Presented by Dr' Khaltar'T

1
OVERVIEW ON CYBER SECURITY CERT OF MONGOLIA
Presented by Dr. Khaltar.T Computer Science
Management School of Mongolian University Science
Technology, Mongolia http//www.csms.edu.mn E-ma
il khaltar_t_at_csms.edu.mn 27-30 st of September,
2004 Bangkok, TAILAND
2
At the threshold of the third Millenium, Mongolia
faces the necessity of understanding and taking
the historical challenge related to mankinds
entering the era of world informational
community development.
3
I. National Information Security Policy
IV. Struggle with cyber criminality
V. MONCERT project
4

• NATIONAL INFORMATION
• SECURITY POLICY

• The first Asia-Pacific Conference on Cybercrime
  and Information Security
• In Seoul was the large push in understanding all
  importance of struggle with
• Cybercrime by some Leaders of Mongolia. After
  this conference was
• Developed
• Draft action plan on information security
• Draft law On Information Security
• Draft law Information Technology
• Draft law e-Government
• Draft law e-Transaction
• Draft law e-Signature

5
I. NATIONAL INFORMATION SECURITY POLICY

• Concept of Information Technology Development
  till 2010
• Strategy of Information Technology Development of
  Mongolia
• Within the framework of this documents are
  specified the following concrete
• provisions about cybercrime.
• to create in structure of the Mongolian Police a
  Department on struggle with
• cybercrime.
• To organize a measure on a security of
  information networks and systems.
•  To organize training courses for detectives,
  investigators, inspectors
• and experts on a cybercrime.
•   To create in structure of government a
  department on information
• security of electronic government.
• But these provisions have remained an
• empty word on a paper up to now

6
II. INTERNET UTILIZATION
ORKHON-UUL
BOBISUMBER
ZAMIIN-UUD
7
(No Transcript)
8
III. Current Situation on Cyber Crimes

• 
  ( All
  data from my survey)
• - Cyber crimes have been quite popular in
  Mongolia but not detected.
• 12 of the survey participants did a cyber
  crime in some way.
• Many misdeeds have not been noticed by law
  enforcement bodies such
• Police or Court.
• Registered officially in Mongolia except only
  three cases of cybercrime
• until now.
• Penetrating government websites illegally to
  obtain information. This was
• done by about 8 of the survey participants(QAH
  crimes).
• About 20 of the participants accepted that
  their practice of
• time stealing(QAT).
• About 1 of those said that they used some kind
  of equipment in order to
• steal information(QAI).
• Two hackers destroyed a Mongolian companys
  computer database using
• logic bombs by the order of another
  company(QSS)
• Recently, there has been a widespread virus
  infection which has been
• developed by an unknown Mongolian hacker.

9
III. Current Situation on Cyber Crimes

• -some people are producing illegal documents such
  as policemen ID(7 times),
• and driving licenses(about 80 cases) etc(QFF).
• -In last years, there was a frauds done by
  Nigerians, South Africans,
• Americans from Mongolians by communicating over
  the Internet.(QFZ)
• -Illegal copying and intellectual property crimes
  have been (QR) quite
• widespread.
• -about 40 of the total number of computers used
  in Mongolia have been
• installed with illegal computer games.
• -There were several cases in Mongolia which
  cheated foreign trading
• companies over the Internet to obtain USA visa.
• -There were three crimes on illegal obtaining of
  other companies business
• secrets (QZE) over the Internet.
• -Cybercrimes against persons such as cyber
  harassment has been spreading
• as computer e-mail usage increases among the
  people.
• 48 of Internet users computers are installed
  Spywares.
• 37 of the Internet users computers are
  infected by a virus, such as
• Trojan Horse, Worm

10
IV. Struggle with cyber criminality
Prevention of cybercrimes
-Mongolian government has declared that one of
its priorities is development of Information
and communication technology. -But combating
cyber crime and enhancing information security
have not been mentioned in it. So, there is no
master plans/policies or strategies on how to
combat the cybercrimes . -Only the local ISP-s
such as DataCom, Magicnet, Micom, Railcom, are
developing quite good security systems on their
local area networks -But there is no active,
special information security agency operating
on these issues in broad band. -Regarding the
human resources, there is no employee is being
prepared on information security issues
separately.
11
IV. Struggle with cyber criminality
Monitoring, detection and investigation
-Mongolia has done almost nothing regarding the
cooperation with other states on law
enforcement for cyber crimes. -Cooperation
between internet service providers and
law-enforcement officials has been very
weak. -No relation with Foreign CERT-s -There
is no skillful specialists who can monitor,
detect and investigate the information
security and cyber crime issues.
Monitoring, detection and investigation
12
IV. Struggle with cyber criminality
Effective prosecution

