State of RP Cyber Security

(1)

1

State of RP Cyber Security

Office of the

President

of the Philippines

Malacanang

4

th

ARF Seminar on Cyber Terrorism

Busan, South Korea

(2)

Backgrounder

DEMOGRAPHIC INFORMATION

•

Size:

300,000 sq km

land:

298,170 sq km

water:

1,830 sq km

•

7,100 islands

•

82 million population

•

13 international gateways

(airports)

•

30 major seaports

•

Democratic Form of

Government

Ø

16 Regions

Ø

110 provinces

Ø

60 cities

(3)

3

State of RP Cyber Security

n

Republic of the Philippines: An Overview

n

Status of the RP Internet and Cyber

Incidents

n

Internet Threat Reports on RP

n

Assessment of RP Cyber Defense

n

The Role of Cyber Security Coordinator

n

(4)

Gubat Bariw R.S. San Juan R.S. Naga City Villazar R.S. Bagakay R.S. Sta. Maria Riz al Mayabobo Balagta s Alagao Cabanatuan Kita -Kita R.S.

Dalton Pass R.S Cuyapo R.S. Binalona n Mt. Sto Thomas San Fernando R.S. Bayongbon g Buaya R.S. Santiag o San Mateo Laga n Roma R.S. Tuguegara o Nasiping R.S. Apar ri Ballester os Sanches Mira Pata R.S. Sapat R.S. Paoa R.S. Sinat R.S. Mt. Caniaw R.S. Mt. Pila R.S. Bontoc R.S. Sagada R.S. Mt. Data R.S. Mt. Kawal R.S. Don Mariano R.S. Mt. Sair R.S. Tuban R.S. Mamburao Mt. Makurukuru Panamalaya n L.Naujan R.S. Calapan Mt. Banoy Leme r Catarman L.E. Lipata RS Palason RS Macagtas RS Adga RS Calbayog Catbalogan Borongan L.E. Borongan Passive RS Canceledes RS Naparaan RS Tacloba n San Roque Tulibao R.S. Ormoc Toll Ctr Maasin RS Buscayan RS Camanggay RS Cebu Toll Ctr. Balisong RS Mt. Canlandog RS Jordan L.E. San Miguel Iloilo Toll Cntr. San Jose LE Panulian RS Caniapasan Supo RS Kalibo LE Ibajay LE Surigao LE Surigao Hill RS Salvacion RSSantiago RS Butuan LE Mt. Mayapay New Leyte RS San Andres RS San Vicente RS Asuncion LE Tubura n Nabunturan LE Tagum LE Matina RS Davao City LE Digos Hill Malabakid RS Polonoling Koronada l Tacurong LE Isulan LE Datu Pian RS Cotobato LE Pikit LE Kabakalan LE Carmen RS Pinisikan RS Maramag LE Marawi LE Manticao RS Ilagan LE Jimenez RS Ozamis RS Palpalan RS Musuan Peak Mapayapang RS Guihian RS Cagayan De Oro Mambayan RS Sugbongkogon RS Tibon-tibon RS Medina Gingoog LE Sipaca Pt. PHILIPPINE BACKBONE NETWORK Legend Microwave Fiber Optic TELOF PLDT Bayantel Globe PT&T Digitel Gubat Bariw R.S. San Juan R.S. Naga City Villazar R.S. Bagakay R.S. Sta. Maria Riz al Mayabobo Balagta s Alagao Cabanatuan Kita -Kita R.S.

