Embed Size (px)
Citation preview
【內部使用】
Cyber Security Overview of Taiwan
Jan-Ming HoConsultant to the Executive Yuan (Cabinet)
Taiwan
Information provided by NCCST, III and TIER
2
Defense-in-Depth Deployment Towards Government-wide Situation Awareness
● Build government-wide situation awareness of cyber security● Promote Public-private-partnership for better decision making
External Threat
ExistingVulnerabilit
y
Regulation Compliance
IncidentHandling
1st TierMSSP
2nd TierG -SOC
3rd TierNICST
Actionable Intelligence
Government-Wide Situation Awareness
National-Level Decision Making Support
Co-defense Detection Rule
Trend Statistics Classification Data Modeling Prediction
MonitoringData
3
EarlyWarning
EarlyWarning
A Hierarchical Organization
NationalCERT
NationalISAC
NationalSOC
Domain CERT
DomainISAC
Domain SOC
CSIRT A
Enterprise A
CSIRT B
Enterprise B
CSIRT CSOC C
Enterprise CMSSP
Early warning
Aide/Assistant
持續監控
Domain Situation Awareness
Situation Awareness at National Level
M
ContinuousMonitoring
EventNotification
EventNotification
ContinuousMonitoring
ContinuousMonitoring
4
Cabinet Level Taskforce
National Information and Communication Security TaskforceConvener: Vice Premier
Deputy Convener: Minister Without Portfolio Minister of Ministry of Science and Technology
Co-Deputy-Convener: Senior Advisor to the President
Standard and Norm WGMinistry of Economic Affairs
Education and HR WGMinistry of Education
Audit WGMinistry of Science and
Technology
Government Info & Communication Security WG
Ministry of Science and Technology
Cyberspace Protection SystemMinistry of Science and
Technology
Personal Info. Protection & Legal System WG
Ministry of Justice
Cybercrime Prevention WGMinistry of Interior
Cyber Environment Security WGNational Communication
Commission
National Center for Cyber Security
Technology
Sub Working GroupNational Defense(Ministry of National Defense)e-Government(National Development Council)Telecom(National Communication Commission)Transportation(Ministry of Transportation)Finance(Ministry of Finance)Banking(Financial Supervisory Commission)Healthcare(Ministry of Health and Welfare )
Cybercrime Investigative
SystemMinistry of JusticeMinistry of Interior
NICST SecretariatOffice of Information and
Communication Security, EY
CIP SystemOffice of
Homeland Security, EY
Other System
Effected 2016/01/20
5
Threat Intelligence, Analysis and Sharing
5
Botnet
APT
Malware
SPAM
Threat Precursor A
nalysis
Threat Intelligence Generation
Information S
haring
Gov. Agencies3,039 Agencies
CIIP AuthoritiesTelecom (NCC)/Banking(FSC)Utilities & e-Commerce(MOEA)
Internet Service ProviderGov.(GSN) /Academic(TANET) /All private ISPs
MSSPChunghwa Telecom/AcerTradeVAN/ISSDU, etc
International CooperationFIRST/APCERT/US-CERTCERT-EU…etc
HoneyBEAR
HoneyNET
Botnet Tracer
G-ISAC Government Information Sharing and Analysis Center
G-SOC
LegendHoneyBEAR: Behavior-based Email Anomaly ReconnaissanceNCC : National Communication CommissionFSC : Financial Supervisory CommissionMOEA : Ministry of Economic AffairsGSN : Government Service NetworkMSSP: Managed Security Service ProviderFIRST: Forum for Incident Response and Security Teams
IndicatorsOf
Compromise
6
Law and Regulation in progress,
Focusing on CIIPICT Security
Management Act and Enforcement Rules
CIIP Steering Group
G-ISMS
CI Sector Specific Guidelines
Common BaselineOf CIIP
Utility
Water
Transportation
High TechParks
Banking& Finance
Comm. &Broadcasting
Medical
CI Cyber Security Committees
Law Supervise
Help define
Provide References Provide references
Define
CI Cyber Security Promotion Mechanisms
Define
CI Sectors
Join
Execution
Government ISMS Framework
• CIIP Steering Group is formed by NICST and MOST• CI Cyber Security Committees is led by competent authority of that CI sector
