National Information & Communication Security Taskforce, - - PowerPoint PPT Presentation

national information communication security taskforce
SMART_READER_LITE
LIVE PREVIEW

National Information & Communication Security Taskforce, - - PowerPoint PPT Presentation

Sep 30, 2022 330 likes •480 views

National Information & Communication Security Taskforce, Executive Yuan, Taiwan R.O.C. Organization Chart NICST Department of Convener: Vice Premier Information Security Cyber Security Deputy Convener: Minister Without Portfolio and one

slide-1
SLIDE 1

2016 Taiwan National Computer Emergency Response Team

1

National Information & Communication Security Taskforce, Executive Yuan, Taiwan R.O.C. Organization Chart

NICST

Convener: Vice Premier Deputy Convener: Minister Without Portfolio and one Specified Minister Co-Deputy-Convener: Advisory Committee Member of National Security Council Committee Members: Deputy Ministers of Ministries; Deputy Mayors of Municipalities; Deputy Minister of National Security Bureau; scholars and experts Cyberspace Protecting System (Department of Cyber Security) Cybercrime Investigation System ( MOI / MOJ ) Standard and Norm Group (Department of Cyber Security) Awareness and Training Group (MOE) Government Cyber Security Protection Group (Department of Cyber Security) Personal Information Protection and Legislation Group (MOJ) Cybercrime Prevention Group ( MOI / MOJ ) Cyber Environment and Internet Content Security Group (NCC) Department of Cyber Security (Staff Unit) Information Security Consulting Committee (Consulting Unit) National Center for Cyber Security Technology (TWNCERT) Cyber Security Standard Information Service Cyber security Education Competition and Industry Communication Telecommunication Health and Medical Financial Affairs Transportation Business Critical Industry Control System Science Park National Standard Critical Information Infrastructure Protection Management Group (Department of Cyber Security) Industry Development Group (MOEA) Critical Infrastructure Protection System (Office of Homeland Security) Other Cyber Security- Related Systems (Competent Authorities) E-government

slide-2
SLIDE 2

2016 Taiwan National Computer Emergency Response Team 2

Critical Infrastructure Sectors

Energy Water Resources Transportation High-Tech Industrial Park Banking & Finance Communication & Broadcast Emergency Services & Public Health Care Government Database

Data/Info

Network Communication System Middleware

IT System/IDC

End Points

slide-3
SLIDE 3

2016 Taiwan National Computer Emergency Response Team

3 3

Cyber Security Measures of Government Sector

  • Agency Business

Continuity Drill

  • Agency Cyber Drills (e.g. Social Engineering

Drill)

  • Annual Internal and 3rd Party Audit (including

Cyber Health Check)

  • Cyber Offensive and Defensive Exercise
  • Cyber Governance and Defense Capability

Indicator

Act Plan Do Check

  • NICST Committee Meeting
  • NICST Working Group Meeting
  • Cyber Security Technology Workshop
  • CIO and CISO Meeting
  • Quarterly Workshop for

IT Personnel

  • Baseline Security Measures of Agencies

(ISMS/Dedicated Personnel/Defense-in- depth/24x7 Monitoring)

  • Baseline Security Measures of IT Systems
  • Personnel Competence and Certification
  • Public Private Partnership

(G-SOC Co-defense / G-ISAC)

  • National Strategy for Cyber Security
  • Cyber Security Policy Whitepaper
  • Agency Responsibility Ranking
  • IT System Classification
slide-4
SLIDE 4

2016 Taiwan National Computer Emergency Response Team

4

4

Framework of Government ISMS

  • Honeypot R&D and Deployment
  • Botnet Tracing
  • GSN Backbone Intel. Gathering
  • Domestic Intel Exchange
  • International Intel Exchange
  • Threat and Alert Light

Early Warning

  • 2nd Tier G-SOC for Co-defense
  • Incident Handling
  • Alert Projects for National Celebrations
  • Special Projects for Critical Incidents
  • Digital Forensic Services
  • Agency Responsibility Ranking
  • IT System Risk Classification
  • Annual Government IS Audit
  • Security Governance Maturity and Defense

