The participation as main partner of ISEE at Cyberisks Conference 2014 it was a success. The message of the ISEE President, Mr. Daianu was appreciated by Mr. Yugo Neumorni, President of CIO Council Romania, as a message which should be read by each executive in Romania.
All participants had considerations about the urgency and the need of a Financial CERT. Romanian Intelligence Service, the Information Agency of Interior Minister, the representatives of CERT-RO and Mr. Varujan Pambuccian from Romanian Parliament mentioned the importance of Financial CERT initiative. About this initiative of ISEE please read at Initiatives Page.
Mr. Mazilu from SRI mentioned the explosion of criminal bot-nets and the increasing usage of Bitcoin with all the negative consequences. The trends presented one year ago unfortunately are confirmed, and the explosion of cyber-incidents, with huge loses are increasing. There are needs of regulations, standards, and technological rules.
It was reiterated the need of a national cyber legislation, and specific norms and standards for financial sector. The numbers and complexity of cyber attacks are increasing constantly, based of the declaration of Mr. Barzu, Cyber Unit Head from DGIPI. It is at least a 35% increase from one year to other. He presented also a concrete case of a cybercrime on capital market.
Mr. Pambuccian mentioned the need for rules, a system to monitor the auditors on IT which are doing now a more formal work, without to much responsibility. We need a law to establish the clear responsibilities. The cloud services are more secure then the internal IT infrastructure. But about cloud at international level are only two real cloud providers, all others offering more hosting services. It’a a clear need of a CERT for financial sector, which to be independent and equidistant.
Mrs. Avram from BNR mentioned the EU regulations who are imposing measures at national level, we need policies and regulations for critical financial infrastructures. About Bitcoin, it’s a general issue starting from the definitions of virtual coins. The need of expertise is clear, there are in this moment more questions in place of responses.
Mr. Tofan from CERT-RO mention that Romania encounters a high rate of compromised IT systems, and we are used as a proxy country for attacks against others.
Mr. Neumorni mentioned the importance of human factor in IT security, the people being the weakest point. In Romania is a very low education level related to IT security. The concept of Internet of Thinks is very dangerous. Without strong standards and management measures, without correct informed people, the extensive usage of Internet can be very dangerous. More dissemination events are necessary. Should be important to organize campaigns to teach people about minimal measures to be taken to reduce the exposure to risks which are real, and closer, and closer.
It is a need of an information code.
AIG presented the first insurance product for IT security events and IT infrastructures.
About security in cloud, in this moment, are in developing more standards, including ISO 27018. Microsoft proposed a legal framework for financial authorities to allow the usage of cloud services by financial companies.
The legal view it was also discussed, being proposed interpretation of legal terms which are proposed in the new cyber law.
Very interesting, and full of experiences, more presentations were provided by Oracle, CertSign, and ISEE itself (the presentation can be find already on our site). E-Quest/Dell representative recommended to organize an event related to IT Security as a Service, because it is the single way to fight with IT Criminality as a Service (cyber weapons, citizen identities, or financial information can be by very cheap on the black market of cyber crime).