Centre for cybersecurity Belgium : Role, Missions et

Centre for cybersecurity Belgium :

Role, Missions et future capacities

NLO meeting

30/01/2018

Phédra Clouner

Deputy Director

CCB

01CCB mission & services

Page 2

The Centre for Cyber security Belgium

Page 3

Legal Basis

Page 3

• R.D. 10/10/2014

Contribute to build a safer and reliable Internet

Create a national policy and capabilities with existing actors

Belgian policies & Coordination


Page 4

Legal Basis

Page 4

• R.D. 10/10/2014

Create a national policy and capabilities with existing actors

Coordination

Laws, standards, guidelines

Ensuring crisis management


Page 5

Legal Basis

Page 5

1. Monitoring, coordinating and supervising the implementation of Belgian policy on the subject;

2. Managing the various projects on the topic of cybersecurity using an integrated and centralized approach;

3. Ensuring coordination between the relevant government departments and governments, as well as the

public authorities and the private or scientific sectors;

4. Formulating proposals aimed at adapting the regulatory framework in the field of cybersecurity;

5. Ensuring crisis management in case of cyber incidents in cooperation with the government's Coordination

and Crisis Centre;

6. Preparing, disseminating and supervising the implementation of standards, guidelines and security standards

for the various information systems of the governments and public institutions;

7. Coordinating the Belgian representation in international cybersecurity forums, coordinating the monitoring

of international commitments and national proposals on this subject;

8. Coordinating the security evaluation and certification of information and communication systems;

9. Informing and raising awareness among users on information and communication systems.


• CCB

• Police

• CERT.be

• Crisis Centre

• SGRS

• Judiciary ((Federal )prosecution)

• OCAM

• VSSE

• Federal Public Service Foreign Affairs

• Conseil national de sécurité/ comité stratégique/ comité de coordination renseignement et sécurité

• Critical Infrastrctures /Vital sectors

• Belnis (Belgian network on information security)

• Privacy Commision

• Cyber security coalition

• ISP

• Vendors

• Academics

• International collaboration

Chapter 1

Page 6

stakeholders


• Awareness

• Botnet Eradication

• Anti-phishing

• www.safeonweb.be

Page 7

STRATEGIC OBJECTIVES

• Cyber Security guides

• Webinars

• Training (Gov only)

• Partnerships

• Reliable technologies

@work


Early warning-system

Threats, vulnerabilities, incidents …

Detection & monitoring

MISP – Standard IDS - SIEM

Baseline security norm & audit

Directives, guidelines, norms

Incident response

Diagnosis, response

Incident management system

Page 8

STRATEGIC OBJECTIVES


• Encourage academic institutions

• Stimulate youth participation

• Exercises & training

• Specific HR

9

ENABLERS

It’s all about people


• Situational awareness

• Cyber threat against Belgium

• Vital Sector specific risks and vulnerabilities

• Efficient information exchange

• Information portal for the population and companies

• Secured network for the Vital Sectors

10

Enablers

CCB

02Cyber Security (CySec) PROJECTS

Page 11


• Cyber Security Early Warning system & National IOC exchange platform

• Botnet Eradication System

• National Cyber Security Awareness Campaign

• National Cyber Security Emergency Plan

• Cyber Security Risk Assessment tools & Baseline Security Norm for Vital Sectors

• Cyber Security expert training

• National incident handling communication system (ICMS – COBRA)

• Responsible disclosure policy

• ISACS (Vital Sectors, Academic, RS-IV, industry…)

• Cyber Diplomacy Framework (Cyber Diplomat)

• Standard Intrusion Detection System Architecture

• @Work online courses - webinars

• EU NIS Directive transposition …

• New cyber strategy will based on the NCSS Good practice guide+ art 7 NIS directive+

ENISA’s help?

Page 12

CURRENT PROJECTS


Page 13

Vital Sector Early Warning System


9 % des Belges, victimes de messages frauduleux

Identifiez le phishing

et

agissez !

Page 14

DÉFI


Page 15

RESPONSIBLE DISCLOSURE

For Ethical Hackers

Authorization to access the IT systems

to inform on vulnerabilities

without committing an external hacking

crime (550 bis of the Criminal Code)


• Upscaling

• National CySec CRISIS

• National CySec INCIDENT

• Small INCIDENT

• Definition of responsibilities

• Procedures

• Tested during exercises

• (CMX/Cyber Europe 2016)

Page 16

NATIONAL CYBER SECURITY EMERGENCY PLAN

CCB

03What about the CERT.be?

Page 17


• Better CERT.BE – CCB collaboration/integration

• Mission: detect/observe/ analyse cybersec problems+ Users’s

information

• More capabilities (24 FTE) – High level technical experts

• End 2018-2019: 36 FTE 24/7- monitoring IDS - CSOC

• > 60 % information sharing

• Incident handling

• [email protected] 18

TOWARDS A STRONGER CERT.BE

Know-how

Trust


• Cyber Security Information Sharing

• Collect incoming information

• Collect open source, partner & commercial IOCs and rules

• Information analysis & registration (quality control, correlation and linkage… )

• Distribute of advisories & warnings

• Participate in cyber threat information sharing communities

• Threat assessment reporting (constituents, management, partners, …)

• Register & evaluate incoming messages (assessment, triage, prioritization)

• Monitor detection tool alerts for Gov sites

• Trigger necessary actions based on the message evaluation

CERT.BE – 2017

Page 19

CERT.BE 2017


• Incident Response & Intrusion detection

• Coordinate incident response (24/7 on call at home)

• Design the IDS platforms

• Design architecture to search through logs with SIEM

• Digital Forensics & artefact analysis

• (malware analysis, sandboxing…)

• Creation and distribution of IOCs and rules

• Vulnerability and penetration testing (on demand)

• Development and maintenance of systems for handling automated feeds

CERT.BE – 2017

Page 20

CERT.BE 2017

The Centre for Cyber security Belgium CERT.BE – 2017

Page 21

CERT.BE 2017

BELNETCERT.BE

BELNET Customers

NW-InfoAdmin

ICTICTICT

CCB

Critical Gov

Critical Infrastructure &OES

Energy

Transport

Telecom

Financial

Info Sharing

IncidentHandling

FedPol – ADIV – VSSE …

Kanselarij

Admin, ICT, HR…

ICT Shared Services

etc

CCB

<?>

QUESTIONS ?

Page 22

Documents

Centre for cybersecurity Belgium : Role, Missions et