The last two months have been quite hectic for us at APNIC in terms of participating and supporting cyber security events in the region (and beyond).
Below is a quick overview or you can listen to my recent podcast!
JICA CSIRT Training, Indonesia
The first event was the Japan International Cooperation Agency’s (JICA) CSIRT training held in Jakarta, Indonesia. It was hosted at IDSIRTII‘s training lab and participants included staff from the national CERT/CSIRTs of Cambodia (CamCERT), Laos (LaoCERT) and Myanmar (mmCERT).
During the event, I conducted a full-day training session in which we discussed the role of regional Internet registries (like APNIC) and the function of the whois database.
We then played with some IPv6 network traffic (pcaps), logs and tools. We also discussed how IPv6 will impact the work of CERTs.
I was very happy to be part of this initiative, especially learning about how JICA, JPCERT and IDSIRTII is contributing to the the capacity development to CSIRTs in our region.
I was also informed that the session was part of a series of training programs covering both management and technical topics (e.g. forensics, malware analysis, etc.) related to services provided by a CSIRT. So I am really looking forward to participating in the next few sessions.
CNCERT Conference, China
CNCERT is one of the largest CERTs in the world. Their head office is in Beijing but they have offices in different cities throughout China to support their constituents.
CNCERT is also an active member in APCERT and our friends there have always participated at APNIC Conferences and APRICOT Conferences in the past.
APNIC was invited to attend the 5th CNCERT conference and this year it was held in the beautiful city of Wuhan. It was a big conference, with about 600 attendees and had multiple tracks.
Most of the sessions were in Mandarin but there were a few sessions in English from our friends at Sri Lanka CERT, Japan CERT, IMPACT, Team Cymru and yours truly.
I did two presentations. The first was at the main conference were I spoke about the relationship between the Whois Database and Incident Response and Handling. Of course the main thing is how we could improve response time and capabilities of the people who have to handle security related incidents or problems.
I was also invited to talk about APNIC and our activities that are related to Cyber Security, during a meeting with the Anti Network-Virus Association of China (ANVA). The members of ANVA are most IT security providers in China.
Overall, I had a good time at the conference especially with the opportunities to have a lot of conversation and discussion with the management and staff of CNCERT. So we spoke a lot, not only about our activities but also challenges and projects that we can collaborate in the future.
FIRST.org Annual Conference and Annual General Meeting 2015, Germany
My next stop was Berlin, Germany, to attend FIRST.org Annual Conference and AGM.
First of all, (pun not intended!) I attended the conference both as a FIRST (liaison) member and a member of the Board of Directors. There was a mixed of bag of activities that I had to attend – meetings, trying to listen to the interesting presentations and socializing with as many participants as possible. The latter is always a good opportunity to catch-up and link faces to email addresses.
With over 800 attendees it was the biggest FIRST conference to date. The attendees came from all over the world and there were CSIRTs (and non CSIRTs) representing organizations of various shapes and sizes (national, enterprises from various sectors).
In addition to the five-day, three-track conference, there were a few side activities – like the FIRST Education Summit and Special Interest Groups (SIGs) meetings and Dragon Research Group’s Challenge.
The conference also welcomed recipients of the Fellowship Program who represent CERTs/CSIRTs from Mongolia, Tanzania and Uganda.
I also should thank APNIC’s management for allowing me to contribute to FIRST.org (or the good cause of FIRST) as I received very good support from the membership to be part of FIRST’s Board of Directors for the 2015-2017 term.
Next years conference will be held in Seoul, Korea.
KrCERT/CC APISC201, Korea
The last (but not least!) CERT event I recently attended was in Korea – where I joined the KISA & KRCERT/CC’s CSIRT training course.
This annual training event has been held for more than 10 years and demonstrates KISA’s leadership and contribution to capacity development.
Eunju Pak, who is a Deputy Researcher General at KRCERT/CC and a good friend, also told me that the training is part of their effort to establish trust and good collaboration with other national teams.
Participants were from national CERTs/CSIRTs in the Asia Pacific region, Africa and Europe.
It was an honour to be invited again as one of four instructors. The other three instructors were long-time and super-fun friends from Team Cymru, Dell SecureWorks and Macau CERT. It was great working with you guys again Jacomo, Arnold Y and Geoff!
The topics we covered during the training course were related to managing and operating a CERT/CSIRT, including some technical hands-on, PGP key-signing and a desktop exercise.
One of the things I like about APISC training is that it is not really about ‘teaching’ the participants but more of an interactive discussion and sharing of experience between practitioners.
Thank you once again to KISA & KRCERT/CC for their hard work in organizing the training!
Wrapping Up
It’s great being able to participate in and contribute to these events as we gain a better insight and understand the opportunities and challenges faced by the CERT/CSIRTs community in Asia Pacific and worldwide.
At the same time, attending these events allows us to share our stories and perspectives on various issues and help build capacity in the region.
I am confident that all this outreach will continue to provide positive outcomes for the APNIC community.
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.