Dalton Pass R.S Cuyapo R.S. Binalona n Mt. Sto Thomas San Fernando R.S. Bayongbon g Buaya R.S. Santiag o San Mateo Laga n Roma R.S. Tuguegara o Nasiping R.S. Apar ri Ballester os Sanches Mira Pata R.S. Sapat R.S. Paoa R.S. Sinat R.S. Mt. Caniaw R.S. Mt. Pila R.S. Bontoc R.S. Sagada R.S. Mt. Data R.S. Mt. Kawal R.S. Don Mariano R.S. Mt. Sair R.S. Tuban R.S. Mambura o Mt. Makurukuru Panamalaya n L.Naujan R.S. Calapan Mt. Banoy Leme r

Philippine IT Infrastructure per Sector

2005 Computer World Survey

Banking 46% Agriculture, Fishery and Forestry 2% Wholesale and Retail Trade 6% Transportation and Storage 2% Real Estate 0% Manufacturing 26% Insurance 3% Financial Intermediaries 2% Communications 2%

Construction Community, Personal Electricity, Gas, and

Water

RP Dependency on ICT

Backgrounder

(5)

5

5 n

n

Number of ISPs are continuously increasing.

n

Status of Internet Service Providers (ISPs) and Internet

Exchanges (

IXs

) in 2004

n

Philippine Internet Exchange

(PHIX)

n

Common Routing Exchange

(CORE)

n

Manila Internet Exchange (MIX)

n

Globe Internet Exchange (GIX)

Major

IXs

n

Infocom

Technologies (PLDT)

n

MosCom

n

CBCPNet

n

Gnet

(Globe Telecom)

n

Pacific Internet

Major

ISPs

177

# of ISPs

Status

<Source: Paul Budde, 2006>

64 93 121 144 177

2001 2002 2003 2004

2005

NTC-Registered ISPs

Source: National Telecommunications Commission

Status of the Internet

(6)

n

The number of Internet users and subscribers increases

continuously

n

Average increment of 200,000~300,000 subscribers per year

0

1000000

2000000

3000000

4000000

5000000

6000000

1996

1998

2000

2002

2004

Users

Subscribers

(7)

7

n

The number of host PCs increases

n

The number of cyber incidents is proportional to the number of

Internet subscribers, users, and host PCs

<Source: Paul Budde, 2006>

0

10000

20000

30000

40000

50000

60000

70000

1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

Number of Host PCs

(8)

n

Number of Internet subscribers is much larger than number of bro

adband

subscribers

•

PCs for public use are prevalent, while the portion of individua

l PCs is relatively small

•

Public PCs are used as attack source, since it is hard to track

and guarantees

anonymity

(9)

9

n

Status of Philippine online game market (USD)

n

Continuous expansion of online game market

•

Possibility of cyber incidents (Online game cheating, identity t

heft, item

trading, etc.) is increasing

<Source: Korea Game Development Promotion and Institute, 2005>

Market size

Growth rate

Status of the Internet

(10)

n

US FBI recently estimated that the

“

LOVEBUG

”

, made by a

Philippine student in 2000, has caused a worldwide damage of

approximately US$ 12Billion.

n

NBI handled 30 various cyber crime cases as of 2005

Status of Cyber Incidents

NBI CYBERCRIMES STATISTICS

JAN

JAN --DEC 2005DEC 2005

TYPE OF CASE

NO. OF CASES

1. Computer Fraud

8

2. Internet Pornography

3

3. Hacking

5

4. Computer E-mails

10

5. Violation of the E-Commerce Law

4

6. Verification

0

(11)

11

n

In 2006, PNP monitored 446 defaced government websites

mostly owned by local governments

2003 2004 2005 2006 2007 National Govt Local Gov't 11 8 28 390 23 33 21 45 56 11 0 50 100 150 200 250 300 350 400

Defaced Government Websites, 2003 -2007 Source : 2007 PNP-CIDG Re port

National Govt 33 21 45 56 11

Local Gov't 11 8 28 390 23

2003 2004 2005 2006 2007

*

* January to June data only

Status of Cyber Incidents

(12)

n

Data from Philippine

Honeynet

(

www.philippinehoneynet.org

)

US and China are the major attack

sources.

More than 700 events occur by day

when cyber attacks are fierce.

