Presentation by CERT-Hungary

1. Working together with banks from a
CERT perspective + CIIP
Ferenc Suba LLM, MA
Chairman of the Board,
CERT-Hungary, Theodore Puskás Foundation
Vice-Chair of the Management Board,
European Network and Information Security Agency

2. PTA CERT-Hungary
WHO WE ARE? PTA CERT-Hungary =
Government network security center
Within Theodore Puskás Foundation funded and supervised by the
government
CO-OPERATION AGREEMENT WITH FINANCIAL SUPERVISORY
AUTHORITY:
Scope:
awareness raising (website, school class),
recommendation (safe e-banking),
ISAC (information sharing and analysis center)
FINANCIAL ISAC HU:
In co-op with FSA, BAH, Police
SERVICE AGREEMENTS WIHT BANKS:
- 5 concluded, 3 underway

3. Financial ISAC HU
- History: joint comexes with banks since early 2006
- Great leap forward: large phising attacks in Dec 2006
- Constituents: CERT-HU, Law Enforcement, Banking Assoc.
of HU, Financial Supervisory Authority
- Activity: information sharing, exercises, recommendations,
coordination
- Results: TLP, Advisory, simulated DDos attack exercise
- Future: prep for FSA recomm. on the security of internet
banking, coop. with similar ISACs (GOVCERT.NL, AUSCERT,
DHS)

4. COMEX07
The exercises
-Goal:
-to test the communication between the participants and the
internal procedures of the banks in case of a Ddos attack
-Tasks:
-Two banks acting as victims,
-Banking Association coordinating the exercise and
representing the banks towards CERT-Hungary,
-CERT-Hungary providing technical infrastructure, playing the
attacker, ISP and server operator for one of the banks and
itself
- FSA, GIRO, Police: observers and evaluators

5. The exercises
COMEX08:
Goal: to test communication and internal procedures in case of an
international malicious code collecting client’s data, password
Tasks: 6 banks to eliminate the malicious code and changing
passwords, requesting log-analysis form CERT-Hungary,
identification of data leakage and malicious activity based on log-
analysis, reporting to the police
CERT-Hungary: reporting the malicious code to banks, log-
analysis, identification and shutting down of collecting servers with
the involvemen of the police
FSA, Police: observers and evaluators

6. The exercises
COMEX09:
Goal: to test the protective reactions of the banks in case of a
penetration
Tasks:
2 banks to protect a simulated banking environment
CERT-Hungary: provision of the simulated banking
environment, serving as attacker
Banking Association, FSA, Police: interactive players and
evaluators

7. CIIP in Energy Sector
USA: ISAC Model (branch specific co-op. under DHS)
Europe: EU-SCSIE (Shell, Electrabell, Swissgrid, EDF, CERN,
SEEMA, Melanie, CERT-Hungary)
Global: Meridian Process Control WG
Hungary: CIIP WG (MOL, Paks, MAVIR, Telco, CERT-Hungary)
First exercise in May, 2009 (NHH, MOL, MAVIR, MEH, NFGM,
PTA CHK) electricity outage having a spillover effect in oil,
gas, and communications

8. Thank you for your attention!
ferenc.suba@cert-hungary.hu
PTA CERT-Hungary
www.cert-hungary.hu
Theodore Puskás Foundation
www.neti.hu
ENISA
www.enisa.europa.eu