Index

Incident Respons e

  • National Software Asset Control Database
  • IT System Defense Baseline
  • Government Configuration Baseline
  • Secure Software Development
  • Penetration Testing
  • Cyber Health Check
  • Cyber Offensive and Defensive Exercise
  • Government Mobile App Security Test

System Security Mgmt Process Awareness Training

  • Training of IT/IS Officials
  • Certification of IT/IS Officials
  • IS Competence Training Certification/

Accreditation Scheme

  • Awareness Raising Workshop
  • IS Legal Case Study Booklet

Detection Rules Alert Intelligences Incident Tickets Security Logs Security Appliances SIEM Platform Point of Contact CSIRT Team IT Assets ISMS Government Officials Incident Response Services Incident Report System Security Services System Security Status Customized Controls Management and Audit Results Training and Campaigns Test and Accreditation

Situation Awareness 5 Perspectives / 30 Key Services 3,039 Agencies G-ISAC

slide-5
SLIDE 5

2016 Taiwan National Computer Emergency Response Team

5

5

G-ISAC for Early Warning

Botnet APT Malware SPAM

Threat Precursor Analysis Threat Intelligence Generation Information Sharing

  • Gov. Agencies

3,039 Agencies

CIIP Authorities

Telecom (NCC) / Banking(FSC) Utilities & e-Commerce (MOEA)

Internet Service Provider

Gov.(GSN) /Academic (TANET) /All private ISPs

MSSP

Chunghwa Telecom / Acer TradeVAN / ISSDU…etc

International Cooperation

FIRST / APCERT / US-CERT CERT-EU…etc HoneyBEAR HoneyNET Botnet Tracer

G-ISAC

Government Information Sharing and Analysis Center G-SOC

Legend

HoneyBEAR: Behavior-based Email Anomaly Reconnaissance NCC:National Communication Commission FSC:Financial Supervisory Commission MOEA:Ministry of Economic Affairs GSN:Government Service Network MSSP: Managed Security Service Provider FIRST: Forum for Incident Response and Security Teams

Indicators Of Compromise

slide-6
SLIDE 6

2016 Taiwan National Computer Emergency Response Team

6

G-ISAC Intelligence Sharing

G-ISAC

Private Sectors ISAC Gov. Agencies

Law Enforcement

  • Gov. Service

Network Antivirus & Related Industry MSSPs

Intelligence Intelligence

TW Network Info. Center Telecom ISAC (NCC-ISAC) Academic ISAC (A-ISAC) Financial ISAC (F- ISAC) TACERT TWAREN ISPs Insurance Stocks Banks

CERT

E-Commerce CERT (EC-CERT) TWCSIRT TWCERT

  • G-ISAC has covered IPs of GSN, Academic Network and 34

ISPs (Taiwan IP coverage > 99%)

slide-7
SLIDE 7

2016 Taiwan National Computer Emergency Response Team 7

Domestic Information Sharing Status

2011 2012 2013 2014 2015 2016 (Q3) ANA 720 1,432 1,646 756 1,222 1,410 EWA 17,327 6,455 3,710 3,865 4,782 2,410 INT 60,980 135,527 84,210 107,405 76,757 48,051 DEF 69 507 407 225 867 582 FBI 164 158 338 265 399 397 Total 79,260 144,079 90,311 112,516 84,027 52,850

From: 2011/1/1 ~ 2016/9/30

60,980 135,527 84,210 107,405 76,757 48,051 79,260 144,079 90,311 112,516 84,027 52,850 20000 40000 60000 80000 100000 120000 140000 160000

2011 2012 2013 2014 2015 2016(Q3)

