2

The Organization of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) was established through the Organization of the Islamic Cooperation (OIC) Resolution No 3/35-INF “Collaboration of Computer Emergency Response Team (CERT) Among the OIC Member Countries”. It was passed during the 35th Session of the Council of Foreign Ministers of the OIC in Kampala Uganda on 18-20 June 2008.

In 2009 through the Resolution No 2/36-INF “Granting the Organization of the Islamic Cooperation – Computer Emergency Response Team an Affiliated Institution Status”, the OIC-CERT became an affiliate institution of the OIC during the 36th Session of the Council of Foreign Ministers of the OIC Meeting in Damascus, Syrian Arab Republic on 23-25 May 2009.

The objectives of the OIC-CERT are:

i. Strengthening the relation- ship amongst CERTs among the OIC Member Countries, OIC-CERT partners and other stakeholders in the OIC member domain;

ii. Encouraging experience and information sharing in cyber security areas;

iii. Preventing and reducing cyber crimes, harmonizing cyber security policies, laws and regulations;

iv. Building cyber security capabilities and awareness amongst member countries;

v. Promoting collaborative research, development and innovation in cyber security;

vi. Promoting international co-operation with international cyber security organizations; and

vii. Assisting the OIC-CERT member countries in establishing and developing their national CERTs.

The OIC-CERT

VISION

Envisioning the OIC-CERT to be a leading cyber security platform to make the world a safe cyber space.

MISSION

A platform to develop cyber security capabilities to mitigate cyber threats by leveraging global collaboration.

3

MEMBERSHIP

As of December 2017, the OIC-CERT now boasts a strong network and strategic collaboration of 42 members from 21 OIC countries. This alliance is further supported through the presence of five (5) Commercial Members, four (4) Professional Members, one (1) Fellow Member and one (1) Honorary Member.

Full Member - Computer Emergency Response Teams (CERTs) or Computer Security Incident

Response Teams (CSIRTs) or similar entities that are located and/or primary function within the jurisdiction of OIC member countries that is wholly or partly owned by the government with the authority to represent the country’s interest.

1 Azerbaijan Azerbaijan Government CERT (CERT.GOV.AZ)

2 Bangladesh Bangladesh e-Government Computer Incident Response Team (BGD e-GOV CIRT)

3 Brunei Darussalam Brunei Computer Emergency Response Team (BruCERT)

4 Cote D’Ivoire Cote D’Ivoire Computer Emergency Response Team (CI-CERT)

5 Egypt Egypt Computer Emergency Response Team (EG-CERT)

6 Indonesia Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center) (Id-SIRTII/CC)

7 Iran Iran Computer Emergency Response Team (IRCERT)

8 Jordan Jordan Computer Emergency Response Team (JO-CERT)

9 Kazakhstan Kazakhstan Computer Emergency Response Team (KZ-CERT)

10 Libya Libyan Computer Emergency Response Team (Libya-CERT)

11 Malaysia CyberSecurity Malaysia

12 Morocco Moroccan Computer Emergency Response Team (maCERT)

13 Nigeria Consultancy Support Service Limited (CS2)

14 Oman Oman National Computer Emergency Response Team (OCERT)

15 Pakistan National Response Centre for Cyber Crimes (NR3C)

16 Qatar Qatar Computer Emergency Response Team (Q-CERT)

17 Saudi Arabia Computer Emergency Response Team – Saudi Arabia (CERT-SA)

18 Sudan Sudan Computer Emergency Response Team (SudanCERT)

19 Syria National Agency for Network Services

20 Tunisia National Agency for Computer Security (tunCERT)

21 UAE UAE Computer Emergency Response Team (aeCERT)

General Member - Other related government organizations, non- governmental organizations or

academia that deals with cyber security matters. However, these parties do not have the authority to represent the country’s interest.

1 Bangladesh BangladeshCERT

2 Bangladesh Computer Emergency Response Team (bdCERT)

3 Iran Isfahan University of Technology Computer Emergency Response Team (IUTcert)

4 Amirkabir University of Technology Computer Emergency Response Team (AUTcert)

5 Sharif University of Technology Computer Emergency Response Team (SharifCert)

6 Shiraz University ICT Center (SUcert)

7 Maher Center

8 APA Ferdowsi University of Mashhad CERT (APA-FUMcert)

9 Kazakhstan Center for Analysis and Investigation of Cyber-Attacks (CAICA)

10 Pakistan Pakistan Information Security Association (PISA-CERT)

11 Turkey Turkey Computer Emergency Response Team (TR-CERT)

1

2

4

Affiliate Member - Organization that deals with cyber security matters from the Non-Profit Institutions

of Non OIC-CERT States.

1 United States of America

Team Cymru

Commercial Member - Industrial or business organizations that deals with cyber security matters

from the OIC and non-OIC member countries.

1 Korea Duzon

2 Malaysia

FireEye Malaysia

3 Telekom Applied Business Sdn Bhd (TAB)

4 Turkey May Cyber Technology

5 United Kingdom Intellium Ltd

Professional Member - Individuals who are experts in the information security area.

1 Malaysia Assoc. Prof. Dr. Hatim Mohammad Tahir - Universiti Utara Malaysia

2 Prof. Dr. Rabiah Ahmad - Universiti Teknikal Malaysia Melaka

3 Abdul Fattah Mohamed Yatim - Teknimuda (M) Sdn Bhd

4 Yemen Dr. Abdulrahman Ahmad Abdu Muthana - Smart Security Solutions

Fellow Member - These are individual co-founders of the OIC-CERT and those who use to actively

represent their organization as an OIC-CERT member for a -minimum period of 5 years.

1 Tunisia Prof. Nabil Sahli - National Agency for Computer Security

Honorary Member - Individuals or organizations who has demonstrated extraordinary contributions,

support and exemplary leadership to the OIC-CERT.

1 Organisation of Islamic Cooperation

4

5

6

7

3

5

Members’ activities

AZERBAIJAN ............................................................................................................................................................... 6

Azerbaijan Government CERT ................................................................................................................................. 6

BANGLADESH ............................................................................................................................................................. 9

Bangladesh e-Government Computer Incident Response Team ............................................................................. 9

Bangladesh Computer Emergency Response Team .............................................................................................. 12

BRUNEI DARUSSALAM ............................................................................................................................................ 13

Brunei Computer Emergency Response Team ...................................................................................................... 13

EGYPT ........................................................................................................................................................................ 19

Egypt Computer Emergency Response Team ....................................................................................................... 19

IRAN ........................................................................................................................................................................... 21

Iran Computer Emergency Response Team .......................................................................................................... 21

MALAYSIA ................................................................................................................................................................. 24

CyberSecurity Malaysia .......................................................................................................................................... 24

OMAN ......................................................................................................................................................................... 31

Oman National Computer Emergency Response Team ......................................................................................... 31

PAKISTAN .................................................................................................................................................................. 34

Pakistan Information Security Association .............................................................................................................. 34

TUNISIA ...................................................................................................................................................................... 36

Tunisian Computer Emergency Response Team ................................................................................................... 36

YEMEN ....................................................................................................................................................................... 37

Smart Security Solutions ........................................................................................................................................ 37

6

AZERBAIJAN Azerbaijan Government CERT Full Member

A. HIGHLIGHTS OF 2017

About CERT.GOV.AZ

1. Introduction

CERT.GOV.AZ offers assistance in computer and network security incident handling and provides incident coordination functions for all incidents involving systems and networks located in the state sector of Azerbaijan Republic.

RFC-2350 : http://cert.gov.az/en/pages4/rfc- 2350.html.

Promo : https://www.youtube.com/watch? v=tYqPc-lzd54.

2. Host Organization

Special State Protection Service of Azerbaijan.

Special Communication & Information Security State Agency.

Azerbaijan Government CERT (CERT.GOV.AZ).

3. Establishment

20 April 2008.

4. Resources

Government.

5. Constituency

Constituency of CERT.GOV.AZ – all networks and the users allocated in the state sector of the Azerbaijan Republic.

6. Summary of Major Activities

i. Incident Response

CERT.GOV.AZ will assist system administrators in handling the technical and organizational aspects of the incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management.

Incident Triage

o investigating whether indeed an incident has occurred; and

o determining the extent of the incident.

Incident Coordination

o determining the initial cause of the incident (the used vulnerability);

o facilitating contact with other sites which may be involved;

o making reports to other Computer Emergency Response Team / Computer Security Incident Response Team (CERT/CSIRT) teams; and

o composing announcements to users, when applicable.

Incident Resolution

o removing the vulnerabilities;

o liquidation of consequences of incident;

o evaluating the possible additional actions taking into account their cost and risk;

o provide assistance in evidence collection and data interpretation when needed; and

o In addition, CERT.GOV.AZ will collect statistics concerning incidents and will notify the community where necessary to assist in protecting against known attacks.

7

Proactive Activities

o Information services:

CERT.GOV.AZ publishes advisories for events and incidents that are considered of special importance to users in the constituency. Information is disseminated via various channels (web, RSS feeds, mailing lists etc).

o Training services:

Members of CERT.GOV.AZ periodically hold seminars on various aspects of information and network security.

