Security Cooperation

Security Cooperation

Senior Security Specialist, Adli Wahid and External Relations Manager, Klée Aiken with staff from Tonga CERT.

APNIC works closely with many organizations that help make the Internet more stable and secure, including:

APNIC also participates in many events in the region (for example, those held by Network Operator Groups) to share knowledge on RPKI, DNSSEC, and other network security topics to increase cybersecurity awareness and help build the skills necessary to help prevent and mitigate cyber attacks.

How you can play a role

Mitigating cybersecurity attacks is a shared responsibility. To encourage collaboration on identifying and preventing network abuse, APNIC has implemented mandatory Incident Response Team (IRT) references in the APNIC Whois Database. An IRT object contains contact information of network administrators in organizations responsible for receiving reports of network abuse activities.

Find out how you can create or update your IRT object in the APNIC Whois Database.

Network abuse and spamming

If you are investigating any network abuse activities, such as spamming or hacking, you can query the APNIC Whois Database to identify the contact details for the organization/network responsible, allowing you to contact them directly and request further assistance.

Most whois databases will reflect ‘APNIC’ in their whois registrations if the address space in question was delegated by APNIC to an organization within the Asia Pacific region. It is common for these references to be mistakenly interpreted as APNIC being the source of the abuse; this is not the case.

APNIC also has no technical ability to 'suspend' an Internet service, no mandate to withdraw address registrations, no investigative powers, nor any authority to take action as an enforcement agency. APNIC is in the same position as any other IP address or DNS registry worldwide.

Read the FAQ for more information.

CERTs in the Asia Pacific

Select relevant CERT for more details

What is a CERT/CSIRT?

Computer Emergency Response Teams (CERTs) or Computer Security Incident Response Teams (CSIRTs) are expert groups that respond to cybersecurity incidents, such as malware, DDoS, and ransomware attacks. These groups play a vital role in the maintenance of the networks that make up the Internet.

CERTs/CSIRTS include National CERTs, Enterprise CERTs/CSIRTs and Product CERTs/CSIRTs, which all have different constituencies and responsibilities.

Why are CERTs/CSIRTs important?

CERTs are widely recognized as a critical component of Internet security. CERTs/CSIRTs help mitigate the impact of security incidents by spreading awareness about new threats, sharing lessons learned from incidents, and developing incident response capabilities in organizations. They also collaborate on developing new tools and best practices to help combat cybercrime.

Without a CERT to serve it, any given community will be more vulnerable to cyber risks of all kinds and have a much harder time managing and recovering from cyber attacks.

How does APNIC engage with CERTs/CSIRTs?

APNIC supports CERT/CSIRT establishment in the Asia Pacific, encourages their development to better manage and respond to cybersecurity risks, and actively contributes to the CERT community. This includes:

CERT establishment workshops

APNIC holds workshops covering topics ranging from security controls and the threat landscape, to security response and incident analysis (including hands-on security incident exercises) to help communities develop the skills to establish their own CERT.

eLearning sessions

APNIC provides eLearning sessions on:

APNIC Academy ‘Introduction to Cybersecurity’

The Introduction to Cybersecurity course covers what CERTs are, why they are important, and how you can get involved.

Supporting CERT events though sponsorship

APNIC provides sponsorship to several events in the region, including the Sri Lanka CERT Conference, Mongolia CERT (MNSEC), CNCERT Annual Conference, and HKCERT Information Security Summit for CERT development in the region. APNIC has also supported activities and workshops organized by CNCERT/CC, BtCIRT, Sri Lanka CERT, IDSIRTII and LaoCERT.

APNIC also provides sponsorship to raise awareness and build a more mature understanding of cyber threats in the region.

In 2017, APNIC supported the development of Tonga.CERT through training and technical assistance. Tonga.CERT is the first CERT to be established in the region and following this successful effort, APNIC helped establish PNG CERT and Vanuatu CERT in 2018.

Collaboration

APNIC also collaborates with national CERTs/CSIRTs and organizations such at FIRST and APCERT on strategic initiatives such as enhancing collaboration and coordination among stakeholders. This collaboration includes:

  • The FIRST Technical Colloquiums (TCs), which have been hosted at APRICOT and APNIC conferences since 2015
    • FIRST TCs provide attendees with workshops on topics such as Network Forensics for Incident Responders and conference sessions on topics such as Incident Response Case Studies; Cyber Threat Intelligence; and Future Incident Response Strategies
  • APCERT Steering Committee meetings at APRICOT
    • Since 2015, APRICOT summits have provided a space for the APCERT Steering Committee to meet
  • Promoting each other’s events and initiatives as part of the collaborative effort to raise cybersecurity awareness in the region

APNIC has entered in Memorandums of Understanding (MoUs) with:

Video Resources

Learn how CERTs and network operators can coordinate:

Learn how to manage incidences for large-scale attacks:

Law Enforcement Agencies

APNIC General Counsel, Craig Ng, presenting at ISCR 2017 in Republic of Korea.