Government
7
PPP in Taiwan
Institutions
Gov
GSN Op Team/ CEPD (2010/1)MOI (2011/8)DOJ (2012/3)
ISAC
G-ISAC (2009/11)NCC-ISAC (2010/2)TWNIC (2010/2)A-ISAC (2010/4)F-ISAC (2017/4)
CERT
EC-CERT (2011/1)TWCERT/CC (2015/1)TWCSIRT (2016/1)
Gen
IS Ind
Trend Micro (2013/8)FORTINET (2014/9)
ISSDU ( 2010/10)CHT (2010/11)ACER (2010/11)TRADEVAN (2010/11)AKER (2011/11)
2011/1/1 ~ 2016/6/30
100 101 102 103 104 105 (Q2)0
20000
40000
60000
80000
100000
120000
140000
160000
60,980
135,527
84,210
107,405
76,757
33,374
79,260
144,079
90,311
112,516
84,027
36,749
ANAEWAINTDEFFBITotal
Info Sharing
2011 2012 2013 2014 2015 2016
Regional Collaborations
● APEC as the major platform–APCERT (Asia Pacific Computer Emergency Response Team)
–APWG (Anti-Phishing Working Group)–AVAR (Association of anti-Virus Asia Researchers)
–FIRST (Forum of Incident Response and Security Teams)
● Regular interaction with other countries–G-ISAC–TWCERT –JPCERT/CC, MyCERT KrCERT/CC
CYBERSECURITY ECONOMY IN TAIWAN
Total % of IS Events Virus Data
TheftMalicious
Ware DDOS Hack/Deface
EquipDamage
Subtotal 22.26% 52.77% 5.58% 32.11% 15.34% 10.52% 7.85%Industry 12.20% 66.90% 20.50% 41.70% 22.80% 17.30% 17.30%Gov Inst 21.97% 41.12% 0.93% 13.40% 3.12% 9.66% 8.41%Schools 32.70% 58.50% 4.40% 46.20% 24.10% 8.80% 3.80%
Information Security Threats
11
Network Attacks on IoT and ICS
● Industrial control systems and IoT has become the target of network attack
● Honeynet deployed by NCCST– 28M events detected and 50K malware per year in the
last 3 years, mainly from US, Russia, and China– 180M events detected in 2016 and 110K malware– Brute-force attack targeted at IoT devices has been
increasing dramatically
12
Online Threats of Botnets
● 2015/10 – 2016/5, NCCST analyzed and identified 40,249 IoT/ICS being hacked – A botnet distributed across 154 countries– Informed 18 national CERTs– More than 6,000 machines, total value US$4M– 5G devices, heat pump controller, smart meters, IPC,
DVR, Web Camera, Router, Wi-Fi Aps and Set-Top Box, etc– 160 companies including 10 in Taiwan
5G telco devices Industrial process controller
Smart metersHeat pumpcontroller
Taiwan IS Industry Value Chain in 2013
13
Data CenterService Provider
New App. (device, forensic, vehicular)
Dealer
.5B
Digital Forensic Product Makers
Encryption, AIO, content, threat, system, ID management
.13B
Import
Logististic
.013B
EG
IS Insurance
EG
Personal Users
Wholesale
.017B
IS Service ProvidersSI, Consultant, Training,
Digital Forensic, etc.
.163BSI
Enterprise and Government
TelcoCHT, TWM,
FETNET, etc.
OutsourcingAcer, CHT, Tradevan,
ISSDU, etc.
Sales Agencies .82B
2014 2015 2016 (e) 2017 (f) 2018 (f)0
50100150200250300350400450500
0%
2%
4%
6%
8%
10%
12%
14%
IS Market in TaiwanCAGR: 10.7%
Market Size
Growth Rate
1.04B 1.18B 1.31B 1.44B 1.18B
Examples of IS Companies
● Amorize–Scanning open source vulnerability–Proofpoint in 2013
● Xecure Lab–Detecting and defending APT–Verint in 2014
● Broadweb– IPS ( Intrusion Prevention ) and DPI ( Deep Packet Inspection )
–Trend Micro in
Taiwan IS Industry● Encryption and Digital Forensic
– NST, WatchSoft, Sinpao, ISSDU, iForensic, etc● Identity and Access Control
– Ecomuniversal, ARES, ChangingTec Foongtong, NST, Esecure, NewImage, etc.
● Cloud Securtiy– T Cloud Computing ( TrendMicro) , Abocom, Hgiga, etc.
● Total solutions– Zyxel, BroadWeb (TrendMicro), Abocom, HGiga, Sinpao, Axtronics, etc.
● System Integrator– ACER, Stark Tech Inc, Bestcom, SYSCOM, Zero One Tech, SYSAGE,
Ringline, ARES, Fortune, CGS, Tradevan, etc.● Outsourcing
– CHT, ACER, SYSCOM, Trend Micro, etc● Insurance
– Fubon, FIRST Bank, AIG, etc
![Hsin Hsin Ming[1]](https://img.pdfslide.tips/doc/110x75/55cf9a0d550346d033a04059/hsin-hsin-ming1.jpg)
