“cybersecurity in bhutan” - nog... phone: +975-02-338606 general email: [email protected] incident...
TRANSCRIPT
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Sonam Choki
Sr. ICT Officer
Bhutan Computer Incident Response Team (BtCIRT)
“Cybersecurity in Bhutan”
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Overview
• Background on Bhutan Computer Incident Response Team(BtCIRT)
• National Cybersecurity Initiatives• BtCIRT services• Incident Handling Statistics• Common real incidents• General Observations • Recommendations
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Background on Bhutan CIRT(BtCIRT)
• Started Operation in April 2016.• Mandate:
• Serve as a trusted and central coordination point of contact at national level• At Government and National level
16
Coordinate informationRespond/Manage cyber threatEnhance Cyber security
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
National Cybersecurity Initiatives
❏ Various Network and Information Security, Cyber drills, Incident Handling trainings and workshops conducted for ICT professionals in the government and corporate sectors.
❏ Security Assessment in 3 Dzongkhag Thromdes and clusters
❏ Joined APNIC community honeypot
❏ Draft Bhutan Cybersecurity Strategy❏ Stakeholder consultations on drafting the strategy has been complete❏ Presentation of Draft Bhutan Cybersecurity Strategy 2018 to the MoIC
completed
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
National Cybersecurity Initiatives
● Cyber simulation exercises conducted for Ministers, CEOs and heads of Critical Sectors and organisations
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
BtCIRT services
❏ Incident handling❏ Security Advisory/Alert/News via website, Facebook,
email❏ Proactive monitoring for threats and vulnerabilities
(GDC)❏ After breach support ❏ Security Assessment as per agency request
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Incident Handling Status: Major types of incidents
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Incident Handling:Yearly statistics
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
GDC monitoring: Intrusion attempts and system compromises
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
GDC monitoring: Intrusion attempts and system compromises
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
GDC monitoring: Intrusion attempts and system compromises
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Common Real Incidents 1. Vulnerabilities 2. Website defacements
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Common Real Incidents handled3. Phishing:
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Common Real Incidents 4. Ransomeware5. Cyrptomining
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
General Observations❏ It has been observed that the networks/systems are not
securely configured ❏ With no vulnerability management system, most of the
systems are left unpatched, exposed to various attacks including DDoS, web defacement and others.
❏ Asset management is not in place.❏ Logs are not being analyzed or not even captured❏ Physical security ❏ Use of default passwords,vendor accounts not disabled❏ Use of simple passwords
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Recommendations❏ Patch!❏ Maintain system logs and periodically analyse it for
suspicious activities❏ Maintain backups❏ Harden systems ❏ User level and system-level passwords must conform to
the standard password guidelines
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Common username and passwords targeting Bhutan
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Reporting Computer Incidents
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
Questions?
www.btcirt.bt Phone: +975-02-338606 General Email: [email protected] Incident Report: [email protected]
THANK YOUContact: [email protected] (General)
[email protected] (Incidents)