International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010 CASE FOR THE ESTABLISHMENT OF A...

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010Bro a d b a n d IC T In fra stru c ture s

CASE FOR THE ESTABLISHMENT OF A NATIONAL COMPUTER

EMERGENCY READINESS TEAM (CERT)

By

Emmanuel E. Ekuwem, PhD, MIEEE, NPOM

CEO, Teledom GroupImmediate past national President, Association of Telecom

Companies of Nigeria (ATCON)[email protected]

Bro a d b a n d IC T In fra stru c ture s


Key Terms & ExpressionsKey Terms & Expressions Cyberspace

Movement to where we are

Vulnerabilities

Incident Simulation – Mock Incident

Proactive Strategy

Reactive Strategy

Inter-CERT Collaboration

World Wide Watch and Warning (WWWW)


CERT: Raison d’etre-1

The objective of this paper is not to convert the converted to belief in CERT

It is not to convince the ICT professionals

It is definitely not to convince the telcos, ISPs, banks, universities, corporate organisations, ICT-compliant MDAs, defence establishment, etc



This paper is aimed at selling the desirability/indispensability of a National CERT or a CERT to our national leadership and the leadership of the listed institutions and orgnisations.

It is about bringing CERT to the UNAWARE; selling CERT to the reluctant.

It is about subduing turf protectionism Heads of MDAs for the national good and security.



The paper is about amplifying the CERT consciousness of complacent institutions

It is about establishing a “coalition of the willing” to START a CERT for their mutual cyber security.

It is also about GROWING A CERT by attracting the unwilling or the reluctant or the complacent via the evident benefits of a CERT


CERT: Raison d’etre-4 A CERT can be started by a group of

organisations and institutions for their mutual cyber security needs; the same grows in size, scope, scale, usefulness, strategic importance and relevance to naturally attract the attention and interest of governments to want to be involved, control, regulate and fund.

A National CERT becomes a fait accompli via a grown CERT or CERTs by the “coalition of willing” organisations and institutions.


Case for CERT: Cyberspace-1

Nigerian Territorial Integrity breached?...........external aggression ; an act of WAR; the enemy will suffer the fire power of the Nigerian Army!

Nigeria’s Airspace infringed on/trespassed? ……..an act of WAR; the Nigerian Air Force will in seconds clear the Nigerian airspace of invading airplanes.



Nigerian Territorial waters infringed upon by foreign navies…… an act of WAR. The Nigerian Navy will rise to defend the Fatherland; …..sink all invading warships in seconds!

Internal criminal activities, violent and non-violent, the Nigeria Police Force will dutifully ensure law and order; restore the peace.



Internal criminal and violent uprising, insurrection and insurgency, etc,…….. an act of internal aggression against the Fatherland. Combined teams of the Army, Air Force, Navy and Police will bring the situation quickly under control.



The President and Commander-in-Chief, via the National Assembly if the specific emergency situation permits, orders the Service Chiefs to roll out their troops and defend the Fatherland against aggression ………external or internal



The President and Commander-in-Chief orders:

National Security Adviser Chief of Defence staff Chief of Army Staff Chief of Air Staff Chief of Naval Staff Inspector General of Police (Chief of

Police Staff)



Where is the CHIEF OF CYBER STAFF in all this?

• Threat from Cyberspace is NO THREAT to NATIONAL SECURITY

• TRAGIC ignorance• The ICT professionals, institutions and

organisations have not sold the threat posed by an insecure cyberspace to national security well to the political leaders.



Chief of Cyber Staff is non existent because cyberspace as a source a real aggression and threat to national security is not yet fully understood by our political leadership.

Conventional battles on land, in air and on water will be won or lost based on victory or defeat, as the case may be in the cyber battles that precedes those battles of conventional wars.



Ideas are the building blocks of a creative society

A creative society is necessarily dynamic The quantum of ideas and body of

knowledge of a preceding generation engendered the present.

The present generation uses the acquired knowledge to bore into new knowledge via research and development and transmits same to the succeeding generation.



The quality of thoughts and ideas, as building blocks of a creative society are successively higher from one generation to the other.

There are as many sources of knowledge as there human beings, institutions, organisations and settlements.



These sources of knowledge were, before the advent of computers, were scattered and isolated. Access to them was physical.

Computers, computer networks and telecommunication networks enabled the local, wide-area, national and global networking of computers into a global network of networks, the Internet.



The Internet and the seamless national and global telecommunications network, cellular and fixed, have resulted in the information superhighway we have today.

This has enabled high speed access to remote sources of knowledge in desktop computers, laptops, cellphones, servers, etc with high computing/data processing power.



The resultant global network enables high speed access to knowledge, transmission of knowledge and translation of acquired knowledge into productive ventures to boost productivity locally.

This is the individual’s or company’s or agency’s or nation’s competitive edge.



ICT therefore is to the national economy what the nervous system is to the human body

Electric power is the national economy what food is to the human body

CERT is a national Cyberspace defence and management agency


Cyberspace as Secure as Weakest PointCyberspace as Secure as Weakest Point

GSM/CDMA phone

PDA

Land line Tabletop

Fixed Wireless (CDMA/GSM)

WiFi

Mobile WiMAX Phone

Skype Handset

Laptop

Desktop

•Copper Wire•Optic Fibre•Wireless

(radio)•Laser

•Visible light•Infra-red

•VSAT•Terrestrial Microwave

•etc

Access DevicesAccess Devices

International Conference on Cyber crime, DBI, Abuja '2010]Bro a d b a n d IC T In fra stru c ture s



Imagine what will happen if one day we wake up from sleep to hear that:

A bank’s or group of banks customers databases have been wiped out or tampered with?

A telecom operator’s subscriber database has been corrupted or wiped out?

An Air Traffic Control’s has been corrupted to warrant allocation of similar or conflicting altitudes to aircrafts in landing sequence?



We must not forget the Israeli-Syrian airspace conflict.

We must not forget the Estonia incident


Case for CERT: Recommendations-1

1. Sector-specific enlightenment and awareness workshops or stakeholders fora for :

Banks, including Insurance, CNB, SEC, NSE, NDIC, PENCOM, etc

Telecommunications Petroleum Defence establishment Government MDAs Academia National Assembly Aviation Industry



2. Pilot CERT or Proof of Concept CERT for the “coalition of the willing” institutions.

Universities Banks, CBN, SEC, NSE, PENCOM, NDIC Telecom Operators, ISPs and other

willing ICT companies. Petroleum companies Aviation Industry



Discouragement of under-reporting of cyber security incidents; let us know who or what institution is being attacked, when, where, when, for what, for how long and by who?


Thank YouThank You

International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010 CASE FOR THE ESTABLISHMENT OF A...

Documents

Transcript of International Conference on Cybercrime, DBI, Abuja 1 - 2 Nov., 2010 CASE FOR THE ESTABLISHMENT OF A...