7. CERT.GOV.AZ welcome reports on computer security related incidents at:

Representative mail : rep@cert.gov.az Group mail : team@cert.gov.az General use : info@cert.gov.az Tel. +994 12 435 28 25 Fax. +994 12 435 28 31

B. MAIN ACTIVITIES, ACHIEVEMENTS AND EVENTS IN 2017

Recorded and handled 2295 incidents.

Provided 217 Audit/Pentest for required government bodies.

Established the OIC-CERT Awareness system and provided 4 tests.

Organized and hosted the OIC-CERT 2017 Annual Conference.

Signed a Memorandum with the Financial Market Supervisory Authority for the provision of training for all local and foreign banks that operates in Azerbaijan.

Published 4 series of “İnformation Security” journals for government bodies and for free distribution.

Published a new version of the website cert.gov.az.

Established new centralized threats protection systems for the government.

Reconstructed 24/7 CERT monitoring center.

Taken part in Malaysian Technical Cooperation Programme (MTCP).

Participated in different local and international conferences and courses (OIC- CERT, FIRST, NATO)

C. PLANS FOR 2018

Working on multifunctional antivirus system established by CERT.GOV.AZ - https:// www.youtube.com/watchv=eK_84ncWFEE.

To fill Information Security Library within the OIC-CERT Membership portal initiated by CERT.GOV.AZ.

Work on OIC-CERT member’s data update automatization.

Continue collaboration with CERTs internationally.

D. PHOTOS

8

9

BANGLADESH Bangladesh e-Government Computer Incident Response Team Full Member

A. HIGHLIGHTS OF 2017

About BGD e-GOV CIRT

1. Introduction

BGD e-GOV CIRT mission is to support government efforts to develop and amplify ICT programs by establishing incident management capabilities within Bangladesh, which will make these programs more efficient and reliable.

2. Establishment

The process to establish BGD e-GOV CIRT started in November 2014 and the team starts operation on February 2016.

3. Resources

Currently there are 5 people are working in BGD e- GOV CIRT and more people will be joining soon.

10

4. Constituency

Constituency of BGD e-Gov CIRT is all government ministries & institutions in Bangladesh.

5. Summary of Major Activities

667 cyber security incident registered in our tracking system;

Organized 3 cyber security events;

Arranged 18 cyber security trainings; and

Published various cyber security related articles in native language (Bengali).

6. Achievements

Published ”BGD e-GOV CIRT” annual report for 2016.

Published ”Government of Bangladesh Information Security Manual (GoBISM) v1.1

B. ACTIVITIES AND OPERATION

1. Events organized by the agency

International Cyber Security Conference Bangladesh;

Workshop on Cyber Security Management at the Bangladesh Computer Council; and

CERT Game Challenge conducted by comCERT and NRD.

2. Events involvement

Attended the ”50th TF-CSIRT Meeting & FIRST Regional Symposium for Europe”;

Attended the ”2017 APISC Security Training Course”;

Attended the ”29th Annual FIRST Conference in Puerto Rico";

Participated in the ”OIC Drill 2017”;

Attended the ”OIC-CERT Annual Conference 2017 in Baku, Azerbaijan”.

Attended the ”APCERT Annual General Meeting & Conference 2017 in New Delhi, India”.

3. Achievement

Created 2496 Cyber aware people through conducting different types of trainings and events.

Recognized by the Bangladesh Government as the only Operational CIRT of Bangladesh Government network.

BGD e-GOV CIRT vulnerability report along with the Point of Contacts enable various government organizations to resolve cyber security issues which help to ensure a better cyber security environment within the e-Government network of Bangladesh.

C. 2018 PLANNED ACTIVITIES

CIRT laboratory will be operational which will enable BGD e-GOV CIRT to analyse malwares, initiate forensic jobs and many other capabilities.

Sensor Network will be operational.

Cyber Range will be operational.

D. PHOTOS

First Cyber Security Conference

International Cybersecurity Conference hosted in BGD e-GoV

CIRT inagurate by the Honorable Chief Guest, Honorable State Minister of ICT Division Zuanid Ahmed Palak, MP

11

International Cybersecurity Conference hosted in BGD e-GOV

CIRT

Training on EnCase Forensic Certification

Training on vulnerability assessment and penetration testing for government officials of Bangladesh in BGD e-GOV CIRT training

lab

Blue Whale game awareness rising campaign by BGD e-GOV

CIRT presented by the Honourable State Minister of ICT Zuanid Ahmed Palak, MP

Member of the Board of Directors of FIRST.Org Inc and Senior

Internet Security Specialist of APNIC Mr Adli Wahid visited BGD e-GOV CIRT on October 2017

Accounting Fraud Investigation training for Auditor General of

Bangladesh & Foreign Aided Project Audit Directorate (FAPAD) officials in BGD e-GOV CIRT training lab

Certified Ethical Hacker certification for law enforcement agency

of Bangladesh presentation ceremony by the Honourable Minister of ICT, Zuanid Ahmed Palak MP. Hosted by BGD e-Gov CIRT

12

Bangladesh Computer Emergency Response Team General Member

A. HIGHLIGHTS OF 2017

1. Summary of Major Activities

Implementation of the Information and Communication Technology Act 2006 in Cyber incident management.

Organized 6 cyber security and cyber forensics events workshops and seminars.

Training on forensic

Arranged 6 cybersecurity trainings home and abroad.

Published cyber security related policies in Bengali & English.

2. Achievements

Established Bangladesh –CERT forensic lab.

Digital Forensic Lab

B. ABOUT BANGLADESH CERT

1. Introduction

As per the ICT Act 2006 of Bangladesh, Bangladesh CERT works to support the government agencies and the cyber tribunal in terms of monitoring cyber incidents and cyber incident investigation in Bangladesh.

2. Establishment

The process of establishing Bangladesh CERT started in January 2012 and team started its operation in April 2015.

3. Resources

6 persons are working in Bangladesh CERT team.

Cyber forensic lab with hardware and software was established.

4. Constituency

Constituency of Bangladesh CIRT covers the activities of Bangladesh Government as per the provisions of the Information and Communication Technology Act 2006 of Bangladesh.

C. ACTIVITIES AND OPERATION

1. Events organized by the organization / agency

Cyber Security Conferences in Bangladesh for University students, Government Officials, School / College / University teachers and journalists.

A Seminar on “Cyber Effect - Impact of Technology in

the Society”

Workshop on cyber-crime investigation in CCA Office Management.

13

A Workshop “Cyber Crime: Prospective Solution In

Bangladesh”

2. Events involvement

Forensic Tool kit (FTK) boot camp in Dubai.

Cellebrite Training in Singapore.

The OIC-CERT Annual Conference 2017 in Baku, Azerbaijan.

3. Achievement

10,000 high school girls were made aware through cyber awareness trainings and workshops.

Setting up a well-equipped cyber forensic lab

D. 2018 PLANNED ACTIVITIES

Bangladesh CERT Forensic Laboratory would be made active which would enable investigation & analyse cyber cases; initiate forensic activities to report to the cyber court.

BRUNEI DARUSSALAM Brunei Computer Emergency Response Team Full Member

A. HIGHLIGHTS OF 2017

About BruCERT

1. Introduction

The Brunei Computer Emergency Response Team (BruCERT) was established in May 2004. It was formed in collaboration with AITI, the Ministry of Communication, to become the nation’s first trusted one-stop referral agency in dealing with computer-related and Internet-related security incidents in Brunei Darussalam.

BruCert Services

24X7 Security Related Incidents and Emergency Response from BruCERT.

24X7 Security Related Incidents and Emergency Response onsite (Deployment response is within 2hrs after an incident report is received). This service only applies to BruCERT Constituents.

Broadcast alerts (Early Warning) of new vulnerabilities, advisories, viruses and Security Guidelines from BruCERT Website. BruCERT Constituents will receive alerts through email and telephone as well as defence strategies in tackling IT Security related issues.

Promote Security Awareness program to educate and increase public awareness and understanding of information security and technical know-how through education, workshop, seminar and training.

Coordinating with other CERTs, Network Service Providers, Security Vendors, Government Agencies as well as other related organization to facilitate the detection, analysis and prevention of security incidents on the internet.

2. BruCERT Establishment

BruCERT coordinates with the local and international Computer Security Incident Response Team (CSIRTs), Network Service Providers, Security Vendors, Law Enforcement Agencies as well as other related organizations to facilitate the detection, analysis and prevention of security incidents on the Internet.

14

3. BruCERT Workforce

BruCERT currently has strength of 66 staff (100% local) of which a majority specializing in IT and the rest is administration and technical support. The staffs has undergone training on various IT and security modules, such as A+, N+, Linux+, Server+, Security+, SCNP, SCNA, CIW, CEH, CCNA, CISSP.

BS7799 Implementer and SANS trainings such as GREM, GCIA, GCIH, GCFA, GPEN, where most of BruCERT workforce has gained certifications in.

4. BruCERT Constituents

BruCERT has close relationship with Government agencies, 2 major ISPs and various numbers of vendors.