• In order to stop and reduce the misuse of
  information technology,
• Mongolia needs to establish a work group to make
  Mongolias master
• plan on Information Security.
• The followings should be included in this plan
• to develop a project to train information
  security / cyber crime specialists,
• and establish a separate department in police to
  fight cyber crimes
• to publish guide books on these issues in
  Mongolian language
• to establish a mechanism for effective exchange
  of information on
• security issues between the countries in the
  future (MON-CERT)
• to establish a permanent agency inside Mongolian
  government structure
• because of no budget allocated from the
  government, Mongolia needs to
• attract foreign partners and support on this
  issue
• to develop a plan to support private sector and
  NGO activity involvements
• on information security issues
• to learn and introduce methodologies of cyber
  crime fighting in Mongolia
• from experiences of other countries.

13
IV. Struggle with cyber criminality
Key challenges and priority needs
-to develop the project MON-CERT -to develop the
project to establish the Department in structure
of Police which will detect and stop cyber
crimes such as illegal copying of computer
software(QRS), illegal access to
information(QAH), time stealing(QAT), to modify
computer data(QD), spreading viruses, computer
sabotage(QC) etc. -to develop the project
Public Training -to develop the project Cyber
security experts training -to develop the
project Conversion training of the police
investigators, inspectors, criminal
experts Current situation of Information
Security in the country as poor. The countrys
high-level government officials have no
understanding about information security. So,
there is no fund allocated from the budget, and
not much understanding on this issue among the
society. Therefore, people more tend to perceive
the cyber crimes as an ordinary thing.
14
V. MONCERT project
Background and necessity of project
In last few years, cybercrimes, such as spreading
various kinds of virus programs, attacking on
servers, DoS (Denial of Service), doing computer
piracy began to threaten to interests of the
Mongolian users of the Internet. -But in
Mongolia, there is no organization, who reacts to
such illegal activitites, and there is no
registration. -There is no relationship with
foreign CERTs. -Mongolian Internet users have no
understanding where to address such problems,
how to prevent from various cyber attacks. -From
year to year the size of damage from such
incidents has been growing. Therefore, there
is an urgent need to create an team which will
protect Interests of Mongolian Internet users,
ISP-s, who also offers professional help, and
keeps record of cybercrimes.

15
V. MONCERT project
Goal of the Project
To organize and start CERT operation. That team
will help Mongolian Internet users to prevent
cyber attacks, to collect and to process such
incident information, to react on cyber
incidents, to offer advises for Mongolian users
on information security issues, to set up
interconnection of important contacts, to start
a process of information exchange with foreign
CERT.
16
V. MONCERT project
Purposes of the Project

• To determine the mission and function of the
  MONCERT, to develop
• the operation rules of the MONCERT
•  To determine the structure and internal
  organization of the MONCERT,
• to select its staff members
•  To train the selected staff members
•  To collect and analyze data on cyber attacks,
  cyber damages, level of
• protection of users and ISP-s, and on their
  information security knowledge
•  To find the maecenas and sponsors
•  To obtain the equipments, hardwares and
  softwares
•  To start the MONCERT operation
•  To offer free service for users and ISP-s, to
  carry out registration and
• keep statistics
• To establish Hotline communication with other
  CERT-s and FIRST,
• to cooperate with them and to help mutually.

17
V. MONCERT project
Expected effects of the proposed project to the
host country

• Economic effects
• will be 13 decrease in the number of cyber
  damages for the first
• year of operation,
• and 20 decrease in the second year.
• b. Technical effects
• networks, servers, users hardware softwares
  reliability will increase.
• will decrease the barriers of investment, and
  introduction of new technology
• will increase the level of information security.
• c. Social and environmental effects
• the level of guarantee of rights and freedom of
  citizens to receive
• information will increase.
• big shift for Mongolia in creation of information
  society, e-Democracy,
• e-Government, e-business and bridging digital
  divide.

18
THANKS FOR JOINING