APNIC works with Law Enforcement Agencies (LEAs) to create a better understanding of how the Internet registry system operates, in particular, focusing on publicly available information in the APNIC Whois Database.

APNIC staff provide training to LEA stakeholders and attend various regional events related to law enforcement to build skills and understanding of whois information use.

APNIC also handles requests for information from LEAs undertaking investigations.


Handling requests for information from LEAs

APNIC, as a Regional Internet Registry (RIR), manages information relating to Internet number resources on behalf of the Internet community. In this role, APNIC maintains both publicly available and confidential information about its Members. LEAs may have an interest in obtaining such information, where it may help in carrying out their work.

In such cases, APNIC will not provide any confidential or private information to LEAs unless this disclosure is required or authorized under Australian law or an order of an Australian court or tribunal.

The information below outlines APNIC’s procedures for handling requests for information by LEAs about individual Members.

Requests for information

APNIC distinguishes between the following two types of information:

  • APNIC information that is publicly available
  • APNIC Member information that is not publicly available, including Members’ personal and organizational information and any other non-public information

APNIC Member information that is publicly available

Some information about an APNIC Member is publicly available. Such publicly available information may be any information that is accessible through the APNIC website, including information or records that are public on the APNIC Whois Database.

Upon request, an LEA will be directed to this information.

APNIC Member information that is not publicly available

APNIC does not disclose Member information that is not publicly available to LEAs unless such disclosure of information is required or authorized by or under an Australian law, or an order of an Australian court or tribunal.

LEAs and other organizations operating outside of Australia are required to follow the applicable mutual legal assistance treaties (MLAT) procedures.

A request may be served by email, fax, in person or by registered mail to APNIC’s legal address:

APNIC
6 Cordelia St
South Brisbane QLD 4101
Australia

Transparency report

Below is a count of the requests APNIC has received from LEAs in the past five years.

LEA request 2018 2017 2016 2015 2014
For publicly available information 0 9 2 2 7
For non-public information – disclosed 0 0 1* 0 0
For non-public information – not disclosed 1 0 0 0 0
For information APNIC does not have 1 0 5 5 2
For information not related to APNIC 0 0 1 0 1
Total 2 9 9 7 10

* Information disclosed with the Member’s permission

Community Relationships

APNIC works closely with many organizations to raise awareness of computer security incidents. These include:

  • Forum of Incident Response and Security Teams (FIRST) – sharing training resources and working together on events including Technical Symposiums held at APNIC conferences. APNIC’s Adli Wahid is currently serving on the FIRST Board.
  • APCERT (Asia Pacific Computer Emergency Response Team) - on skills development and security outreach. APNIC has also been supporting APCERT member activities such as conferences and training in the region
  • Team Cymru – on capacity development, in particular, related to CSIRT support and mitigating cybercrime
  • ShadowServer Foundation – on mitigating botnets and malware propagation
  • INTERPOL Global Complex for Innovation – capacity development for regional LEAs

Government Policymakers

Government policymakers are increasingly engaging with the challenges presented by cybersecurity and a well-versed understanding of the Internet’s technical operations are important to produce informed policy decisions. It is vital that decision makers understand the technical challenges faced by Internet operators and the impact of legislative decisions on Internet infrastructure.

APNIC engages with governments and policymakers across the region and globally to help increase understanding of Internet operations, dispel misconceptions, and encourage engagement with the wider multistakeholder community in the interest of facilitating well-informed decision making.

APNIC cooperation with policy makers on security issues include:

  • APNIC staff regularly present updates to the APEC TEL Security and Prosperity Steering Group (SPSG), ASEAN Regional Forum, and the APT Cybersecurity Forum
  • APNIC engages with the public safety community at the ICANN GAC Public Safety Working Group and through training for LEAs and judiciary in partnership with INTERPOL and others
  • APNIC staff participate in Internet security-related capacity building for policymakers through the Third Country Training Program (TCTP) on Cybersecurity for ASEAN countries, UNIDIR, Global Forum on Cyber Expertise (GFCE), and general security engagement with the wider community
  • Multistakeholder discussion on policy-related security issues also feature strongly in APNIC’s efforts at the IGF, APrIGF and during the Cooperation SIG at APNIC conferences.