Government Ministries and Departments

BruCERT provide Security incident response, Managed Security Services and Consultancy services to the government agencies. Security Trainings such as forensic and awareness trainings were provided by BruCERT in collaboration with some government agencies.

E-Government National Centre (EGNC)

E-Government National Centre provides IT Services to all government departments and ministries in Brunei Darussalam. Services such as IT Central procurement, Network Central Procurement, Co-location, ONEPASS (a PKI initiative), Co-hosting are provided by EGNC. BruCERT work closely with EGNC in providing incident response and security monitoring since most of the government equipment resided at EGNC.

AITI

Authority for Info-communications Technology Industry of Brunei Darussalam (AITI) is an independent statutory body to regulate, license and develop the local ICT industry and manage the national radio frequency spectrum.

AITI has appointed ITPSS (Information Technology Protective Security Services), an IT local security company to become the national CERT in dealing with incident response in Brunei.

Royal Brunei Police Force (RBPF) and other Law-Enforcement Agencies (LEAs)

BruCERT has been collaborating with RBPF and other LEAs to resolve computer-related incidents through our Digital and Mobile Forensic services.

TelBru – BruNet

TELBru, the main Internet service provider and BruCERT have been working together to engage information sharing of internet-related statistics and the current situation of IT environment in Brunei.

DST

The second largest internet service provider in Brunei.

5. BruCERT Contact

BruCERT welcome reports on computer security related incident. Any computer related security incident can be reported to us by:

Telephone: (673) 2458001 Facsimile: (673) 2458002 Email: cert@brucert.org.bn website: www.brucert.org.bn www.secureverifyconnect.info

B. BruCERT OPERATION IN 2017

1. Incident Response

In 2017, BruCERT deployed security threat intelligence sensors at strategic network infrastructures to detect malicious activities within the network. Most of the high severity threats are due to malware related activities such as generic malware, malware infection, malicious bot and IRC Bot. There are some hacking attempts due to vulnerabilities which may have been performed by worms. The problems may arise due to the lack of security controls such as no or outdated antivirus solutions, unpatched operating systems or using legacy operating systems. The security incidents might also be due to no administrative controls to machines connected to the network. The statistic of the security incident is shown as Figure 1:

15

Figure 1 : Statistic on Security Incident

Types of Attack Count

Root Level Intrusion 142

User Level Intrusion 450

Unsuccessful Activity Attempt 94

Denial of Service 16

Non-Compliance Activity 428

Reconnaissance 198

Malicious Logic 815

Table 1 : Number of security incidences

C. BruCERT ACTIVITIES IN 2017

1. Seminars / Conferences / Meetings / Visits

BruCERT attended and presented papers at various seminars, conferences and meetings related to the field of ICT security.

6th November 2017 until 9th November 2017 - Two BruCERT delegates attended the OIC-CERT AGM and Annual Conference 2017 which took place in Baku, Azerbaijan, hosted by the Azerbaijan Government CERT.

12th November 2017 until 15th November 2017 - Two BruCERT delegates at- tended the APCERT AGM and Annual Conference 2017 which takes place at Royal Park Hotel, New Delhi, India, hosted by CERT-IN.

2. Awareness Activities

In the beginning of 2017, the Secure Verify Connect campaign highlighted cases of real cyber-crimes – both on our radio show and in our social media. Topics covered included cyber bullying, sextortion,

romance scam, online defamation and booksis scam.

In April and May 2017, BruCERT focused on bringing awareness on ransomware, where coincidentally, the Wannacry ransomware, attack happened in May. Topics covered were: Ransomware, downloading ransomware, ransomware phone call, and ransomware prevention. These topics were communicated through our various channels simultaneously: social media, radio, cinema and TV.

In June 2017, BruCERT has chosen topics that was relevant to the current fasting / Eid festive season, which were: unverified messages, online shopping and personal details. These topics were communicated through the radio and social media. On 27 June 2017, BruCERT posted an advisory on Petya ransomware on the social media.

In July 2017, the awareness program continued with the previous month’s theme of topics related to Eid festive season such as; exposing your location, data back-up, and personal details. These topics were communicated through the radio and social media. In early July 2017, BruCERT released an advisory video on the Wannacry & Petya ransomware on the Radio Television Brunei (RTB). It was aired for 2 weeks with the aim of reaching the civil servants.

From August to October 2017, our radio show and social media highlighted cases of real cyber-crimes. BruCERT also highlighted the Bad Rabbit ransomware. In November and December 2017, in light of the end of the year travel season, BruCERT repeat topics that are related to travelling.

i. Awareness videos

This year, BruCERT released 2 new awareness videos:

Don’t let ransomware hold you hostage; and

If your kids can’t turn to you, they might turn to someone else online.

BruCERT awareness videos are distributed through the television (during the local nightly news on RTB), cinema advertising, social media and YouTube.

ii. Radio (RTB Pilihan FM & Kristal FM)

In addition to our English radio show Cyber Safe on RTB Pilihan FM, which has been on-going since 2014, BruCERT has also introduced a range of public service announcements (PSAs) on Kristal FM in both the English and Malay languages. This year,

16

BruCERT has released a total of 28 new topics for Pilihan FM and 26 topics for Kristal FM.

iii. Television (RTB1 & RTB2)

May to July 2017: “Don’t let ransomware hold you hostage”;

August to October 2017: “If your kids can’t turn to you, they might turn to someone else online”; and

November to December 2017: “Be cyber smart when you travel”.

iv. 2017 Desktop Calendar

ITPSS/BruCERT published a desktop calendar which highlights different awareness messages each month. The calendar was distributed to our clients, stakeholders and staffs.

v. 2017 Hari Raya packets

ITPSS/BruCERT printed Eid packets which include awareness messages. The packets were distributed to our mailing list of clients, stakeholders and staffs.

vi. ITPSS email signature

Our staffs email signatures includes new awareness message every month, in accordance with the message on ITPSS desktop calendar.

vii. Awareness website

BruCERT’s public awareness website www.secureverifyconnect.info garners an average of 5,200 visits per month. BruCERT plans on refreshing the website in 2018, with a new look and layout.

3. Events

i. Awareness talk for PKBN February 20 & 22, 2017

AiTi forwarded a request from PKBN for a talk on social media etiquette. PKBN split the audience into two sessions. Topics covered were password management, online predators and social media safety.

ii. Awareness talk for PTE Meragang February 28, 2017

A teacher from PTE Meragang contacted ITPSS requesting for a talk on internet safety with an emphasis on cyber bulling and sending explicit selfies to another person. The talk was held during

the orientation for the new intake of Lower Six students (480 pax), which was split into two sessions.

iii. Awareness talk for Maktab Duli March 15, 2017

BruCERT was approached by a teacher of Maktab Duli to give a talk on cyber security and internet etiquette to create awareness amongst staff and students. About 500 lower six students were in attendance. They found it particularly interesting when BruCERT staffs talked about social media pros & cons, explaining what could happen when there is misuse of the social media. At the end of the talk, some students approached BruCERT asking about the safety of using cellular data, and also the legal aspects and practices on illegal downloads.

iv. Awareness talk at IBTE Agro- Technology Campus, Wasan March 16, 2017

A Senior Technical Instructor at IBTE Agro-Technology Campus requested an awareness talk for students of NTec in Food Processing. Around 100 students from the course attended the talk. BruCERT presented on password management and also gave advice to avoid falling for online scams. One student asked how to detect if the home wifi is being attacked. Another student asked how spyware works when the device is not connected to the internet.

v. Indonesian Defence University study visit to ITPSS March 16, 2017

The Embassy of The Republic of Indonesia organized a study visit for students of the Asymmetric Warfare Study Program Cohort 5 from the Indonesian Defence University (IDU). The visit was attended by 23 students of IDU, officials from the university and representatives of the Indonesian embassy.

The students came well prepared with many questions for ITPSS regarding the state of cyber security in Brunei Darussalam. Their Head of Delegation, Rear Admiral Ir. Rusmali Anggawiria, later exchanged souvenirs with the BruCERT CEO and there was a group photo session with all attendees.

vi. Awareness talk for Cosmopolitan College March 29, 2017

A student from CCCT studying HND in Business Management was assigned to organize an event for the college. She invited BruCERT to deliver an IT

17

security awareness talk. In total, 40 students from different levels (HND, Diploma and NCC in Business/IT) were invited for the session. BruCERT presented topics on Online Predators, Computer Misuse Act and Password Management.

After the talk, some students approached BruCERT with questions including “Has ITPSS been hacked?”, “How to practice safe vlog / blog”, and “Measures to be taken online and on social media”.

BruCERT distributed a survey to 30 students to gain feedback on the effectiveness of the talk, and had also engaged with some audience members for their verbal feedback.

vii. World Backup Day March 31, 2017

BruCERT ran a short campaign on social media in support of the World Backup Day to bring awareness to the importance of backing up important data. The posts included:

What is Backup? Why backup? How should I backup? Take the pledge

viii. Awareness talk for Yayasan Sultan Haji Hassanal Bolkiah April 11, 2017

BruCERT delivered a talk on Security Protocols in Handling Social Media as requested by Yayasan Sultan Haji Hassanal Bolkiah (YSHHB). The talk was attended by 27 staff & teachers who have been selected to handle YSHHB's official Instagram and Facebook pages. The aim of the talk was to educate them on how to safely use social media for promoting YSHHB to the public.

ix. MINDEF Roadshow (OCS Tanah Jambu) April 17-18, 2017

ITPSS was invited by MINDEF to be a part of their exhibition on mobile phone security threats, during a 2-day awareness event for members of MINDEF and RBAF. Our Digital Forensics team showcased a mobile hijacking demonstration, and displayed tools used for mobile & computer forensics. Also taking part in the roadshow was the Defense Information Technology Unit (DITU) and a guest speaker from the Singapore's Ministry of Defense, Raymond Chan. The guest of honour was Pehin Datu Pekerma Jaya Major General Dato Paduka Seri Mohd Tawih bin Abdul- lah, Commander of the RBAF.

x. Awareness talk for Ketua Kampong and Penghulu Mukim May 15, 2017

One of our new target areas for cyber security awareness is the kampongs. BruCERT had approached MOHA, whom recommended for BruCERT to start by giving talks to the Ketua-Ketua Kampong and Penghulu-Penghulu Mukim as they are the grassroot leaders. From there, BruCERT will work our way down to the kampongs. The Brunei-Muara District Office helped to gather the Ketua-Ketua Kampong and Penghulu-Penghulu Mukim from 9 mukims in the Brunei Muara district on May 15, in 2 sessions. A total of 63 people attended the talk.

xi. JAPEM’s Children’s Rights Awareness Event May 23, 2017

JAPEM invited BruCERT to participate in their event, "Program Kesedaran Hak Kanak- Kanak", at the Indoor Stadium, which involved children from Year 3 to 6 from 10 primary schools. BruCERT, together with other agencies such as JAPEM, UBD's Faculty of Arts & Social Sciences (BPM FASS), RBPF and Putera Seni were given booths to conduct awareness activities for the kids. BruCERT focused on Internet safety, chatting with strangers, the dangers of posting personal information online, and what to do if strangers ask personal questions. The kids also watched some of the awareness videos and played “Think Before You Post” on the kiosk.

xii. Hari Raya Spot The Mistake Contest July 2017

This was an interactive activity that BruCERT’s Instagram followers can participate and aimed at gaining new followers and increasing the engagement. In order to join, the Instagram users have to follow @bruneicert and identify mistakes in the images that BruCERT posted. They would then have to comment and tag two friends. Winners were randomly selected out of the qualified entries. The contest ran for two weeks during the month of Syawal.

xiii. Awareness talk for Sekolah Rendah Tentera Laut July 13, 2017

BruCERT was invited by Sekolah Rendah Tentera Laut for an IT security talk. BruCERT presented to 83 students of the school aged 9 to 11 years old. We covered the usual topics such as internet ethics, managing social media and password management. During the Question & Answer session, the teachers

18

voiced their concern on students’ social media posts.

xiv. SANS public presentation “One Click Is All It Takes To Bring Down An Organization” July 17, 2017

ITPSS hosted a public presentation by Bryce Galbraith of SANS Institute. The event was held at The Core, UBD with 129 people from the public and private sectors. Galbraith also demonstrated examples of spear-phishing techniques and explored ways to fight Advanced Persistent Threats (APT).

xv. Cyber Battle : Capture The Flag 2017 September 3 & 10, 2017

This is the third time ITPSS organized the annual competition. This year, Cyber Battle was supported by Universiti Teknologi Brunei (UTB) as part of their Science and Technology Week. The qualifying round was held online on 3 Sept, while the final round was hosted at UTB on 10 Sept. The winners of the competition were Alert(1), NZN and Huroom. The prize presentation was held on the 12 Sept with the Minister of Education, YB Pehin Orang Kaya Indera Pahlawan Dato Seri Setia Awang Haji Suyoi bin Haji Osman as the Guest of Honor.

xvi. Awareness talk for IBTE Jefri Bolkiah September 13, 2017

IBTE Jefri Bolkiah contacted BruCERT requesting an IT security awareness talk for 100 students from the School of Computing. BruCERT gave the presentation on malware and Computer Misuse Act, while covering some technical topics on why malware is dangerous and how it can be avoided. IBTE Jefri Bolkiah thought it was really useful and the students enjoyed the talk.

xvii. Awareness talk for Politeknik Brunei September 26, 2017

121 students from the School of Information and Communication Technology attended the talk by BruCERT. The awareness talk covered issues such as the social media trends and online threats such as the Ransomware. It was also interactive as they were asked on how to differentiate between genuine and phishing web-sites.

xviii. Roadshow at Brunei Shell Petroleum November 1-3, 2017

The Brunei Shell Petroleum (BSP) requested BruCERT to participate in their Cyber Security Awareness roadshow at BSP headquarters to raise awareness among BSP and BSJV staffs. Due to the

location and scope of the roadshow, BruCERT had to charge them for the participation. They were agreeable to the cost, and on the first day of the 2- day roadshow, they requested for us to extend the roadshow to 3 days.

BruCERT customized some activities for the client, such as Don’t Get Phished, which is a kiosk game and also included popular activities such as Dumpster Diving. BruCERT also played awareness videos on another kiosk. There was a demo from the Digital Forensic team on mobile malware, which also ran a demo on webcam hacking. BruCERT staffs presented 2 awareness talks during the road- show.

xix. IT security awareness talk for Setia Protective Security Services (SPSS) November 6, 14 & 16, 2 017

SPSS requested an IT security awareness talk for 75 of their personnel. The half-day talk was divided into 3 sessions of 25 pax each. BruCERT presented, highlighting the importance of maintaining information security, password management as well as social media issues. Reported cases and statistics were also shared during the sessions. The talk was held at Training Room, ITPSS.

xx. GDG DevFest 2017 November 10, 2017

ITPSS was given 2 slots for speaking at Google Developer Group DevFest 2017. For the first presentation, BruCERT staff presented ‘Let’s Talk Application Security’, which covers on how to make applications secured, and avoid exploitations from the hackers’ perspective. The second presentation was by BruCERT Digital forensic team, explaining various exploitation methods used to steal and spy on the victims using Android devices.

xxi. Cosmopolitan College visits ITPSS November 28, 2017

The Cosmopolitan College contacted BruCERT requesting for an educational visit to ITPSS. A group of 15 students from the Computing Department were given presentations by the BruCERT team. BruCERT team briefly introduced the ITPSS company profile, BruCERT role, the Digital Forensics services before giving an IT security awareness talk. The visit ended with a short tour of ITPSS.

xxii. Awareness talk for IBTE School of Aviation November 30, 2017

IBTE School of Aviation requested for an awareness talk for 240 students. BruCERT gave a presentation

19

covering cyber threats, social engineering, ransomware, malware and social media safety. BruCERT also did a demo on passwords, where different combinations were shown to prove how it affects the strength of a password.

xxiii. Awareness talk & roadshow at AMBD December 20, 2017

AMBD requested an awareness talk for their employees and a 1-day roadshow for the occupants of the MOF building. The talk on ‘The Anatomy of Phishing’ was delivered by BruCERT staff, followed by a presentation on ‘Money Muling’ and a phishing demonstration. The roadshow comprised of cyber security games, activities and live demonstrations of webcam take- over, mobile phishing, and reverse engineering malwares. Don’t Get Phished game taught the visitors how to identify scam emails, while the Dumpster Diving game teaches the importance of properly disposing unwanted documents. The high- light of the roadshow was the Password Challenge contest, which the visitors are challenged to create a strong password.

4. Conclusion

In 2017, BruCERT with the help of new security intelligence sensors have a better view of the IT

security posture in Brunei Darussalam. The threats are mostly malware related activity such as generic malwares, malware infections, malicious bots and IRC bots. Automatic propagation via the open vulnerable services or network is also possible which is why it is critically important to enforce strong, secure passwords and to always keep the hosts on the network up to date with patches of their operating system, browsers, and other applications. Users need to be educated or be made aware of how malware can penetrate their systems. Simply clicking on a malicious URLs found in emails, web pages, or instant messages will open the browser to a web page that can automatically install the malware on his system if the browser is vulnerable. Hackers / attackers typically use social engineering to entice, intimidate, or otherwise trick the victim into running malicious code or clicking on a URL.

Even though incidents reported to BruCERT are still far less compared to other countries, this improvements gives a positive outcome where BruCERT will actively continue to improve its services as a national and government CERT. Hopefully with the ongoing and upcoming initiatives such as the BruCERT road shows, security awareness to schools and publication of security awareness magazine will better educate the people on the importance of information security and online safety.

EGYPT Egypt Computer Emergency Response Team Full Member

A. HIGHLIGHTS OF 2017

1. Summary of Major Activities

Cairo Security Camp which is an annual Conference targeting the Information Security Community of the Middle East and North Africa (MENA Region).

