Information Security Incidents are now a concern for colombian government

Published: 2012-11-16
Last Updated: 2012-11-17 15:08:13 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
2 comment(s)

Before you start reading: This diary has two parts: One written in english and one written in spanish. Both have the same information, so choose the one you feel more comfortable with.

Like any other country in the world, we are no strangers to security incidents. Many criminals have moved their real world actions to the virtual world, where they have committed numerous crimes and actions that have impacted IT infrastructure of too many companies. Therefore, the National Economic and Social Policy Council (CONPES) issued the 3701 document, which sets out in policy guidelines for cybersecurity and cyber defense of Colombia. The objective of this policy is to strengthen state capacities to address threats that undermine their security and defense in the cyberspace arena creating the atmosphere and the conditions for protection inside it. The document  creates the following institutions:

Institutions created from CONPES document

Source: CONPES Document 3701 Page 21

  • Intersectoral Committee: responsible for setting the strategic vision of information management and to establish policy guidelines regarding the management of the technology infrastructure, public information, cyber security and cyber defense.
  • The Cyber ????Emergency Response Group of Colombia (colCERT) is the national agency on issues of cybersecurity and cyber defense. Receive guidelines intersectoral commission mentioned above. Its mission is to coordinate the actions necessary for the protection of critical infrastructure against the Colombian state of cybersecurity emergencies that threaten or compromise national security and defense.
  • The Cyber ????Joint Command of the Armed Forces (CCOC) depends on the General Command of the Armed Forces, who may delegate his functions within the military forces depending on the specialties in the sector. This should prevent and counter threats or cyber attack affecting nature values ????and national interests.
  • Police Cyber ????Center (CCP) is responsible for the cybersecurity of Colombia, through the provision of support and protection against cybercrime. Develops work of prevention, care, investigation and prosecution of computer crime in the country, reporting on its website on cyber vulnerabilities. Additionally, receives and national guidelines on cybersecurity and works in coordination with the colCERT.

colCERT manages the following relations:

  • Sectorial CSIRT: Since all critical sectors from the economy are encouraged to constitute their own CSIRT, colCERT coordinates with them incident response in case of something big happens.
  • Law enforcement agencies: All law enforcement agencies that might have any kind of trouble with cibercrime or ciberterrorism must seek help from colCERT.
  • Academic sector: colCERT must support research efforts and encourage universities to increase knowledge on incident response and infosec subjects.
  • Other state agencies: colCERT must protect all state agencies from ciber threats.

We are just beginning, but this effort sure will address most of our problems at this time.

----------------------------------- SPANISH VERSION -----------------------------------

Al igual que el resto de paises del mundo, no somos ajenos a los incidentes de seguridad. Muchísimos criminales han trasladado su accionar del mundo real al mundo virtual, en donde han cometido numerosos delitos y acciones que han impactado la infraestructura de TI de las compañías. Por esto, el Consejo Nacional de Política Económica y Social (CONPES) emitió el documento 3701, en donde se estipulan los lineamientos de política para ciberseguridad y ciberdefensa de Colombia. El objetivo de esta política es fortalecer las capacidades del Estado para enfrentar las amenazas que atentan contra su seguridad y defensa en el ámbito cibernético (ciberseguridad y ciberdefensa), creando el ambiente y las condiciones necesarias para brindar protección en el ciberespacio. Con base en lo anterior, se crean las siguientes instituciones:

Instituciones CONPES 3701

Fuente: Documento CONPES 3701 Página 21

  • Comisión intersectorial: Encargada de fijar la visión estratégica de la gestión de la información y de establecer los lineamientos de política respecto de la gestión de la infraestructura tecnológica, información pública y ciberseguridad y ciberdefensa.
  • El Grupo de Respuesta a Emergencias Cibernéticas de Colombia (colCERT) es el organismo coordinador a nivel nacional en aspectos de ciberseguridad y ciberdefensa. Recibirá los lineamientos de la comisión intersectorial mencionada anteriormente. Su misión es la coordinación de las acciones necesarias para la protección de la infraestructura crítica del Estado colombiano frente a emergencias de ciberseguridad que atenten o comprometan la seguridad y defensa nacional.
  • El Comando Conjunto Cibernético de las Fuerzas Militares (CCOC) depende del Comando General de las Fuerzas Militares, quien podrá delegar sus funciones dentro de las Fuerzas Militares dependiendo de las especialidades existentes en el sector. Este deberá prevenir y contrarrestar toda amenaza o ataque de naturaleza cibernética que afecte los valores e intereses nacionales.
  • El Centro Cibernético Policial (CCP) está encargado de la ciberseguridad del territorio colombiano, mediante la prestación del apoyo y protección ante los delitos cibernéticos. Desarrolla labores de prevención, atención, investigación y judicialización de los delitos informáticos en el país, informando en su página web sobre vulnerabilidades cibernéticas. Adicionalmente, Recibe y atiende los lineamientos nacionales en ciberseguridad y trabaja de forma coordinada con el colCERT.

El relacionamiento del colCERT con las demás entidades se resume en lo siguiente:

Relacionamiento colCERT

El relacionamiento del colCERT se resume en lo siguiente:

  • CSIRT Sectorial: Todos los sectores críticos de la economía deben constituir su propio CSIRT y colCERT coordina con ellos la respuesta a incidentes en caso de que algo grande suceda.
  • Las fuerzas de seguridad: Todos los organismos encargados de hacer cumplir la ley que puedan tener algún tipo de problema con el cibercrimen o ciberterrorismo debe buscar la ayuda de colCERT.
  • Sector académico: colCERT debe apoyar los esfuerzos de investigación y alentar a las universidades para aumentar el conocimiento sobre la respuesta a incidentes y temas de seguridad de la información.
  • Otras agencias estatales: colCERT debe proteger a todas las agencias del estado de las amenazas ciberterroristas.

Apenas estamos empezando, pero este esfuerzo que se está implementando actualmente se ocupará de la mayoría de nuestros problemas en este momento.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
e-mail: msantand at isc dot sans dot org

2 comment(s)
VMware security updates for vSphere API and ESX Service Console -
ISC StormCast for Friday, November 16th 2012


What's this all about ..?
password reveal .
<a hreaf="">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
<a hreaf=""> public bathroom near me</a>
<a hreaf=""> nearest public toilet to me</a>
<a hreaf=""> public bathroom near me</a>
<a hreaf=""> public bathroom near me</a>
<a hreaf=""> nearest public toilet to me</a>
<a hreaf=""> public bathroom near me</a>
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
Enter corthrthmment here...

Diary Archives