Where did the last three months go? It only seems like yesterday that we were getting ready for the FIRST Technical Colloquia (FIRST TC) Noumea at APNIC 46.
Having been involved in network and cybersecurity events and training almost every week since, I wanted to take this opportunity to reflect on some of the great work that I’ve come across in my travels.
I traveled to Mongolia in early October to attend and participate in MNSEC 2018. Established in 2014 by the Mongolia Computer Emergency Response Team (MNCERT), the two-day event, held this year from 4 to 5 October, has attracted over 1,000 attendees in its five years.
This has been a great achievement by the host, given that MNCERT is voluntarily run, meaning there are no full-time staff — APNIC has provided training support over the years to enhance the skills and capacity of this selfless group.
I presented on the APNIC Community Honeynet Project alongside 18 other security experts and researchers from domestic and international organizations, all of whom presented their latest findings and case studies of recent intrusion analysis and prevention methods.
2018-10-05 – @adliwahid provides observations from the @APNIC Community #Honeynet Project at #MNSEC2018 cyber security conference in Ulaanbaatar Mongolia – https://t.co/lMB0hoFKx0 – #MNSEC – https://t.co/GRlTGzMEGM pic.twitter.com/JkXvr0pDyT
— Brad (@malware_traffic) October 5, 2018
On the last day, there was an award ceremony for a national ‘capture the flag’ competition for university and high school students. Impressively, one high school team had made it to the last round. I later learnt that their teacher/supervisor was a past winner of the competition who had become a high school teacher and started training students about cybersecurity. This shows the benefit of such competitions to generate interest in an ever-growing industry that is seeking more and more people.
Figure 1 — One of the finalists from the capture the flag competition.
CODEBALI 2018, Indonesia
In the four years that it has been happening, CODEBALI has grown to be one of the largest cybersecurity conferences in Indonesia.
Getting ready for the opening of FIRST-TC Bali 2018. This is the 5th TC in Bali since 2012 and the 6th in Indonesia. Credits to the hardworking and awesome team at @idsirtii! pic.twitter.com/NeG1iyLZMU
— Adli Wahid (@adliwahid) October 11, 2018
The theme of this year’s conference was “Cyber Security Solutions for The Emerging Threat: Protection in Critical Information Infrastructure and IoT World”. What I was most impressed about with the program was the participation of local cybersecurity professionals. Indonesia has a wide range of network security and digital forensic associations, all of which seem to collaborate and share information on a regular basis — a sign of a healthy and enthusiastic cybersecurity community.
I was equally impressed by the attendance of so many budding cybersecurity students — many of whom were competing in the Cyber Jawara competition. More than 170 teams from all over Indonesia had entered the competition with the final 18 competing at CODEBALI for the chance to compete at the world championships.
Here are some pictures from our conference “International Cyber Security” in 2018. We are so proud to have participated on CODEBali 2018. Understanding cyber security is becoming increasingly important in the current business environment. pic.twitter.com/bZeGrip1Ts
— Channel-11 (@eraakses11) October 10, 2018
Apart from attending the conference, I provided the opening remarks for the FIRST TC event and also facilitated a hands-on workshop on packet analysis for incident response.
APCERT 2018, China
Jamie Gillespie and I attended the 17th Asia Pacific Computer Emergency Response Team (APCERT) Annual Conference and AGM held in Shanghai from the 21 to 24 October.
APCERT is a regional community for Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs) located in the Asia Pacific region. For the past three years, APNIC has had an MoU with APCERT, during which time both organizations have been working closely to promote security in the region. Prior to renewing it, the APCERT committee sought to review the joint activities between APNIC and APCERT, as is best practice, and acknowledged that together we have done quite a bit. Not only in terms of supporting each other’s activities but also helping establish CERTs in the Pacific and supporting developing CERTs and CIRTs in Bhutan, Myanmar and the Philippines.
Since last year, APNIC and APCERT have also started to work together on developing and sharing capacity development resources — we were recently given access to some of the TLP White content APCERT Members share, including case studies and lessons learnt, which we intend to include in the APNIC Academy. Academy users will start seeing this content in the coming month.
In terms of the conference, there were a host of presentations, strategies and case studies covering everything from securing the 2018 Asian Games held recently in Jakarta, to using Artificial Intelligence-based advanced threat detection and defence systems. We were also invited to present on the APNIC Community Honeynet Project.
Figure 2 — Presenting on the APNIC Community Honeynet Project at APCERT 2018.
One takeaway from this year’s conference was the increase in discussion surrounding routing security — the CERT community have started paying attention to resource certification, and the risks of RPKI based systems, and monitoring false route announcements and how they can impact critical infrastructure. It will be interesting to follow these conversations over the next year to see if they will result in higher adoption of RPKI in the region.
FIRST Asia Pacific Regional Symposium, China
Immediately following APCERT was the 2018 FIRST Regional Symposium Asia-Pacific, also held in Shanghai. The two-day event included a plenary and two workshops.
Being held in China for the first time, it was a positive reception from the local community who appreciated the wide representation of speakers and attendees, many of whom stayed on after the APCERT Conference.
There has been a lot of interest from China in FIRST activities over the past year, particularly in FIRST’s recently released Product Security Incident Response Team (PSIRT) Services Framework. Many product vendors in China are interested in developing their own PSIRT — emulating Cisco and others — to be able to troubleshoot and support their customers’ security requests more efficiently. The Framework provides a best practice of sorts, outlining what organizations need to take into account when establishing their own PSIRT and what services they could/should offer.
In keeping with the theme of firsts, it was one of the first times that I can think of that the Symposium in Asia (or TC for that matter) had a workshop on IPv6 security in its program. I think it was a real eye-opener for many attendees as many would only have dabbled in IPv6 — maybe having configured a machine to do IPv6 — but this was looking at the bigger picture of the risks associated with IPv6 deployment and some tools to enhance its security.
FIRST TC Noumea, New Caledonia
I wanted to again thank everyone who attended and assisted in the FIRST TC Noumea – the first FIRST TC held in the Pacific.
The feedback from a lot of local and regional participants was that it was so great to have so many seasoned CERT experts participating at the event including Jinhyun Cho from Korea CERT, Geoffroy Thonon from AusCERT, Raja Azrina Raja Othman who was a founder of Malaysia CERT, as well as teams from Vanuatu and Tonga CERTs.
Many of the presentations are now up on the website.
— APNIC (@apnic) September 13, 2018
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.