Arab Security Conference is an annual cyber security conference held in Cairo, Egypt. Hosted by the Arab Security Consultants and ISEC, firms operating in the field of information security in Egypt and the Middle East. It strives to raise the cyber security awareness in the Arab world.

ITU Regional Forum on Cybersecurity in the Era of Emerging Technologies was held in Egypt with the participation of EG-CERT.

2. Achievements

The Global Cybersecurity Index (GCI) ranked Egypt as 2nd among the ARAB countries and also 2nd among African countries and was

20

ranked as the 14th among 165 countries world- wide.

EG-CERT participated in the FIRST-ITU Regional Symposium & Cyber Drill for Africa and Arab Region that took place in Dar el Salaam, Tanzania

EG-CERT participated in the 6th Regional Cybersecurity Summit 2017 that took place in Muscat, Oman.

EG-CERT participated in the OIC-CERT Annual Conference 2017 that took place in Baku, Azerbaijan.

B. ABOUT EG-CERT

1. Introduction

EG-CERT was established in April 2009 as part of the National Telecom Regulatory Authority (NTRA).

2. Establishment

EG-CERT is charged with providing computer and information security incident response, support, defense and analysis against cyber-attacks and collaboration with government organizations, financial entities and any other critical information infrastructure sectors in Egypt. Our mission is to provide an early warning system against malware spreading and massive attacks against the Egyptian critical information infrastructures.

3. Resources

Incident handling.

Malware analysis.

Penetration testing.

Digital forensics.

4. Constituency

Types of Constituency Government, private and public sectors.

Source of Constituency Both external and internal.

Description of Constituency Work as a trusted center for cyber security services across the Egyptian cyber space.

Country of Constituency Egypt

C. ACTIVITIES AND OPERATION

1. Events organized by the organization /

agency

The NTRA and EG-CERT organized the African IGF (AfIGF2017);

The launching of Cairo ICT 2017 was organized by NTRA;

The 12th Meeting of the Arab Standardization Group (ASTEAM) 2017;

FIRST-ITU Regional Symposium & Cyber Drill for Africa and Arab Regions;

NTRA participates in the Annual Araxxe Fraud and Revenue Assurance Conference; and

EG-CERT participates in DEFCAMP Conference in Bucharest, November 2017.

2. Events involvement

EG-CERT participated in the 6th Regional Cybersecurity Summit 2017 that took place in Muscat, Oman.

EG-CERT participated in the OIC-CERT Annual Conference 2017 that took place in Baku, Azerbaijan.

21

EG-CERT participated in the FIRST-ITU Regional Symposium & Cyber Drill for Africa and Arab Region that took place in Dar el Salaam, Tanzania

EG-CERT participated in Defcamp CTF in Bucharest, Romania and was ranked as 7th worldwide.

3. Achievement

The EG-CERT was honored to welcome the Ghanaian minister of communications, Ursula Owusu-Ekuful, and a Memorandum of Understanding (MoU) was signed between the two ministries, aimed at:

o enhancing bilateral cooperation in the ICT field;

o developing and supporting training opportunities;

o setting policies; and promoting research, o innovation and entrepreneurship.

Benefiting both public and private sectors.

The EG-CERT supported the UG-CERT to be a member in FIRST.

Global Cybersecurity Index (GCI) ranked Egypt as 2nd among ARAB countries, 2nd among AFRICAN countries and 14th among 165 countries.

EG-CERT participated in the Defcamp CTF Bucharest, Romania, and was ranked as 7th worldwide.

EG-CERT participated in the Arab security CTF and was ranked as 1st on Egypt.

D. 2018 PLANNED ACTIVITIES

Establish a National SOC.

Host regional events.

Participating in Cyber Drills and CTFs.

IRAN Iran Computer Emergency Response Team Full Member

A. HIGHLIGHTS OF 2017

1. Summary of Major Activities

Developing Ceop.ir website and holding more than 500 workshops on protecting children in the cyber space.

Promoting self-assessment system including DNS, SSL/TLS, and modem checking.

Generating a native social network engine.

Developing a native honeypot with 367 servers in 26 provinces of IRAN.

Developing a native honeypot with 367 servers in 26 provinces of IRAN;

Identifying 1000 victims of bank spywares;

Evaluation of encryption protocol security of 40 websites;

Identifying 14,740 suspicious files via developed intelligent virus scan system;

Developing security assessment system;

Creating Computer Security Incident Response Teams (CSIRTs) in all the provinces of IRAN; and

Setting up a DDOS prevention cloud system.

22

Training Workshop on Protecting Children in Cyber

Space

2. Achievements

Protecting, training and awareness of children in cyber space;

Promoting security of a native social network;

Monitoring botnets and vulnerabilities on national IP spaces;

Discovering 22 billion attacks and 45 thousand malwares and identifying 2 million infected systems through a native honeynet;

Developing a Honeynet at the national level; and

Training and empowerment in security field by conducting workshops.

Network Security Workshops

B. ABOUT IrCERT

1. Introduction

The Iran Computer Emergency Response Team (IRCERT) provides assessing and analyzing, monitoring, data gathering and updating, intrusion detection and incident response, maintenance, and supporting teams. It receives vulnerability reports, software and hardware products security flaws from the whole country, and provides IPs and .ir domains security.

2. Establishment

This center creates a single point in the Ministry of ICT for cyberspace incident handling activities and coordination.

3. Resources

IRCERT is a vital subset of the Information Technology Organization (ITO) that is supported by the Ministry of Information and Communication Technology (ICT) of IRAN.

4. Constituency

This center is part of the security office of the Deputy of Information Technology Organization, Ministry of ICT.

23

C. ACTIVITIES AND OPERATION

1. Events organized by the organization / agency

Face to Face meeting of the OIC CERT board member in Mashhad, Iran;

Face to face meeting of the OIC-CERT Board Members in

Mashad, Iran.

Annual conferences of events and vulnerabilities in cybersecurity;

Conducting Capture the Flag games in the field of security forensic, reverse engineering, security coding, web-hacking and cryptography;

Capture the Flag Games

Malware trap and analysis workshop;

Penetration Test Training in Lorestan

Promotion of security awareness and training in executive organizations workshops in all Iranian provinces;

Conducting 500 training workshops for protecting children in cyber space.

Cyber Security workshops;

Web Security Workshop

2. Events involvement

Attending the OIC-CERT Annual Conference in Baku; and

Attending the International Iranian Society of Cryptology (ISC) Conference on Information Security and Cryptology.

3. Achievement

Publishing security requirements for Smartphone App Stores;

Publishing 15 national Security Requirements and 1 national strategy on cyber security incident; and

Publishing a book with the title “Ransomware : Anti-blackmail methods”.

D. 2018 PLANNED ACTIVITIES

Developing Honeynet network (software and hardware);

Conducting more than 4000 training and awareness workshops for protecting children in the cyber space;

Computer Security Incident Response Teams Reinforcement; and

Developing the IOT security framework.

24

Annual Conference of Events and Vulnerability in Cybersecurity

MALAYSIA CyberSecurity Malaysia Full Member

A. HIGHLIGHTS OF 2017

1. Major Activities

16 March 2017 Visit by the Department of Information and Communication Technology (DICT), Philippines.

20-21 March 2017 Conducted site visit to Bangladesh e-Government Computer Incident Response Team (BGD e-Gov CIRT) office in Dhaka, Bangladesh, to verify their application to be the Full Member of the OIC-CERT and Operational Member of the APCERT.

22 March 2017 Participated in the APCERT Drill 2017.

12-21 April 2017 Internship Program on Incident Handling Training for Bhutan Computer Incident Response Team (BtCIRT).

1 June 2017 Visit by the Academy of Information Systems (AIS) and Security Code, Russia.

12-16 June 2017 Won WSIS 2017 award presented by the International Telecommunication Union (ITU) in conjunction with the World Summit on the Information Security (WSIS) in Geneva, Switzerland.

15-17 May 2017 Visit by the State Technical Service Republican Enterprise (STS), Kazakhstan.

MoU signed with R&D Center of Kazakhtan

Engineering

1 August 2017 Conduct the APCERT Live Streaming / Webinar Training Program 16 entitled ‘Cyber Detection, Eradication and Forensic (Cyber DEF): ‘An active cyber defense approach in mitigating operational risk in cyberspace’.

14-23 August 2017 Organise the Information Security Capacity Building Training under The Malaysian Technical Cooperation Program (MTCP).

11 September 2017 Participate in the ASEAN CERT Incident Drill (ACID).

19 September 2017 Co-Organize the OIC-CERT Cyber Drill with Indonesia and extend invitation to the APCERT members.

25

9-12 October 2017 Organise the Cyber Security Malaysia - Awards, Conference & Exhibition (CSM- ACE) 2017.

YB Datuk Seri Panglima Wilfred Madius Tangau, Minister of Science and Innovation at CSM-ACE

2017

10-13 October 2017 Visit by the Nigerian Communications Commission (NCC).

Mr Ubale Ahmed Shehu, Executive Commissioner of the

Technical Services of Nigeria Communications Commission signing the guest book

6-9 November 2017 Participate and the Secretariat in the OIC-CERT 9th AGM & Annual Conference 2017, Baku, Azerbaijan.

