The cyberattacks on Estonia were well covered and discussed on various website and blogs. So I didn't cover it myself. I didn't visit the ENISA website for a while but I did today and saw the attacks mentioned on their website: ENISA commenting on massive cyber attacks in Estonia.
DDoS attacks are hard to mitigate and demand a lot of coordination and cooperation from various parties. CERT Estonia, established late last year, along with many local security managers and CERTs from other countries had to establish such a cooperative effort quickly to subdue the attacks. Various CERTs from Europe and beyond helped to involve the international CERT community in mitigating attacks in Estonia.
So here are their CERT guides:
- CERT setting up guide:
http://www.enisa.europa.eu/cert_guide - CERT cooperation guide:
http://www.enisa.europa.eu/cert_cooperation - Inventory of CERTs in Europe:
http://www.enisa.europa.eu/cert_inventor
More details are available in the CERTs Fact Sheet:
http://www.enisa.europa.eu/doc/pdf/FACsheets/CERT_Fact_Sheet.pdf
BELNET CERT
Established: 3Q 2004
TI Status: Accredited
TI Link: http://www.trusted-introducer.nl/teams/belnet-cert.html
Constituency: BELNET's customers (Belgian universities, public administrations, high schools and research centres connected to BELNET's network).
NCIRC CC
NATO Computer Incident Response Capability - Coordination Centre (located in Belgium )
Constituency: NATO Computer Incident Response Capability - Coordination Centre
So the BELNET CERT is not really for Belgium nationwide, since it's for the network backbone of schools, universities and public administrations.
So what about the NCIRC? In wake of the Estonian attacks, NATO committed to defend its members even in Cyberspace.
In Brussels yesterday, NATO defence ministers agreed that firm and decisive action was necessary to protect "information systems of critical importance," Reuters reports. The Alliance spokesman added:
"[Recent DDoS attacks in Estonia] were sustained, coordinated and focused. They had clear national security and economic implications," he said. "That will be the subject of work here."
But what if only one company is targetted and it's not a nationwide attack? What CERT can we turn to? In Belgium, there is the Federal Computer Crime Unit who are quite skilled in forensics but what about mitigating DDoS? There haven't been any large DDOS's in Belgium to my knowledge but what if.... ? Shouldn't we have a general CERT?The Netherlands are ahead of us. They already performed a disaster exercise for cyberattacks on their IT infrastructure. Here is the article (in Dutch).
Bonus: ENISA studying ISP countermeasures against spam -participate in survey
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment