UNICC has recently delivered two major initiatives for the health and welfare of the UN family, for improved collaboration among its members related to cyber security information sharing:
- UNICC Management Committee resolves that all participating UN Organizations share their threat intelligence
- UNICC Common Secure Conference takes place with more than 30 UN Agencies and affiliated organizations.
The European Union Agency for Cybersecurity (ENISA) has published its latest ENISA Threat Landscape (ETL) report. The report identifies and evaluates top cyber threats and trends from January 2019 through April 2020, providing a baseline for greater risk mitigation going forward.
The report emphasizes the nature, direction and proliferation of threats across the greater globe, including an infographic regarding Threat Landscape Mapping during COVID-19.
UNICC, with its growing information security team and services, is keen on monitoring and remediating across this threat landscape.
Some of its recent actions have taken the UN in the direction of better sharing of collective threat intelligence to strengthen the overall cyber posture of the UN family (as well as each of its individual organizations).
Inter-Agency Threat Intel Sharing Resolution
The UNICC Management Committee, governing all UNICC Partner Organizations, approved a resolution asking all UNICC Partner Organizations and Clients to share threat intelligence and security incident information (in either attributable or anonymized forms) with UNICC’s Common Secure team for analysis and sharing with the wider UN family.
They took this step at a special session on cyber security at their October 2020 meeting, responding to growing concern around threats and compromises across many UN Agencies.
UNICC already provides Common Secure Threat Intel services to over 30 Clients and Partner Organizations to track down indicators pointing to possible cyber-attacks against ICT infrastructure or other events that jeopardize cyber security posture and health.
UNICC will now leverage its Common Secure Threat Intel services to share this information with all organizations in either attributable or anonymized forms to best protect the UN family from threats and attacks.
This service will be offered to all UNICC Clients at no cost, while the Common Secure dedicated subscription services will continue to share threat intelligence, offer Malware Information Sharing Platform (MISP) tools as well as advisory and incident response and remediation services for any cyber security threats, attacks or compromises.
UNICC works with 70 organizations including most Agencies in the UN system, so the outcome of this measure will be a significantly safer UN system.
As cyber criminals collaborate more and more, so should cyber security professionals step up on sharing intelligence and information to keep pace them. Common Secure members envision a UN family for collecting and sharing information to keep our Agencies secure and aware.
Tima Soni, Chief, Cyber Security Section, UNICC
Common Secure Conference
UNICC hosts an annual Common Secure conference with the goal to bring its information security Clients and Partners Organizations together to increase the UN family circle of trust, share intelligence on cyber practices and provide feedback on UNICC Common Secure services. The multi-day workshop blends vendor and regional stakeholder sessions with feedback, presentations and input from participating Agencies.
The Common Secure Annual Conference was held virtually this year between November 17-19 and November 23-25. There were multiple 3-4 hour sessions on all days.
There were 150 participants from more than 30 UN Agencies and other international organisations, including:
- Common Secure Members: ADB, CTBTO, FAO, IAEA, ICJ, ILO, IFAD, IIIM, IMO, ITU, OECD, PAHO, UNCTAD, UNDP, UNESCO, UNFPA, UNHCR, UNICC, UNICEF, UNIDO, UN OIM, UNRWA, UNWOMEN, WFP, WHO, WIPO and WTO
- Guests: IADB, ICC-CPI, OHCHR, UN JIU, UNJSPF, UNODC and World Bank Group
The agenda included a welcome from Sameer Chauhan, Director, UNICC and opening remarks from Tima Soni, Chief, Cyber Security Section, UNICC.