13-15 November 2017Participate in the APCERT AGM & Annual Conference 2017, New Delhi, India.

13-15 November 2017 Participate in the APCERT AGM & Annual Conference 2017, New Delhi, India.

3-4 December 2017 As the OIC-CERT Permanent Secretariat, CyberSecurity Malaysia on behalf of OIC-CERT, has participated in the 3rd Annual Coordination Meeting of OIC Institution (ACMOI) in Jeddah, Saudi Arabia.

B. ABOUT CYBERSECURITY MALAYSIA

1. Introduction

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation of Malaysia with a vision of being a globally recognized National Cyber

Security and Specialist Centre by 2020.

CyberSecurity Malaysia provides specialized cyber security services as follows:

i. Cyber Security Emergency Services: Security Incident Handling. Digital Forensic.

ii. Security Quality Management Services: Security Assurance. Information Security Certification Body.

iii. Cyber Security Professional Development and Outreach: Info Security Professional Development. Outreach.

iv. Cyber Security Strategic Engagement and Research: Strategic Engagement and Research

2. Establishment

The journey started with the formation of the Malaysian Computer Emergency Response Team (MyCERT) on 13 January 1997 as a unit under MIMOS Berhad. The Cabinet Meeting on 28 September 2005, through the Joint Cabinet Notes by the Ministry of Finance and Ministry of Science, Technology and Innovation No. H609/2005 agreed to establish the National ICT Security and Emergency Response Centre, now known as CyberSecurity Malaysia, as a national body to monitor the country’s e-Security aspect. The entity was a spin-off from MIMOS and become a separate agency incorporated as a Company Limited-by-Guarantee under the supervision of the Ministry of Science, Technology and Innovation.

The Malaysian Government gazetted the role of CyberSecurity Malaysia by Order of the Ministers of Federal Government Vol.53, No.13, dated 22 June 2009 (revised and gazetted on 26 June 2013 [P.U. (A) 184] as an agency that provides specialised cyber security services and to continuously identifies possible areas that may be detrimental to national security and public safety.

3. Resources

i. MyCERT

MyCERT operates the Cyber999 Help Centre, providing emergency response to computer security and information breached related matters among which are cyber harassment, malware, intrusion and hack attempts.

26

BtCIRT personnel with MyCERT after completing

the internship Program on Incident Handling Training

ii. Digital Forensics

CyberSecurity Malaysia has strengthened the technology capabilities and resources which include offering full-fledged digital forensics investigations and examinations in the areas of audio and video forensics. With the aim of providing a clear understanding of the kind of services offered, the trademark "CyberCSI" was introduced to the stakeholders and to the public.

iii. The National Vulnerability Assessment Centre

The National Vulnerability Assessment Centre (MyVAC) aims to improve the security posture of the Critical National Information Infrastructure (CNII) through actual assessment or evaluation. This will improve the nation's ability in defending against cyber threats and exploitation due to information systems and technology vulnerabilities.

iv. Malaysian ICT Security Evaluation Facilities

The Malaysian ICT Security Evaluation Facilities (MySEF) provides expertise in security evaluation of ICT products and systems. CyberSecurity Malaysia MySEF offers the following evaluation services:

Common Criteria (CC) Evaluation Service;

ICT Product Security Assessment (IPSA) Service; and

Common Criteria Protection Profile (PP) Evaluation Service.

MySEF is an accredited laboratory under the Laboratory Scheme Accreditation of Malaysia which meets the requirements of MS ISO/IEC 17025.

v. Information Security Certification Body

The Information Security Certification Body (ISCB)

provides certification services based on international standards and guidelines. The certification services include:

Malaysian Common Criteria Evaluation & Certification (MyCC) Scheme.

CyberSecurity Malaysia Information Security Management System Audit and Certification (CSM27001) Scheme.

Malaysia Trustmark for Private Sector (MTPS).

vi. Malaysian Common Criteria Evaluation & Certification Scheme (MyCC)

The MyCC Scheme is a systematic process of evaluating and certifying the security functionality of ICT products against defined criteria or standards. The missions of the scheme are:

To increase Malaysia's competitiveness in quality assurance of information security based on the CC standard.

To build consumer's confidence towards Malaysian information security products.

vii. Security Management & Best Practises

The primary role of Security Management & Best Practices (SMBP) department is to drive information security management based on ISO/IEC 27001:2005 Information Security Management System (ISMS).

This includes planning, developing, implementing and monitoring the ISMS processes and Business Continuity Management (BCM).

viii. Industry Development

One of the Industry Development initiatives is producing a Cyber Security Industry Directory, which provides a comprehensive listing of the Malaysian companies that offer cyber security related products and services. The Cyber Security Industry Directory connects the ICT security industry players with the business entities and general public on matters related to cyber security.

Another initiative is organising the CyberSecurity Malaysia - Awards, Conference and Exhibition (CSM-ACE). CSM-ACE is an annual public-private- partnership event, and the only 3-in-1 cyber security event in the country that consists of an Awards ceremony, a Conference, and an Exhibition.

27

ix. Government & International Engagement

The strategic engagement with the Malaysian Government is aimed at identifying and driving various government collaborations, working relations and activities to advocate the cyber security agendas.

On cross border initiatives, CyberSecurity Malaysia is engaged in Multilateral Strategic Programmes.

The OIC-CERT Board Meeting convened on 6

November 2017

YABhg Tan Sri Chairman of CyberSecurity Malaysia moderated a

session during the OIC-CERT Annual Conference

CyberSecurity Malaysia is the co-founder of the Asia Pacific Computer Emergency Response Team (APCERT) and spearheads the formation of The Organisation of Islamic Cooperation - Computer Emergency Response Team (OIC-CERT). Presently CyberSecurity Malaysia is the Steering Committee Member and Deputy Chair of the APCERT and the Permanent Secretariat of the OIC- CERT.

APCERT Annual General Meeting on 13 November 2017

CyberSecurity Malaysia as converner of the

Malware Mitigation Working Group presented on the current development and future planning on

12 November 2017

x. Cyber Security Research

CyberSecurity Malaysia developed, coordinate and stimulate continuous research activities in cyber security to ensure compliance with all applicable laws and regulations.

xi. Cyber Security Professional Development

CyberSecurity Malaysia strives to nurture the information security workforce with the required knowledge and skills by providing information security competency and capability courses as well as internationally recognized certifications. As a body entrusted to ensure the security of Malaysia's cyber space, the expertise and services are widely needed to provide training and consultancy in developing CERTs, ISMS, BCM, Wireless Technology, Penetration Testing, SCADA, and Digital Forensics.

xii. MyCyberSecurity Clinic

MyCyberSecurity Clinic is a trustworthy and credible entity for secure data handling and recovery. The clinic, as the specialist for data recovery and sanitization, plays a central role in protecting data while provides an opportunity to safely reuse and recycle the replaced or discarded digital storage devices.

4. Constituency

CyberSecurity Malaysia’s constituency is the Malaysian Internet Users. Incidents within Malaysia that are reported either by the Malaysian public or international organizations will be resolved by assisting the complainants on technical matters. If the incident involves international connection, then CyberSecurity Malaysia will request trusted parties in that particular country or constituency to assist in resolving the security issues.

28

C. ACTIVITIES AND OPERATION

1. Events organized by the organization /

agency

CyberSecurity Malaysia actively participated in providing support in IT security events by attending various training, seminars / conferences and meetings. CyberSecurity Malaysia staffs contributed their competency to the following events:

i. Cyber Drills

As in the previous years, CyberSecurity Malaysia was immensely involved in co- organizing international cyber drills for the OIC-CERT. In 2017, the theme is “Encountering Cyber Terrorism & Human Trafficking”. The objective of this drill is to get a more realistic experience in anticipating and handling some incidents related crime activities such as human trafficking and cyber terrorism. Twenty two (22) teams from twenty (20) countries participated in the drill including from APCERT and FIRST members as follows:

OIC-CERT

BGD e-GOV CIRT Bangladesh BangladeshCERT Bangladesh bdCERT Bangladesh BruCERT Brunei CERT.GOV.AZ Azerbaijan CI-CERT Côte d'Ivoire CS2_CERT Nigeria Eg-CERT Egypt Id-SIRTII/CC Indonesia JOCERT Jordan maCERT Morocco MyCERT Malaysia OCERT Oman PISA-CERT Pakistan TunCERT Tunisia

APCERT

CERT-In India LaoCERT Laos Sri Lanka CERT/CC Sri Lanka ThaiCERT Thailand TWCERT/CC Taiwan TWNCERT Taiwan

FIRST

CERTSI Leon

Apart from the OICCERT Cyber Drill, CyberSecurity Malaysia also participated in two cross border

international Cyber Drills namely the APCERT Drill 2017 and ASEAN CERT Incident Drill (ACID).

ii. MTCP

The Malaysian Technical Cooperation Program (MTCP) was first formulated based on the belief that the development of a country depends on the quality of its human resources. Developing capabilities in cyber security area is essential for developing countries to ensure less dependency on foreign countries and at the same time nurture self-reliance to protect their digital citizens.

