1 / 13

How we work as a national CERT in China

How we work as a national CERT in China. ZHOU Yonglin CNCERT/CC, China. Internet Development in China. Source: MIIT and CNNIC. By the end of June 2010, The number of Internet users was about 420 million, counting for 31.8% of total population. Broadband users was nearly 364 million

Download Presentation

How we work as a national CERT in China

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China Addressing security challenges on a global scale

  2. Internet Development in China Source: MIIT and CNNIC By the end of June 2010, • The number of Internet users was about 420 million, counting for 31.8% of total population. • Broadband users was nearly 364million • Mobile Internet users was nearly 277 million • The commercial applications showed remarkable increase. • The users of online-shopping, online-payment, online-banking were 142 million, 128 million and 122 million, counting for 33.8%, 30.5%, 29.1% of total Internet user. • Online video users was about 265 million • Benefitting from mobile phone development, the online-reading users reached 188 million. Addressing security challenges on a global scale

  3. Internet Security Situation in China: Malicious code activity • In the first half of 2010, CNCERT monitored: • Trojans activity: • control servers counting by IP:247,235 • compromised hosts counting by IP :3,966,329 • IRC-Bot activity: • control server counting by IP :6,451 • compromised host counting by IP :3,148,046 • In the whole year of 2009, about 28 million Conficker worm infected computers were in China.

  4. Internet Security Situation in China: Website defacement • In the first half of 2010, CNCERT monitored: • Number of all defaced website: 14,907,decreased 21.75% than the same period of 2009。 • Defaced government website:2,574, increased 222.56% than the same period of 2009

  5. Internet Security Situation in China: More… • DDOS attacks • Phishing • Smart Phone malware • ‘DuMusicPlay’ infection: nearly 1 million in first week of Sep. • ‘Mobile Skull’ infection: nearly 560 thousand in same week. Addressing security challenges on a global scale

  6. About CNCERT • Full name: National Computer network Emergency technical Response Team Coordination Center of China • CNCERT/CC is a National level CERT organization, which is responsible for the coordination of activities among all Computer Emergency Response Teams within China concerning incidents on national public networks. • It provides computer network security services and technology support in the handling of security incidents for national public networks, important national application systems and key organizations, involving detection, prediction, response and prevention. • It collects, verifies, accumulates and publishes authoritative information on the Internet security issues. It is also responsible for the exchange of information, coordination of action with International Security Organizations.

  7. About CNCERT • CNCERT has 31 branches around the nation, located at each capital of provinces. • CNCERT is a leading organization on cyber security industry. Also take the role of network and information security committee of Internet Society of China. • CNCERT is a full member of FIRST and APCERT.

  8. Connections and working mechanism • Supporting government • Ministry of Industry and Information Technology who is in charge of the Internet and telecommunication infrastructure security and coordinating the safeguarding of online government information system, and social critical information systems • CNCERT: Collecting security info. of ICT field and issue advisories, coordinating ISPs, DNRs to clean malware control servers, monitoring attacks to government online systems, etc. • Other governments • CNCERT: following the cross-department working mechanism, provides technical supports like vulnerability evaluation, incident handling,… etc. Addressing security challenges on a global scale

  9. Uniting Industries and initiatives Industrial Self-discipline CNVD- China National Vulnerability Database ANVA – Anti Network Virus Association Addressing security challenges on a global scale

  10. CNCERT played key role on cyber safeguarding of national events 2008 Beijing Olympics Shanghai EXPO 2010 Nation Leaders’ Online Talks 2010 Guangzhou Asian Games

  11. Actively join international cooperation • Join FIRST and APCERT and relevant events • Sign MOU with CERTs in other countries or regions, who have common interest on incident handling and information sharing. • Carry out joint activity during critical period or incident. • Notice potential conflicts on Internet during hot foreign affairs • Waledac botnet handling: Microsoft initiated Waledac campaign in US. Feb 2010, according to MS’s request, CNCERT quickly stopped 16 malicious domain names registered in China. Addressing security challenges on a global scale

  12. ACKNOWLEDGEMENTMany thanks to ITU-T secretariat, workshop chairman and coordinators for your kind invitation and helps.Many thanks to the development of Internet and telecommunication technology by which I can join you remotely. Yes, that is what our cyber security guys are fighting for!  CONTACT zyl AT cert DOTorgDOTcn +86 10 8299 0355 www.cert.org.cn

More Related