Click here to load reader
Upload
vngundi
View
344
Download
1
Embed Size (px)
DESCRIPTION
Presentation by CERT-Hungary
Citation preview
From CERT-Hungary to National Cybersecurity Centre
Ferenc Suba LLM, MA
Chairman of the BoardPTA CERT-HungaryVice-chair of the MBENISA
CERT-Hungary
- Started as a project by the Ministry of IT and Communications, now under Prime Minister’s Office- Partnership Agreements with: National Communications Authority, Financial Regulatory Authority, Prime Minister’s Office, National Bureau of Investigation- Accredited member of FIRST, TI, EGC- Operator of the National Alert Service of Communications as contractor- Responsible for information security of the e-gov backbone network- Trusted partner of the banking and energy sector (WGs) in CIIP, regular exercises-- International co-operations: FI-ISAC, Meridian, IWWN-- CERT capacity building: Bulgaria, South Africa
Government Foundation
- Theodore Puskás Government Foundation- Founded in 1993 by the Government of Hungary, academia, business companies- Governed by the Civil Code, Act on Public Benefit Organisations- Part of the yearly state budget- Supervised by the Prime Minister’s Office- Engaged in technology transfer, information security- Entitled to have business activities (max. 20% of the yearly income)- Flexible organisation, staff motivation, survives government changes- Think tank, preparation of regulation, project management, technical service
e-Commerce Act
- Only tool to motivate the ISPs- Liability clauses: indirect liability for ISPs = ISP is liable for any wrongdoing committed through its system if ISP does not co-operate to make the wrongdoing impossible- Reason: criminals are anonymous + attacks come through the ISPs + only ISPs can effectively take measures against them- Liability forms vary according to the function: content provider, storage provider, access provider, cache provider, information location tool provider- Principle: ISPs liability stands as of an e-mail about the wrongdoing committed through its system has been received
Ministerial Decree on National Alert Servicefor Communications
- Regulates CIIP in communications sector - Defines critical infrastructures legally- Defines incidents flexbily (list updated by the National Communications Authority)- Designates 8 communications providers (biggest ones)- Reporting obligation of the designated providers- Reports on incidents affecting at least 1000 users- Reports received and distributed by the Alert Service Centre- Distribution list: Ministries, Centre for Crisis Management, Services- Alert Service Centre outsourced to CERT-Hungary, under the supervision of the National Communications Authority
Government Decree No 223/2009.on the security of public electronic services
- Sections 8-10: National Cybersecurity Centre- Tasks: crisis management, central governmental system, National Alert Service for Communications, awareness raising, preparation of policy, CIIP collaboration, international representation- Control: Prime Minister’s Office, IT Security Supervisor- Framework: Theodore Puskás Government Foundation, by a public service agreement- Basic services free for the government, value-added services for payment
The Hungarian model
- Bottom-up approach, 5 years of evolution- Establish a flexible organisation- Be close to central government-- Use ENISA and partner MSs as leverage-- Have very strong international background-- Build up PPPs with interested private sectors-- Be not only technical (crisis management, awareness raising, policy making, national and international collaboration) -- Distribute your financial resources (state budget, state project contracts, service contracts, EU and national research projects)
Thank you for your attention and patience!
PTA CERT-Hungarywww.cert-hungary.huPuskás Tivadar Közalapítványwww.neti.huENISAwww.enisa.europa.eu