The dust has settled after APRICOT 2015 concluded last week. One of the highlights (for me) of last week’s event was the Security Track jointly organized by APCERT and APNIC. This time around the presenters are not just APCERT members but also those from the industry and community. There also was good participation from the audience – most of the sessions were full, so that was a good sign I guess, and we had quite a number of questions in each session.
If you were to ask me to summarize the important lessons learned form the sessions, I will say the following:
- The ‘threat landscape’ tends to be different in different economies and industry. Understanding the context is important for setting priorities and mitigation strategies. Without visibility or access to data, one will not be able to see the bigger (or better) picture. For instance, Arnold from Dell SecureWorks shared the global overview of malware and their prevalence in the region and across different sectors. KrCERT/CC, CNCERT/CC and TWNCERT shared some insights on attacks targeting the mobile platform.
- There are different types of challenges in dealing with security problems. Minimizing the damage (cost, availability etc) that could potentially be caused by an incident is one thing but you need to go beyond that. Prevention efforts like increasing awareness, building better tools, and facilitating information sharing and co-ordination are critical. How we can eliminate the ‘low-hanging-fruit’ is one of the questions that Yurie Ito (JPCERT/CC) and her team are trying to address with their Cyber Green Project.
- It is not just about National CERTs/CSIRTs or CERTs/CSIRTs with national responsibilities. While most of the members APCERT are national teams, CERTs/CSIRTs tend to exist in enterprises. Yoshiki Sugiura from NTT-CERT shared his experience operating the CERT that served NTT and its subsidiaries (almost 900 different entities!) Sugiura-san also spoke about the NIPPON CSIRT Association whose members are enterprise CSIRTs (around 70+). They have been around since 2007. And then you have groups such as Team Cymru and vendor teams like Dell SecureWorks pitching in and contributing in this space.
- CERTs/CSIRTs are not just sitting around waiting for an incident to happen before they spring into action. I guess those with little experience in dealing with security incidents may think so partly because of the R-word in CERT or CSIRT. But it is quite obvious from the presentations that they do a lot more than that. For instance, Salahuddien (ID-SIRTII/CC) spoke about their initiative to strengthen the DNS infrastructure so that it will be more secure and stable.
- Miscreants, or ‘The-Bad-Guys’ evolve and change tactics to achieve their goals. Check out the presentation about Tracking Cyber Kidnappers (Ransomwar) by Andrew Clark (CERT Australia) or Cyber Fraud in Korea by Jeongmin Lee (KrCERT/CC) and you will see my point.
- ‘Let’s collaborate! OK, so you’ll probably always hear that C-word at security events. In most cases unfortunately, nothing will happen. However, after listening to the presentations especially by Andrei Robachevsky (ISOC) on improving the resiliency of the global routing system and Jacomo Piccolini (Team Cymru – pronounced Kumri 🙂 on Unwanted Traffic Removal Service you can see that the C-word is put into action. Arnold Yoon (Dell Secureworks) also used ShellShock as an example of why and how network operators and security response teams should work together. So, please lend a hand and participate!
I will blog more about the different APCERT security sessions so watch this space folks! In the mean time you can check out the slides and videos available at the programme page.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.