Status of Cyber Incidents

(13)

13

§

Threats to nation’s critical infrastructures

(14)

Nueva Ecija - 2 cell sites Bulacan – 1 cell site

Sorsogon – 3 cell sites Bataan – 1 cell site

Tarlac – 1 cell site

Masbate – 1 cell site

Palawan – 1 cell site

Oriental Mindoro – 2 cell sites

Camarines Sur – 3 cell sites

Compostela Valley – 1 cell site Bohol – 1 cell site

Davao Oriental – 1 cell site

Davao del Norte – 1 cell site

Status of Cyber Incidents

(15)

15

Basilan – 1 cell site

Masbate – 2 cell sites Camarines Sur – 3 cell sites

Surigao del Sur – 1 cell site Bukidnon – 1 cell site

Sorsogon – 1 cell site

Status of Cyber Incidents

(16)

Case Study:

Oplan

Bojinka

n

Oplan

Bojinka

was a 1995 plan by Al

-

Qaeda to

simultaneously destroy 11 passenger aircraft

over the Pacific Ocean.

n

Reports indicate that

Oplan

Bojinka

is the earlier

version of 9/11 plot.

n

If the operation had been successful, Al

-

Qaeda

would have murdered thousands of airline

passengers.

(17)

17

17 n

n

The plot was discovered after

a fire broke out in the

Philippines apartment of

Ramzi

Yousef

, a Kuwaiti of

Pakistani extraction and

member of Al

-

Qaeda.

n

Yousef

was involved in the

first World Trade Center

bombing in 1993.

Status of Cyber Incidents

Case Study:

(18)

n

Philippines police found

bomb making material and

a laptop computer in his

apartment.

n

The laptop computer

contained encrypted

messages that could not

be read by the police or

intelligence officials.

Case Study:

(19)

19

n

Extensive analysis of the computer by law

enforcement and intelligence officials eventually

broke the encryption on the messages.

n

The unencrypted messages detailed

Yousef

’

s

plans to destroy the airliners and messages to his

fellow co

-

conspirators.

n

Ramzi

Yousef

was sentenced to 240 years in

prison in the United States.

Case Study:

(20)

n

Plotters of the

Oplan

Bojinka

used the Philippines as a

“

launching pad

”

for terrorist

acts by providing training

bomb making and logistical

support the violent local

terrorist group, Abu

Sayyaf

(ASO).

n

In April 2000, the ASO

demanded the release of

Yousef

from jail in the United

States.

Case Study:

(21)

21

Lessons Learned

n

Computer forensics was critical to this

investigation.

n

The computer investigation allowed Philippine

officials to analyze and decrypt the messages on

the laptop.

n

The information acquired was important in

thwarting a deadly terrorist attack.

Status of Cyber Incidents

Case Study:

(22)

Conclusion

n

The use of the Internet by terrorist organizations

will increase as these groups acquire the skills to

conduct offensive operations.

n

The interdependence of the critical infrastructure

used by nation

-

states will allow terrorist groups

these facilities with deadly results.

Status of Cyber Incidents

Case Study:

(23)

23

PH

PH-

-

CERT

n

The first CERT in the Philippines

n

Localized assistance

n

Funding from membership fees and sponsorships

n

No permanent staff

–

purely voluntary

n

Provides

•

Email and phone based technical assistance (No on

-

site

services)

•

Coordination with law enforcement agencies

•

Technical training

n

However, the operation of PH

-

CERT encountered difficulty due to

lack of financial support and human resources

Assessment:

(24)

National Bureau of Investigation

National Bureau of Investigation -

-Anti Fraud and Cyber Crime Division

Anti Fraud and Cyber Crime Division

§

Feb 1997: NBI

-

AFCCD created, through an Administrative Order, in

order to address all computer related crimes and other offenses

using technology

§

Supported by the US

-

FBI to set up it Forensic Laboratory

§

The NBI

-

AFCCD needs legislation in order to empower it,

organizationally and financially, and make it effective in respo

nding

to cyber crime incidents

Assessment:

