JPCERT/CC Eyes

Hello again, it’s Yuka at the Global Coordination Division.

Following my recent trip to Malaysia to join APCERT Annual General Meeting and Conference 2015, I had my first travel to Europe – and that was to Bucharest, Romania to attend a conference hosted by CERT-RO, the National CSIRT of Romania. They host a conference annually, and this year it was the 5^th time for this event, held from 5^th - 6^th October.

The programme on the first day morning consisted of two panel discussions, with global and Romanian national focus on cyber security. Experts were invited from different stakeholders to exchange ideas on the recent cyber threats, law enforcement and policies, etc. For the afternoon session, the following CSIRTs around the globe including JPCERT/CC, who have partnerships with CERT-RO, delivered a short presentation about their activities.

ALCIRT (Albania)

CERT-EE (Estonia)

CERT.lv (Latvia)

KrCERT/CC (South Korea)

South African Government CSIRT (South Africa)

I myself presented briefly about JPCERT/CC, its organisation overview, the latest incident statistics and some ongoing projects, including TSUBAME and Cyber Green.

(Photo of me speaking: provided by CERT-RO)

It was interesting to hear each CSIRT’s organisational structure, including which ministry they belong to and different range of authority that each CSIRT has over their local ISPs and users. It was also a great opportunity to build bridges to CSIRTs that are located far away from Japan.

Through the panel sessions in the morning about local trends in cyber security in Romania, and a presentation provided by a CERT-RO colleague in the afternoon, here below are some things that I learned about cyber-related matters in Romania:

• CERT-RO, established in 2011, is operated under the Ministry of Communications and Information Society.
• Following the enactment of Romanian Cyber Security Strategy in 2013, the Romanian government (together with CERT-RO) is now preparing cyber security related laws on ISPs’ responsibilities in case of incidents.
• CERT-RO has been focusing on awareness raising campaigns and trainings in local communities (e.g. incident handling, malware analysis).
• CERT-RO provides internship programs for students majoring in cyber security related studies.
• Most common malware observed in Romania are Downadup and Zeus. Statistics show that about 10% of IP addresses located within Romania are infected with conficker.
• There are many cases where Romanian IP addresses are used for attacks as proxies.

One of the outcomes of the collaboration between JPCERT/CC and CERT-RO is that we have provided our “IT Security Inoculation kit” based on our discussion during our previous year’s visit to Bucharest. This is a tool that JPCERT/CC has developed for awareness-raising purposes against targeted email attacks with malicious attachments and the like. Designed for implementation at organisations such as companies, it has a feature to send emails that attract the recipients’ attention by indicating relevant topics such as internal business communications, latest news topics, questionnaires, etc., and attempts to induce them to open attached files or click on URLs (which actually is harmless!). It gives warning to those who were trapped about the risks that may involve, and at the same time, allows examiners to keep track of who actually opened the attachments/links. This feature enables examiners to analyse the tendency of examinees’ behaviours, and also how their performance improves if tested repeatedly. Since CERT-RO has been working on awareness-raising programs in the local community, they found the tool useful and implemented it in several organisations within Romania. We are happy that CERT-RO liked it – and hope to keep collaborating in this field and others!

We would like to thank CERT-RO colleagues again for their kind hospitality and invitation to the great event.

Thanks for reading and see you soon.

 - Yukako Uchida