Topics from external speakers included:
- Security and Trust in the Cloud Age – Mark Ryland, Director of the CISO Office, AWS
- The Top 10 Cloud Attack Kill Chains – Richard Mogull, Analyst and CEO, Securosis
- Simple not Simple: Coordinated Vulnerability Disclosure Ecosystem – Art Manion, Senior Member, Vulnerability Analysis Team in the CERT Division, Carnegie Mellon University
- Prioritizing Vulnerability Response with a Stakeholder-Specific Vulnerability Categorization – Jonathan Spring, Senior Member, Technical Staff in CERT Division, Software Engineering Institute at Carnegie Mellon University
- Threat Detection and Response – Brad Dispensa, Senior Solutions Architect, AWS
- Modernizing Security Operations – Steve Faehl, Director of Security Strategy, Microsoft
- DDoS Mitigation – Krassimir T. Tzvetanov, Security Researcher, Purdue University.
Client and Partner Organization sessions included:
- Forensic Collection of Webpages and Media: an Integrated Platform – Marco Tolli, Digital Forensic Expert, ICC-CPI
- COVID-19 Cybersecurity Attacks Flavio Aggio, CISO; Martin Paulinyi, Information Security Engineer and Andrei Bashun, Technical Officer (Cybersecurity Risk & Compliance), WHO
- Ongoing LinkedIn Threat Campaigns Gathering Intelligence and Targeting Users-– Viktors Engelbrehts, Head of IT Security, Infrastructure Unit, IAEA
- Microsoft Sentinel: An Introduction and Use Cases – Suhail Muhammed, SOC Manager, UNICEF and Sebastian Bania, Systems Analyst, UNICEF
- Security as Business as Usual. How ADB Integrated Security into IT Operations – Peter Fizelle, CISO, Asian Development Bank
- Practical Application of Machine Learning for Cybersecurity – Zhao Chen, Security Operations Lead, Asian Development Bank
- Implementing an Effective Vulnerability Management Program – Aldo Gomera Cruz, Information Security Officer, PAHO
- Practical Cyber Threat Intelligence: How to Apply the Diamond Model to Detect and Counteract Cloud Threat Actors – Oleksiy Kuzmenko, Deputy CISO, UNDP
- Information Security Benchmarking across the UN – Fabio Maggiore, Cyber Security Governance Lead, UNICC
- Common Secure in Action! Threat Actor Attribution – Bojan Simetic, Common Secure Technical Lead, UNICC
- Challenges and Roadmap for a Common UN SOC Capability – Amedeo Cioffi, cSOC Manager, UNICC.
There was also a panel discussion on Monetization of Cybercrime Affecting our Mission’s Integrity, with Carmen Corbin, Counter Cybercrime Advisor, UNODC; Mario Bruno, Lead Investigator, CITI Bank and Bruno Halopeau, CTO, CyberPeace Institute.
Here are some key takeaways of the conference:
- Intelligence sharing summary, 2019-2020:
- Exponential rise in credential theft incidents, in line with ENISA threat report indicating a rise in identity-related attacks
- Rise in number of security incidents impacting the UN
- Rise in critical vulnerabilities shared through Common Secure (either better sharing, more collective detection or simply more incidents)
- Reduced noise around security incidents external to the UN
- The UN system will benefit from improved procedures and processes to respond to modern cyber-related challenges introduced with digitalization, especially when it comes to frameworks
- Organizations will benefit from improved security operations, critical to threat intel responses, vulnerability and incident management response.
A last takeaway related to those above is that many Agencies will benefit from improved processes on intelligence sharing within their community, expanding effective cross-organizational incident responses. This fact is part and parcel of the awareness and action of the UNICC Management Committee resolution to leverage UNICC’s Common Secure team and ecosystem to better share intel across the UN family.
UNICC Information Security Services
In order to best protect its Clients and Partner Organizations, UNICC offers information security services including governance and CISO Support, Common Secure Threat Intel Services, Security Operations Centre (CSOC), Security Incident Event Management (CSIEM), Phishing and Vulnerability Management, Penetration Testing, Incident Response and Forensics, PKI Services, Infrastructure and Network Support, Infosec Awareness, Electronic Signature Services and Secure AuthN Service.