ANA EWA INT DEF FBI Total

slide-8
SLIDE 8

2016 Taiwan National Computer Emergency Response Team

8

Collaboration of Members - Mobile Device Malware Sample Sharing

  • Criminal Investigating Bureau (CIB) established mobile device malware

sample sharing channel with SOC members via G-ISAC

  • 1. CIB Collect suspicious fraud

messages , URL, and APK from various sources

  • 2. TWNCERT receives intel,

extracts malicious APKs and shares with SOC members

  • 3. SOC members feedback APK

analysis results

  • 4. TWNCERT integrates all results

and share the results with all members

G-ISAC

1 4 2 3 2 4 3 4

Share Intel with SOC Members SOC Members Feedback Results Integrate & Share the Final Results Receive Intel Source

TWNCERT

slide-9
SLIDE 9

2016 Taiwan National Computer Emergency Response Team

9

  • Build government-wide situation awareness of cyber security
  • Promote Public-private-partnership for better decision making

2nd Tier G-SOC for Co-Defense

External Threat Existing Vulnerability Regulation Compliance Incident Handling

1st Tier MSSP 2nd Tier G-SOC 3rd Tier NICST

Actionable Intelligence

Government-Wide Situation Awareness National-Level Decision Making Support

Co-defense Detection Rules

Trend Statistics Classification Data Modeling Prediction

Monitoring Data

slide-10
SLIDE 10

2016 Taiwan National Computer Emergency Response Team

10

Current Situation Review

  • Public-Private-Partnership now is weighted more on public

sectors

  • There are only three ISACs established (G-ISAC, NCC-ISAC and

A-ISAC), although all operate and collaborate smoothly, but the sector coverages are limited

  • Moreover, the sector level CERTs are also very few, thus the

incident handlings do not performed very effectively

  • There were no specific working groups for CI & CII sectors until

this year in NICST organization

  • There are no comprehensive regulations for cyber security, most

cyber security tasks were limited within government agencies

slide-11
SLIDE 11

2016 Taiwan National Computer Emergency Response Team

11

The Fifth National IC Security Development Plan

National Security Cyber Security Management Industry Development Technology R&D Talent Incubation

  • 1. Develop national cyber

security risk assessment mechanism

  • 2. Establish national

network and communication emergency recovery mechanism

  • 3. Build national network

defensive and offensive capabilities

  • 4. Complete national cyber

security policies, regulation & standards

  • 5. Enhance cyber security

defense among gov. and CI & CII sectors

  • 6. More International

collaborations

  • 7. Increase cyber crime

prevention and solve effectiveness

  • 8. Promote related policies

and development of cyber security industries

  • 9. Reduce cyber security

risks for industry supply chains

  • 10. Combine and raise the

values of academic and industrial cyber security R & D capabilities

  • 11. Develop a privacy

protected digital identification framework

  • 12. Perfect the incubation

and demand of cyber security professionals

  • 13. Promote cyber security

awareness and child

  • nline protection
slide-12
SLIDE 12

2016 Taiwan National Computer Emergency Response Team

12

Complete Law and Regulation, Promote CIIP

ICT Security Management Act and Enforcement Rules CIIP Steering Group

G-ISMS

CI Sector Specific Guidelines Common Baseline Of CIIP Power Water Transportation High Tech Parks Banking & Finance

  • Comm. &

Broadcasting Medical CI Cyber Security Committees

Law Supervise Help define Provide References Provide references Define

CI Cyber Security Promotion Mechanisms

CI Sectors

Join Execution

Government ISMS Framework

  • CIIP Steering Group is formed by NICST and MOST
  • CI Cyber Security Committees is led by competent authority of that CI sector
slide-13
SLIDE 13

2016 Taiwan National Computer Emergency Response Team

13

Conclusion

  • Taiwan has set cybersecurity as national policy priority since

2001, 8 sectors have been defined as CI and central government had lead the way

  • TWNCERT is a Government CERT, which recognized the

need for an integrated approach of government coordination, public-private partnerships and international cooperation to better cybersecurity environment

  • To enhance cyber resilience and preparedness of CII, a draft
  • f ICT security management act is under development and

public consultation is also on the way

slide-14
SLIDE 14

2016 Taiwan National Computer Emergency Response Team

Thank You

julie@twncert.org.tw