(25)

25

NBI Anti

NBI Anti-

-Fraud and Computer Crimes

Fraud and Computer Crimes

Division

Assessment:

(26)

PNP

-

CIDG

(Government Computer Security Incident Response Team)

n

GCSIRT was created through TFSCI

n

To suppress, detect and investigate computer network

intrusions and other related internet or computer crimes

n

Projected capability: digital analysis, log file analysis,

forensic media analysis, etc.

n

Issues: lack of specific legislation, overlapping roles of IT

government bodies, lack of proper training of law

enforcers, public awareness, etc.

Assessment:

(27)

27

The Philippine Honeynet Project

n

It is a non-

It is a non

-

profit, all

volunteer group

dedicated to honeynet

and security research.

n

It is a part of a larger

global security

initiative called the

Honeynet Research

Alliance.

Assessment:

(28)

Honeynet

’

s

Infrastructure

Assessment:

Organization for RP Cyber Defense

Study hackers tools and

techniques to be able to use it

against them by:

•

Capturing new and existing

attacks for research and

analysis

•

Profiling hackers / attacker

behavior

•

Analyzing attack trends and

statistics

•

Analyzing malware and

hacker tools

•

Publishing security research

papers

•

Coordinating with other

security research

organizations

•

Sending out security

advisories

•

(29)

29

Assessment:

(30)

Other Organizations

n

ISSSP (Information Systems Security Specialists of

the Philippines)

•

involved in the effort of creating awareness and raising the lev

el of

information security practice

•

security management in the Philippines

n

PH

-

CISSP (Philippine Certified Information Systems

Security Professionals)

•

CISSP certified Filipinos with security professional work experi

ence

n

ISACA (Information Systems and Audit and Control)

•

Manila Chapter sponsors local educational seminars and workshops

,

engages in IT research projects, conducts regular chapter meetin

gs, and

helps to further promote and elevate the visibility of the IS au

dit, control

and security professional.

Assessment:

(31)

31

n

Status of

CERTs

in the Philippines

•

Lack of human resource and systems to address cyber

emergencies.

n

Korea: More than 80 major

CERTs

•

CONCERT: Consortium of

CERTs

in Korea

(http://

concert.or.kr

)

•

Requires national management to encourage

development of

CERTs

and production of critical mass

of cyber security professionals.

Assessment:

(32)

n

e-

e

-

Commerce law

•

RA 8792 Philippine E-

RA 8792 Philippine E

-Commerce Law

Commerce Law

-

not particular

about emergency readiness but it does set the legal

framework for recognition of electronic documents and

transactions.

n

Hacking and cracking

n

Piracy or the unauthorized copying

n

Violations of the Consumer Act or Republic Act (No. 7394)

•

Bangko

Sentral

ng

Pilipinas, BSP (Central Bank of the

Pilipinas

, BSP (Central Bank of the

Philippines) Circulars

that apply to banks and financial

institutions that dictate:

n

Financial systems stability and service levels

n

Connectivity security and redundancy requirements

n

Presence of disaster recovery site and systems

Assessment:

(33)

33

33 n

n

Pending laws including provisions for cyber security and ICT

readiness

n

HB 1246 Anti

-

Cyber Crime Act of 2001

n

HB 2251 Convergence Policy Act of the Philippines of 2004

n

SB 428

The Anti

-

Telecommunications Fraud Act of 2004

n

SB 2073 Data Protection Act of 2005

n

HB 3777

Cybercrime

Prevention Act of 2005

n

A new Cyber

-

Crime Prevention bill is being prepared by an

Inter

-

Agency Cyber Law group for submission to the 14

thth

Congress

Assessment:

(34)

q

Learning from the 2

nd

ARF

Seminar on Cyber Terrorism:

