data
MAPPI
Report generation and alerting
MAPPI provides with reports and alerting system tools
Statistics gathering and comparison
The tool gathers all the statistics needed for analyzation of
cyber security and istorical data comparison
Network troubleshooting
MAPPI helps you to determine potentialy critical network
components, persistent problems and network anomalies
Normal national networks behavior
13:05:04 (9 % routes down)
13:05:41 (14 % routes down, affected ~400 CI
systems)
Key massages
 The impact of cyber security incidents is increasing and this tendency
will remain. The sophistication of cyber attacks increased even more
 Modern networks are highly complicated, interconnected and still
evolving. NRAs now has to understand national networks topology very
well to be able to implement right decisions
 National internet networks topology assessment (in other words
“Internet topology mapping” tool) is useful and powerful instrument for
NRAs to have more impact on regulation measures
15
Dr. Rytis RAINYS
Communications Regulatory Authority of the Republic of Lithuania
Director of Network and Information Security Department
Algirdo 27A, LT-03219 Vilnius, Lithuania
Mob. +370 611 14018,
e-mail: [email protected]
www.rrt.lt/en
www.cert.lt/en