Highly interactive module with hands on

exercises

In relation to this, the training program is structured to provide cyber security trainings for the participants focusing on enhancing relevant cyber security skills and operational capabilities specifically in the area of Security Compliance, Incident Handling and Security Assessment.

The training program leveraged on state-of-the-art cyber security knowledge from domain experts and experience practitioners as well as through various collaborations with other subject matter experts. Participants were nurtured with practical capabilities and learning process that was structured to cultivate innovative mind sets.

Visit to an industrial player organization – Mega Fortris Plant

14 participants from the following OIC-CERT and ASEAN countries attended the training:

Azerbaijan 1 Brunei 2 Cambodia 2

29

Indonesia 2 Kazakhstan 1 Laos 1 Nigeria 1 Pakistan 1 Sudan 1 Vietnam 1

The participants after receiving their certificates

iii. Trainings

Several workshops or hands-on training were conducted by CyberSecurity in year 2017 which included:

Cyber Security Essential.

Google-Fu Power Search Technique.

Introduction to ISO/IEC 27001 - Information Security Management System (ISMS).

Cyber Terrorism Security Risk Management for C-Suite.

Malaysia Common Criteria (MyCC 2.0)- Foundation Evaluator Training.

ISMS (ISO/IEC 27001) Implementation.

Incident Handling and Network Security (IHNS).

Server and Desktop Security Assessment.

Digital Forensic for First Responder.

Security Posture Compliance, Assessment and Penetration Testing.

ISMS (ISO/IEC 27001) Internal Auditor.

PHP Secure Coding.

2. Events involvement

CyberSecurity Malaysia’s representatives had been invited to participate at various talks at international conferences and seminars. Some of the events are:

28 Feb 2017 ICT Practitioner Legal Issues and Professional Conduct organized by University Malaysia of

Computer Science & Engineering (UniMy) Malaysian National Computer Confederation (MNCC) in Putrajaya, Malaysia.

14-16 Mar 2017 Cyber Intelligence Asia 2017 organised by Intelligence-Sec in Kuala Lumpur, Malaysia.

20 Apr 2017 Computerworld Malaysia: Security Sum- mit 2017 organised by Executive Networks Media Pte Ltd in Kuala Lumpur, Malaysia.

12-21 Apr 2017 Internship Program on Incident Handling Training for Bhutan Computer Incident Response Team (BtCIRT) organized by CyberSecurity Malaysia in Kuala Lumpur, Malaysia.

15-18 May 2017 Cybersecurity, IT Assurance & Governance Conference 2017 organized by ISACA Malaysia Chapter in Kuala Lumpur, Malaysia.

18 May 2017 Cyber Resilience & Info Security (CRIS) Seminar organised by PEOPLElogy Development in Kuala Lumpur, Malaysia.

24-25 May 2017 1st Malaysian Quantum Information Era Strategic Hub Seminar (MyQUANTUM) SERIES organised by the Malaysian Society for Cryptology Research (MSCR) and CyberSecurity Malaysia in Putrajaya, Malaysia.

12-16 Jun 2017 CWorld Summit on the Information Security (WSIS) organised by the WSIS facilitators including ITU, UNESCO, UNCTAD and UNDP and hosted by ITU in Geneva, Switzerland.

4-7 Jul 2017 INTERPOL World 2017 organised by INTERPOL Suntec Singapore Convention & Exhibition Centre, Singapore.

7-8 Aug 2017 Cyber Security Asia 2017 organized by Thomvell International Sdn Bhd in Kuala Lumpur, Malaysia.

16 Aug 2017 Security Exchange 2017 organised by MSecurity Technology Sdn Bhd in Kuala Lumpur, Malaysia.

14-23 Aug 2017 The Malaysian Technical Cooperation Program (MTCP) organised by CyberSecurity Malaysia in Kuala Lumpur, Malaysia.

30

CybersecurityMalaysia won an award for the OIC-CERT Information Sharing Analysis of Malware Threats project

presented by the International Telecommunication Union (ITU) in conjunction with the World Summit on the

Information Society in Geneva

6-8 Sep 2017 IFSEC SOUTHEAST ASIA 2017 organised by United Business Media (M) Sdn Bhd in Kuala Lumpur, Malaysia.

28 Sep 2017 Cyber Resilience and Info Security organised by New Horizons Malaysia (supported by the PEOPLElogy Group) in Johor Bahru, Malaysia.

9-12 Oct 2017 Cyber Security Malaysia - Awards, Conference & Exhibition (CSM-ACE) 2017 organised by CyberSecurity Malaysia in Kuala Lumpur, Malaysia.

1 Nov 2017 Cryptocurrency & Blockchain Technology organised by Great Wall InfoSec Sdn Bhd in Kuala Lumpur, Malaysia.

1 Nov 2017 IT Security & Audit Policy Course organised by Great Wall InfoSec Sdn Bhd in Kuala Lumpur, Malaysia.

D. 2018 PLANNED ACTIVITIES

CSM-ACE 2018

Global ACE Scheme

Malware Research & Coordination Facility

National Cyber Drill (X-Maya)

FIRST 2018

E. MORE INFORMATION

CyberSecurity Malaysia welcomed reports on computer security related incident. Any computer related security incident can be reported to us at:

Telephone: (603) 89926888 Facsimile: (603) 89926841 Email: secretariat@oic-cert.org Website: www.cybersecurity.my

Cybersecurity Malaysia staffs during the Eid 2017 Office Celebration

31

OMAN Oman National Computer Emergency Response Team Full Member

A. HIGHLIGHTS OF 2017

1. Summary of Major Activities

Organized the sixth Annual Regional Cyber Security Summit 2017 which was held in Muscat, with the participation of 40 speakers and 350 delegates from the Arab region and globally.

Organized the Regional Cyber Drill ALERT Fifth edition for the Arab Region, with participations from 16 Arab countries in Doha, Qatar.

Organized National Cyber Drill, for the government and critical national infrastructure entities with 17 teams from 7 sectors including (34) organization.

Organized the National Cyber Security CTF Competition, with 25 participants from different educational institutes in Oman in total of 9 teams.

Delivered Technical scenario “Ransom ware” in FIRST-ITU Regional Symposium & Cyber Drill for Africa and Arab Regions that took place in Dar el salaam, Tanzania.

Regional Cyber Drill 2017, Qatar

2. Achievements

Oman ranked first in the Arab region in the ITU Global Cybersecurity Index (GCI) – and ranked

fourth at the global level.

OCERT signed the Protocol of Cooperation with the Commission on Science and Technology for Sustainable Development in the South (COMSATS).

Arab Regional Cyber Security Center (ARCC) operated by OCERT signed the Protocol of Cooperation with the Islamic University of Lebanon.

Oman’s Sultan Qaboos University Team ranked third on the regional CTF competition in Egypt.

B. ABOUT OCERT

1. Introduction

The Oman National Computer Emergency Readiness Team (OCERT) was established in 2010 to serve as a trusted focal point of contact on any ICT security incidents in the Sultanate of Oman focusing on cyber safety and security, capacity building and promoting cyber security awareness and to serve the public and private sector organizations, CNI as well as individuals.

2. Resources

Critical National Information Infrastructure Protection team;

Cyber Security Training and Awareness team;

Threat and Risk Management team;

Incident Response team;

Vulnerability Assessment and Penetration Test team;

Digital Forensics team;

Alliances and Cooperation team; and

ITU-Arab Regional Cyber Security Center team

32

3. Constituency

Public ICT users in Oman;

Government entities and Authorities;

Critical National Infrastructure sector; and

Private sector Organizations.

C. ACTIVITIES AND OPERATION

1. Events organized by the organization / agency

Organized the National Cyber Security CTF Competition;

National CTF competition, Oman

Conducted Computer Incident Response Team (CIRT) assessment for Yemen;

Conducted Web Security Attacks and Solutions training for Djibouti;

Cyber security training in Djibuti delivered by OCERT

experts

Conducted Vulnerability Assessment Penetration Testing Training for Djibouti;

Conducted ICS workshop for Oman Oil companies;

Chaired the Fourth Arab CERTs meeting in Doha, Qatar;

Chaired the fifth Arab CERTs meeting in Muscat, Oman;

Organized the Certified Secure Computer User

(CSCU) online training for Omani Cyber Security Ambassadors;

Conducted Cyber Security War workshop for Defense Team; and

Conducted EC-Council camp for both Technical & Management tracks workshop.

2. Events involvement

Hosted and co-organized ITU-T Study Group 17 the first meeting for the Arab Region (SG17RGARB) in cooperation with ITU.

ITU-T SG 17 Group Meeting

Hosted and co-organized the “Regional Workshop on Cyber Security of the Sustainable Energy Sector in the GCC workshop and meeting in cooperation with Chatham House.

Regional Cyber Security Summit 2017

Participated as supporting partner in the Arab Security Conference in Cairo, Egypt.

Participated in the OIC-CERT Annual Conference in Azerbaijan.

Participated as a partner in the "Carthage Cyber Arena" conference, which was held in Tunisia.

