CERT for the EU InstitutionsPre-Configuration Team
Freddy Dezeure
Workshop on Cyber Security in Europe1
• Expert group that handles computer security incidents
• Digital Agenda for Europe (5/2010)
• Report from Rat der IT Weisen (11/2010)
• Kick-off (1/6/2011)
2
Context
Workshop on Cyber Security in Europe
3
Pre-Configuration Team
• Staff seconded by the Institutions
• Operational support to EU Institutions, bodies and agencies (50+)
• Close cooperation with EU Institutions’ internal network/cyber defence structures
• Liaising with peers in the Member States
• One year pilot -> assessment
Workshop on Cyber Security in Europe
4
Some Figures
• 286.000.000 malware variants
• 93% increase in web attacks
• 30% increase in vulnerabilities
• > 1 mio bots
• 30% of companies feel that they are being specifically targeted by cyber-attacks
(2010 Symantec, IBM, Kaspersky)
Workshop on Cyber Security in Europe
5
Typical CERT Services
Workshop on Cyber Security in Europe
Services to be offered by pre-configuration team
• Announcements: sharing of information to prevent problems
• Alerts: informing on issues requiring immediate attention
• Incident response coordination: support in ongoing incidents
Initial Service Offer
Workshop on Cyber Security in Europe
Sharing of information to prevent problems
• General tendencies• Developments in hacking methods• Incidents detected elsewhere
• New vulnerabilities- Specific to products used by the EU Institutions- New protection measures, tools
• Sharing of experience• Lessons learnt from previous incidents• Best practices
7
Announcements
Workshop on Cyber Security in Europe
8
Microsoft Oracle CISCO ADOBE F-SECURE Vendor X
Vulnerability Announcements
Workshop on Cyber Security in Europe
Additional service offered by CERT
9
Microsoft Oracle CISCO ADOBE F-SECURE Vendor X
Vulnerability Announcements
Workshop on Cyber Security in Europe
• General and specialised press, blogs
• Vendor web sites
• ”Post mortem” of previous incidents, good practices
• Guidance on vulnerabilities
• Single web portal adapted to our constituency
• Possibility to subscribe to newsletters, RSS-feeds
10
Vulnerability Announcements
Workshop on Cyber Security in Europe
Informing on issues requiring immediate attention
New, critical threats derived from
• Open sources
• Monitoring network traffic
• Incidents discovered in our constituency
• Incidents discovered by the CERT community
Alerts communicated to constituency by secure methods (email, sms, secure website)
12
Alerts
Workshop on Cyber Security in Europe
Serve as a central point of contact
16
CERTACERT-FI CERT-BUND CERT-NL CERT-XY
Alerts
Workshop on Cyber Security in Europe
17
CERTACERT-FI CERT-BUND CERT-NL CERT-XY
Serve as a central point of contact
Alerts
Workshop on Cyber Security in Europe
18
CERTACERT-FI CERT-BUND CERT-NL CERT-XY
Serve as a central point of contact
Alerts
Workshop on Cyber Security in Europe
Support in ongoing incidents
• In response to major incidents in the constituency
• Institutions remain responsible for their networks in all aspects
• Clear division of responsibility (online / offline)
• Services envisaged• Specialised technical support• Facilitate contact with external expertise• Internal clearing house for information on the incident
19
Incident Response coordination
Workshop on Cyber Security in Europe
• Physical infrastructure
• Staffing
• Inventory of constituency points of contact and expectations
• Cooperation with EU Member States’ CERTs
• Preparation for the launch of the two first services
• Design of the web portal
20
Current Status
Workshop on Cyber Security in Europe