Our country needs a Focal Point

þ

to comprehensively

address the task of

coordinating domestic

and foreign

cyber-terrorism

countermeasures

þ

to spearhead

public-private sector

partnership in protecting

our critical cyber

infrastructures

Role of the Cyber Security Coordinator

(35)

35

q

Task of the National

Cybersecurity Coordinator:

Note

þ

Deal with all domestic

and transnational

programs

þ

Oversee and provide

direction to

government

countermeasures

þ

Coordinate operational

responsibilities

(36)

q

Task of the National

Cybersecurity Coordinator:

þ

Integrate public and

private efforts

þ

Organize and provide

leadership to various

CERTs

þ

Enhance national

cybersecurity capability

þ

Spearhead collaboration

with international

organizations

Cyberspace Security Coordination Process

National Coordinator for Cyber Security

Risk Assessment Incident Response Laws & Policy Technical Training Awareness/ Advocacy

PRIVATE/PUBLIC CRITICAL INFORMATION INFRASTRUCTURE OPERATING UNITS TRIP CAMPAIGN AND ADVOCACY PROGRAMS CONSEQUENCE MANAGEMENT ASSISTANCE

INCIDENT POLICIES TRAINING COURSES 3RD PARTY ASSES SORS AUDIT JOB AUDIT REPORT INCIDENT REPORTS PERIODIC RISK AND VULNERABILITY REPORTS INVENTORY OF ASSETS INCIDENT REPORTS INCIDENT REPORTS INCIDENT REPORTS RISK AND VULNERABILITY REPORTS INCIDENT REPORTS POLICIES POLICIES TRAINING COURSES REPORT ON TRIP PROGRAMS LIST OF TRAINING COURSES POLICIES TRAINING COURSES TRAINING COURSES

Role of the Cyber Security Coordinator

(37)

37

Make a TFT (Task Force Team) for establishment of N-CERT

Second Step

Build -up Computer emergency Response system Make a complete goal for N-CERT

Establish official N-CERT organization Set-up the related Law and

system

First step

Technical Support Increase ability of Analyzing and responding to computer emergencies

Domestic and International Cooperation Make a National Cyber Security Framework

Identify vulnerabilities and monitor responses to computer incidents

Manage Information Security Education program

Third step

-Establish organization and it’s function -Define the role of existing organizations -Define the coverage of N-CERT -gathering information on current Computer threats and vulnerabilities

-Analysis and response to security incidents - supporting and consulting for Security technology

(receive /cope with security incidents)

-As a Nation POC for computer incidents responses

-Establish cooperation system with related organizations

- Establish cooperation system with private CERTs

-Collect information by using Honeynet

-Collect information bye the local/domestic sensor -Detect infection of Malicious Code

-Detect a hacked homepage

- Fundamental course for information security administrator

- Advanced course for information security administrator

- Course for Establishment of CERT and Operation

RP Cyber Security Roadmap

(38)

IMPLEMENTING AGENCIES

Military

RP Cyber Security Roadmap

(39)

39

n

Office of the National Cyber Security Coordinator is the point o

f contact

(

PoC

) in nation and provides support to decrease occurrence of inci

dents

in local systems

Point of contact in nation

Technical support to cyber incident in nation

Publication of information about prevention, detection, and recovery of vulnerabilities

Construction of system to analyze and respond the cyber incidents

Detecting and patching Vulnerabilities The incident response in internal system and network

The point of contact in the organization

Service protection according to the policy of the organization

National Coordinator

Internal CERT

Training of security specialists and distribution of security guidelines

Analysis of internal cyber incidents and operation of the response system

Role of the Cyber Security Coordinator

(40)

Thank you

UNDERSECRETARY VIRTUS V. GIL

National Coordinator for Cyber Security

Office of the President, Republic of the Philippines

Telephone numbers: +632 736-1364/72/78 Facsimile number: +632 736-1351

on www.pdffactory.com

(