Matteo Cavallini – ULS MEF/Consip Digital Agenda Assembly – Cybersecurity: barriers and incentives Matteo Cavallini Cybersecurity: State of the Art and

Matteo Cavallini – ULS MEF/ConsipDigital Agenda Assembly – Cybersecurity: barriers and incentives

Matteo Cavallini

Cybersecurity: State of the Art and Future Trends in Italy

Digital Agenda Assembly - Cybersecurity: barriers and incentives16 June 2011, Brussels


Since 2007 I have been the manager of the Local Security Unit (LSU) of the Italian Ministry of Economy

Positions held:● Senior security member fo the GovCERT.it team project● Senior security expert for the Testing Commission of the Public Connectivity System

● Internet security manager of the Italian Ministry of Economy

Certifications:● Lead Auditor ISO 27001● EUCIP Professional “Security Adviser”

About me


Agenda

Local Security Units and CERT-SPC - the security infrastructure of the Italian Public Administration

Italian Governmental CERT - a start-up project

National and International security exercises - the way to assure the right level of preparedness

Italian AntiBotnet Center - an example of an incentive proposal


LSUs are the Operational CERT in the PA

Internal Organization

Operational groups

Reperibili

Monitoring of the Information sources

Supporting incident handling

Operational activities for incident prevention and handling

Receiving incident alerts & reports


Consip

Incident Prevention

● Monitoring of the sources● Verifying & Prioritizing

the reports● Establishing the

prevention activities


MEF

Incident PreventionPlanned Activities

Incident PreventionPlanned Activities

Tech. & SecurityProviders

Security InformationSharing



Operational coordination

MEF

Incident Reporting

Incident Reporting

● Incident triage● Incident analysis● Incident response plan

definition

Involvment of thePolice cyber unit

Incident Response

Consip

Incident handlingoperational support

Incident handlingoperational support


CERT-SPC is the Coordination Centre

Tech. & SecurityProviders

LSULSU

LSULSU

SOCPCS’s

Providers

SOCPCS’s

Providers

SOCPCS’s

Providers

SOCof PCS

Providers


CERT DIFESA TC

National Cyber Response Exercise

Cybershot 2010

Coordination CERTs

Operational CERTs

“Real” injections:● Network scan● Brute force

attack● Intrusion● Web Defacement


Cyber Incident Exercise

● ISCOM – MISE partecipated in the first pan-European exercise (Cyber Europe 2010) acting as the Italian focal point and playing the roles of planner and moderator

● On the basis of the experience, ISCOM will partecipate in the second pan-European exercise in 2012, to start testing the planned EU cyber-incident contingency plan

● ISCOM will partecipate in the EU/US exercise within the area of EU/US Working Group on Cybersecurity and Cybercrime

● ISCOM will organize a national exercise in cooperation with other governmental institutions and private stakeholders


● ISCOM contributes to the “ad hoc” ENISA working group in order to define and harmonize the security measures among MSs to be accomplished by TELCO operators

● ISCOM has established a national working group with network operators and service providers to receive feedback from the private stakeholders

Minimum Security MeasuresArt. 13 Directive 2009/140/EC


Governmental CERT

● Currently Italian CERTs are dedicated to specific networks and users, such as Public Administration and Defense

● In order to establish a well-functioning network of CERTs at the EU level by 2012, the MSs are requested to implement an operational national/governmental CERT

● ISCOM will cooperate with other institutions to create a national CERT that will coordinate the other internal CERTs and will be a unique national contact point for the European counterparts


Italian AntiBotnet Center

Botnets are networks of infected PCs remotely managed by cybercriminals to perform illegal activities such as the following: spam, phishing, DDoS attacks, financial fraud, identity fraud, clickfraud, etc.

Why Botnet?

Botnets have a strong social impact on citizens and represent a serious obstacle to the development of the high value services (e-commerce, e-government programs, etc.) over the Internet


Italian AntiBotnet Center

At the moment, the Center is a proposal still in the evaluation and feasibility study phase. The proposed structure would be linked to the German AntiBotnet Center and should be a Public-Private Partnership with the involvement of the:● Internet Service Providers● Security and Technology Vendors● Various Professional Associations

The proposed funding would be limited to the start-up and the first two years of activity. The following years would be financed by the private sector, encouraged by the benefits achieved.

In our view, this initiative is a good example of an incentive to deliver a higher level of network and information security.


Thanks

[email protected]

twitter account: @Nientenomi

Documents

Matteo Cavallini – ULS MEF/Consip Digital Agenda Assembly – Cybersecurity: barriers and incentives Matteo Cavallini Cybersecurity: State of the Art and