Computer Emergency Response Team (CERT)

Srinivas (Sunny) Chendi Senior Advisor Policy and Community Development

26 Nov 2018 @APT PRFP-11, Apia, Real World Safety

Accident Theft Vandalism Negligence

Natural Disaster Ransom Fraud

2 Safety Ecosystem (Fire)

Police Health Fire

Regulation Industry Education

3 Incident Response Capabilities

4 Safety

Accident Theft Vandalism Negligence

Natural Disaster Ransom Fraud

5 Safety Ecosystem (CERT)

CERT Police Health

Regulation Industry Education

6 Incident Response Capabilities

7 Circles of Trust

Trusted Circle

Introduction

8 Circles of Trust – intersection

CERT LEA

APCERT community FIRST etc

9 CERT Establishments in the Pacific - 2017 • APNIC was approached to promote and support CERT/CSIRT establishment – provide CERT advice, training and technical support • APNIC worked in , , , and – mentoring, technical training and assistance, and community engagements. – Preliminary CERT establishment workshops have been held in Papua New Guinea and Vanuatu • Provided mentoring to Tonga CERT – attending regular conference calls and technical assistance and advice • Tonga CERT and APNIC jointly hosted a one-day cybersecurity workshop for system administrators • APNIC coordinated closely with APCERT, CERT-, the ITU and other national CERTs

10 CERT Establishments in the Pacific - 2018 • In January, APNIC attended the launch of PNG CERT – Also delivered a two-day technical workshop as part of the launch • In April, a two-day CERT engagement session was organized in Samoa • In May, the APNIC Pacific CERT Workshop was conducted in Tonga with participants from multiple Pacific economies, to support CERT development in the Pacific • At APNIC 46, the second Regional Pacific CERT Workshop was conducted in Noumea, – participants also attended the Nouméa 2018 FIRST TC • In September, APNIC provided a three-day technical assistance and support for PNG CERT in Port Moresby • A network security workshop was organized in Port Moresby in October • In October, APNIC helped coordinate a security and system administration workshop for Tonga CERT – workshop was conducted and supported by the FreeBSD Foundation

11 CSIRT Workshop Tonga 1st Regional CSIRT Training (Tonga)

13 CSIRT Engagement Workshop in Samoa 2018 CERT Vanuatu Launch – 2018 2nd Regional CSIRT Workshop, New Caledonia

16 17 Cybersecurity Capacity for Non-Technical People • APNIC security specialists have also conducted several workshops for technical and non-technical people – Samoa, Solomon Islands, , Tonga, and Vanuatu • Inclusion of non-technical people, particularly managers, policymakers, and law enforcement agencies helped drive creation of – Pacific Cyber Security Operational Network (PaCSON), which held its first meeting in , Australia in May 2018 – A project led by the ITU, the Global Cyber Security Capacity Centre (GCSCC), and the Oceania Cyber Security Centre (OCSC), which is auditing cybersecurity maturity in the region – Workshops for system administrators to help raise security awareness and education (which APNIC has been involved in facilitating)

18 In Conclusion

• A CERT is a multistakeholder process, engaging its community directly • A CERT is part of a bigger Internet multistakeholder community • Expertise must be obtained, and maintained • Trust and neutrality are PARAMOUNT’ • Start small, with a long-term view • Start now!

19 Thank you! [email protected]

20