Participated and presented Oman experience in

33

the “Cybersecurity in the Arab region” conference organized by AICTO and ITU-Arab Regional Office, Egypt.

Cyber Security key note session at the National Cyber

Crime Conference

3. Achievement

i. Cyber Incident and Services Management

Discovered and handled 44,340 real cyber security attempted attacks and 19,320 web attacks. In addition, 626 malware infections through the OCERT Intelligence Gathering System resulted from the analysis of millions of attempted attacks against the Oman cyber space.

Successfully and comprehensively handled 2459 real cyber security incidents reported by government, CNIs and the public.

Published 309 Security Threat Notification and Alerts (TNAS) on cyber security threats to OCERT constituents.

In 2017, OCERT conducted 7 comprehensive Security Vulnerability Assessments, and Penetration Testing and Verification Tests for government organizations and CNII organizations.

Handled 172 digital forensics cases with 877 evidence devices including computers, mobile, phones, external hard disk and USBs resulted from cyber-crime cases in Oman.

ii. Cyber Security Professional Services

a. Unified Government Information Security Campaign “WAAY”:

Conducted 30 main awareness sessions to government entities, attended by 730 people.

Conducted 4 top management cyber security sessions.

44 cyber awareness sessions were conducted under the program of ITA Awareness sessions for ITA employees.

b. Child Online Protection (COP)

Organized and implement a Teacher Training Program in Muscat.

Presented a paper in a COP related event organized by private schools in Muscat.

Conducted 6 awareness sessions for parents in three different regions in the Sultanate.

Organized three days cyber citizenship program in ITA for schools.

Participated in a technical youth gathering event in Sultan Qaboos University.

Participated in a technical youth gathering event in Sultan Qaboos University.

Participated in a technical youth gathering event in Sultan Qaboos University.

Participated in ITA kids’ event for 3 days.

Part of Child Online Protection Awareness

Activity in primary school

Presented a Parental Control workshop during COMEX exhibition.

Participation of OCERT in COMEX exhibition in Oman

Conducted 12 sessions on Child Online Protection Awareness.

Organized the national edition of the International

34

Safer Internet Day.

Participated in a youth treasure hunt organized by and in Sultan Qaboos University.

c. Specialized Training

Conducted a five days web security attacks and solutions training attended by 18 participants.

Conducted a five days Penetration testing course attended by 17 participants.

PenTest Training for Government and CNII, Oman

Conducted a full week Information Systems Security Professional Program attended by 10 participants.

Conducted RedChungu training attended by 21 participants.

Conducted security policies course attended by 15 participants.

d. Cyber Security Ambassador Program

A team of OCERT Ambassadors has participated in the National Cyber Drill scenarios for the first

time.

Cybersecurity ambassadors have participated in a number of cyber security competitions organized by OCERT e.g., ‘Capture the Flag’ competition and ‘DiscoverMe’.

67 new cyber security ambassadors joined the OCERT Ambassadors Program totalling the cyber security ambassadors to 653.

Public 175 Academia 305 Professionals 171

D. 2018 PLANNED ACTIVITIES

Organizing a National Cyber Drill for the government and CII.

Organizing a Regional Cyber Drill ALERT for Arab region.

Organizing the Annual Regional Cyber Security Summit 2018.

Conducting the National Cyber Security CTF Competition.

Conducting top management and government cyber security awareness sessions.

Conducting cyber security professional and certified trainings.

Participating in the OIC CERT meetings and annual conferences.

Participating in the GCC-CERT meetings

PAKISTAN Pakistan Information Security Association General Member

A. HIGHLIGHTS OF 2017

1. Summary of Major Activities

Participate following activities:

22 March 2017 Participated in the APCERT Cyber Drill.

19 September 2017 Participated in the OIC-CERT Cyber Drill.

Organized five seminar / workshop.

Helped 170 cyber victims to recover their e-mail accounts and defaced sites.

35

2. Achievements

Pakistan Information Security Association – Computer Emergency Response Team (PISA-CERT) is attracting relevant public / private sector organizations to provide necessary support in cyber related issues. There is a need to bridge gaps between the Government, private sector stake holders and international initiatives. PISA-CERT is very successfully in filling these gaps in Pakistan.

B. ABOUT PISA CERT

1. Introduction

The Information Security Association Pakistan (PISA) is a not-for-profit organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.

The primary goal of the PISA is to promote management practices that will ensure the confidentiality, integrity, and availability of information resources. The PISA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved.

PISA is dedicated to providing the following services

to the information security community:

Promote the education and expand the knowledge and skills of its members in the interrelated fields of information systems security and information data processing.

Encourage a free exchange of information security techniques, approaches, and problem solving by its members.

Provide communication to keep members abreast of current events in information processing and security, providing benefits to them and their employers.

2. Establishment

PISA-CERT was established in 2005.

3. Resources

Digital Forensic

Cyber Security

Penetration Testing

Incident Handling

4. . Constituency

Pakistan

C. ACTIVITIES AND OPERATION

1. Events organized by the organization / agency

Awareness Workshops and Seminars

Capacity building for university students in understanding the cyber crimes

36

2. Events involvement

PISA always take the lead role in these events. Having dedicated volunteer teams. PISA teams are always engaged in such activities.

APCERT Cyber Drill 2017

OIC-CERT Cyber Drill 2017

3. Achievement

PISA-CERT is getting active engagement in all cyber related engagements in the public- private sector organizations.

D. 2018 PLANNED ACTIVITIES

Taking part in international cyber drills.

The OIC-CERT Cyber Drill.

Planned in-house cyber drills for banks / government organizations in Pakistan.

Seminars / Workshops.

Cyber Secure Pakistan Main Events.

Cyber Security for Women (Trainings)

TUNISIA Tunisian Computer Emergency Response Team Full Member

A. HIGHLIGHTS OF 2017

1. Summary of Major Activities

Improving Saher list of indicators according to international standards.

The follow-up of companies with critical information infrastructure.

Sectorial CERTs: The creation of a nucleus of a sectoral CERT.

The preparation of a joint project document between TunCERT and the Center for Studies and Research for Telecommunications. The project is to develop common mechanisms that would limit the supply of equipment that has implemented the end of life and end of sale dates. This is in addition to the establishment of a special

security mechanism, which must be updated in order to further enhance cyberspace immunity from certain attacks that may threaten either the privacy of the user and / or the continuity of communication services (eg web-based surveillance cameras).

2. Achievements

All activities are running.

B. ABOUT TunCERT

1. Introduction

The N.A.C.S (TunCERT) carries out general supervision over computer systems and networks appropriate to the diversified public and private

37

organisms.

2. Establishment

Law N°5 of February 3rd, 2004, relating to computer security and relating to the organization of the field of computer security and laying down the general rules for the protection of computer systems and networks.

3. Resources

74 employees

4. Constituency

National: private and public

C. ACTIVITIES AND OPERATION

1. Events organized by the organization / agency

National cyber drill

Sectorial cyber drill: financial sector

Sectorial Cyber Drill

2. Events involvement

Participate in the OIC-CERT Drill 2017.

Participation in WSIS in Geneva.

Contract of programme of cooperation with the Agence Nationale de la Sécurité des Systèmes d’information (ANSSI) France.

3. Achievement

TunCERT was designated to be assistant reporter in the Arab committee of studies during WSIS in Geneva.

D. 2018 PLANNED ACTIVITIES

The board of directors is discussing the 2018 planned activities.

YEMEN Smart Security Solutions Professional Member

A. HIGHLIGHTS OF 2017

1. Summary of Major Activities

Malware Incident Investigations

Research in LTE Security and Privacy

Research in Android Security

Teaching Information Security related subjects

Supervising number of Information Security projects

2. Achievements

A data encrypted by a ransom virus with extension “.happydayz” has been analysed and

38

decrypted.

Development of an anti-ransomware tool.

Published a paper in LTE Security in International Journal of Computer Networks and Information Security titled “Analysis of User Identity Privacy in LTE and Proposed Solution”at www.mecs-press.org/ ijcnis/ijcnis-v9- n1/IJCNIS-V9-N1-7.pdf

Number of Master Students at OUM ”Open University Malaysia” under my supervision have submitted their research projects in information security to the university and have been accepted.

B. ABOUT SMARTSEC

1. Introduction

Smart Security Solutions Company (SMARTSEC) is the first company in Yemen for providing information security training, consultancy, and information security research.

2. Establishment

SMARTSEC was established on October 2010 by Dr.Abdulraman Muthana and a group of information security professionals.

3. Resources

SMARTSEC includes a number of information security professionals and researchers. The company has 2 training labs equipped with all facilities in addition to a research lab.

4. Constituency

The information security fields.

C. ACTIVITIES AND OPERATION

1. Events organized by the organization / agency

Information Security Training

Information Security Awareness Programs

Information Security Consultancy

2. Events involvement

Information Security Training

Information Security Awareness Programs

3. Achievement

Training of number of information security courses

A number of information security awareness programs

Malware Investigation Reports

D. 2018 PLANNED ACTIVITIES

Development of a more robust anti ransomware tool.