This year’s Common Secure conference (part of ICC’s Common Secure Threat Intel Network services arrangements) was held in Valencia, Spain this year at ICC’s Centre of Excellence in Valencia. ICC inaugurated its Common Secure Operations Centre here in Valencia at the last Management Committee meeting in March of this year, with five Clients by now: UN Women, UNESCO, OCHA, PAHO, WFP and ICC as well. The conference was deemed a success by participating Clients and Partner Organizations. Half of the Common Secure membership participated in person with another half a dozen (plus others from participating Agency units) joining remotely.
With the goal to bring partners together to increase the circle of trust, share information on cyber practices and provide feedback on services suites, the two-day workshop blended vendor and regional stakeholder sessions with feedback, presentations and input from participating Agencies. Tima Soni, Head, Information Security Services, noted that cyber criminals are collaborating more and more and that cyber security professionals need to step up on sharing intelligence and information to keep pace with cyber criminals. Common Secure members here can envision a UN family to collect and share information to keep our Agencies secure and aware.
Member Agencies including IFAD, PAHO, WFP, IMD, UNDP , OSCE, UNESCO, while ADB, IOM, WFP, UNDP, UNICEF, ILO, IAEA joined remotely – in addition to participation and presentations from the Computer Emergency Response Teams from the Spanish government and the city of Valencia.
Day One featured sessions from vendors such as IBM, Microsoft, Cynet, Qintel and the Spanish CERT, followed by a tour of the Valencia CERT, who, interestingly, are very involved in awareness sessions with the citizens, including middle schools! Day Two had an Internal focus with sessions by UNDP, PAHO and IFAD jointly, UNICEF, WFP and ICC.
- Welcome note – Sameer Chauhan, Director, UNICC
- Cyber threats and trends impacting the UN – Domenico Raguseo, Chief Technology Officer, IBM Security, Italy, SPGI and CEE
- Using Microsoft 365 and Azure to defend against common cloud cyberattack patterns, Steve Faehl, National Director Security Strategy, Microsoft
- The evolution of attacks: Automation – Luca Martinis, Security Engineer, Cynet.com
- Threat Intel for Risk Reduction: Building an Effective Threat Intelligence Program – Thomas X. Grasso, Chief Global Strategy Officer, Qintel
- Inside the Hacker Playbook: How they make breaches look so easy – Matt Ziemniak, Chief Research Officer, Qintel
- CCN-CERT tools and procedures for incident handling and threat hunting – Ramón Saez, CCN- CERT (Spanish CERT)
- Visit CSIRT – Valencia city SOC – all participants invited
- Evolving threat hunting and autonomous cyber response – Steve Faehl, National Director Security Strategy, Microsoft
- Building Global Incident Response and Threat Hunting Platform with Open Source – Alexey Kuzmenko, Cyber Security Specialist, UNDP
- Panel discussion on threat intelligence driven security operations – Aldo Gomera Cruz, Information Security Officer, PAHO and Guillaume Farret, Operational IT Security & Resiliency, IFAD
- Maturing Cyber Operations Through Threat Intelligence – Katherine Gagnon, Chief Information Security Officer, WFP
- Intelligence Driven Security Operations leveraging MITRE ATT&CK framework – Bojan Simetic, Information Security Specialist, UNICC
- Business driven SOC -Jorge Torres, Chief Information Security Officer & Geoffrey Okao, Chief Platform and Service Delivery UNICEF
- Common Secure Service Review and closing session – Tima Soni, Head, Information Security Services, UNICC.
These services are more in demand across the UN system than ever before. Technology, too, is evolving at an ever-more rapid pace and is unlikely to slow down. We at ICC – and our information security team – are ready to meet that challenge.
ICC has done a lot of work in the last three years to build a strong information security program. Starting with governance, risk and CISO support services for a handful of Agencies and a handful of staff, we have grown to thirty partners strong and over fifteen information security experts in all of our locations, offering the Common Secure Threat Intel Network now with Clients, SOC and SIEM services, phishing, vulnerability management, awareness, pen testing, incident response, network and infrastructure security and now a PKI service.
In addition, the team has been proactive as thought leaders, delivering keynotes, training sessions, taking on CISO roles and organizing mission-driven cyber security events and workshops. We have developed our partnership with Microsoft with a focus on security. We’ve also built partnerships with FIRST, CIS, CSA and SWIFT.
In attending the UN Information Security Special Interest Group over the past few years there has been recognition and a growing trust in what ICC has been up to. We won a CSO50 Award in 2017 for the very services we were then beginning to deliver. Four of our staff participated in the drafting of the UN Principles on Data Privacy last year. Our Management Committee funded two R+D projects that have become services – the CSOC and the PKI initiative, with good feedback from many of you – and it is just about to go live.
Participants took something away from sessions like Using Microsoft 365 and Azure to Defend against Cloud Cyberattacks, Threat Intel for Risk Reduction, learning from panel discussions on threat intelligence-driven security operations and participate in our service review with your own valuable input for making our services stronger. For as the very idea of Common Secure implies, it’s by sharing our intelligence and ideas that we build a strong network of security-aware partners.
While the focus of this conference has been speaking about and listening to topics around information security with peers and partners, good feedback and input was shared to help us build an even stronger program.