Security Cooperation
Security Cooperation
APNIC works closely with many organizations that help make the Internet more stable and secure, including:
- Computer Emergency Response Teams (CERTS) and Computer Security Incident Response Teams (CSIRTS), for example, APCERT
- Community security associations
- Law Enforcement Agencies (LEAs), for example, INTERPOL
- Policy makers, for example, APEC Tel, APrIGF, IGF
- APNIC computer security incident partners
APNIC also participates in many events in the region (for example, those held by Network Operator Groups) to share knowledge on RPKI, DNSSEC, and other network security topics to increase cybersecurity awareness and help build the skills necessary to help prevent and mitigate cyber attacks.
How you can play a role
Mitigating cybersecurity attacks is a shared responsibility. To encourage collaboration on identifying and preventing network abuse, APNIC has implemented mandatory Incident Response Team (IRT) references in the APNIC Whois Database. An IRT object contains contact information of network administrators in organizations responsible for receiving reports of network abuse activities.
Find out how you can create or update your IRT object in the APNIC Whois Database.
Network abuse and spamming
If you are investigating any network abuse activities, such as spamming or hacking, you can query the APNIC Whois Database to identify the contact details for the organization/network responsible, allowing you to contact them directly and request further assistance.
Most whois databases will reflect ‘APNIC’ in their whois registrations if the address space in question was delegated by APNIC to an organization within the Asia Pacific region. It is common for these references to be mistakenly interpreted as APNIC being the source of the abuse; this is not the case.
APNIC also has no technical ability to ‘suspend’ an Internet service, no mandate to withdraw address registrations, no investigative powers, nor any authority to take action as an enforcement agency. APNIC is in the same position as any other IP address or DNS registry worldwide.
Read the FAQ for more information.
CERTs in the Asia Pacific
Select relevant CERT for more details
What is a CERT/CSIRT?
Computer Emergency Response Teams (CERTs) or Computer Security Incident Response Teams (CSIRTs) are expert groups that respond to cybersecurity incidents, such as malware, DDoS, and ransomware attacks. These groups play a vital role in the maintenance of the networks that make up the Internet.
CERTs/CSIRTS include National CERTs, Enterprise CERTs/CSIRTs and Product CERTs/CSIRTs, which all have different constituencies and responsibilities.
Why are CERTs/CSIRTs important?
CERTs are widely recognized as a critical component of Internet security. CERTs/CSIRTs help mitigate the impact of security incidents by spreading awareness about new threats, sharing lessons learned from incidents, and developing incident response capabilities in organizations. They also collaborate on developing new tools and best practices to help combat cybercrime.
Without a CERT to serve it, any given community will be more vulnerable to cyber risks of all kinds and have a much harder time managing and recovering from cyber attacks.
How does APNIC engage with CERTs/CSIRTs?
APNIC supports CERT/CSIRT establishment in the Asia Pacific, encourages their development to better manage and respond to cybersecurity risks, and actively contributes to the CERT community. This includes:
CERT establishment workshops
APNIC holds workshops covering topics ranging from security controls and the threat landscape, to security response and incident analysis (including hands-on security incident exercises) to help communities develop the skills to establish their own CERT.
eLearning sessions
APNIC provides eLearning sessions on:
- ‘Introduction to Security Incident Response Teams’, which focuses on the basics of security incidents response. Participants will learn about the common types of security incidents and best practices for setting up security incident response teams.
- ‘Network Security Fundamentals’, which focuses on network device and infrastructure security in different layers, as well as common network attacks with tools and tips to mitigate them.
APNIC Academy ‘Introduction to Cybersecurity’
The Introduction to Cybersecurity course covers what CERTs are, why they are important, and how you can get involved.
Supporting CERT events though sponsorship
APNIC provides sponsorship to several events in the region, including the Sri Lanka CERT Conference, Mongolia CERT (MNSEC), CNCERT Annual Conference, and HKCERT Information Security Summit for CERT development in the region. APNIC has also supported activities and workshops organized by CNCERT/CC, BtCIRT, Sri Lanka CERT, IDSIRTII and LaoCERT.
APNIC also provides sponsorship to raise awareness and build a more mature understanding of cyber threats in the region.
In 2017, APNIC supported the development of Tonga.CERT through training and technical assistance. Tonga.CERT is the first CERT to be established in the region and following this successful effort, APNIC helped establish PNG CERT and Vanuatu CERT in 2018.
Collaboration
APNIC also collaborates with national CERTs/CSIRTs and organizations such at FIRST and APCERT on strategic initiatives such as enhancing collaboration and coordination among stakeholders. This collaboration includes:
- The FIRST Technical Colloquiums (TCs), which have been hosted at APRICOT and APNIC conferences since 2015
- FIRST TCs provide attendees with workshops on topics such as Network Forensics for Incident Responders and conference sessions on topics such as Incident Response Case Studies; Cyber Threat Intelligence; and Future Incident Response Strategies
- APCERT Steering Committee meetings at APRICOT
- Since 2015, APRICOT summits have provided a space for the APCERT Steering Committee to meet
- Promoting each other’s events and initiatives as part of the collaborative effort to raise cybersecurity awareness in the region
APNIC has entered in Memorandums of Understanding (MoUs) with:
Video Resources
Learn how CERTs and network operators can coordinate:
Learn how to manage incidences for large-scale attacks:
Law Enforcement Agencies
APNIC works with Law Enforcement Agencies (LEAs) to create a better understanding of how the Internet registry system operates, in particular, focusing on publicly available information in the APNIC Whois Database.
APNIC staff provide training to LEA stakeholders and attend various regional events related to law enforcement to build skills and understanding of whois information use.
APNIC also handles requests for information from LEAs undertaking investigations.
Handling requests for information from LEAs
APNIC, as a Regional Internet Registry (RIR), manages information relating to Internet number resources on behalf of the Internet community. In this role, APNIC maintains both publicly available and confidential information about its Members. LEAs may have an interest in obtaining such information, where it may help in carrying out their work.
In such cases, APNIC will not provide any confidential or private information to LEAs unless this disclosure is required or authorized under Australian law or an order of an Australian court or tribunal.
The information below outlines APNIC’s procedures for handling requests for information by LEAs about individual Members.
Requests for information
APNIC distinguishes between the following two types of information:
- APNIC information that is publicly available
- APNIC Member information that is not publicly available, including Members’ personal and organizational information and any other non-public information
APNIC Member information that is publicly available
Some information about an APNIC Member is publicly available. Such publicly available information may be any information that is accessible through the APNIC website, including information or records that are public on the APNIC Whois Database.
Upon request, an LEA will be directed to this information.
APNIC Member information that is not publicly available
APNIC does not disclose Member information that is not publicly available to LEAs unless such disclosure of information is required or authorized by or under an Australian law, or an order of an Australian court or tribunal.
LEAs and other organizations operating outside of Australia are required to follow the applicable mutual legal assistance treaties (MLAT) procedures.
A request may be served by email, fax, in person or by registered mail to APNIC’s legal address:
APNIC
6 Cordelia St
South Brisbane QLD 4101
Australia
Transparency report
Below is a count of the requests APNIC has received from LEAs in the past seven years.
| LEA request | 2020 | 2019 | 2018 | 2017 | 2016 | 2015 | 2014 |
|---|---|---|---|---|---|---|---|
| For publicly available information | 3 | 7 | 2 | 9 | 2 | 2 | 7 |
| For non-public information – disclosed | 0 | 0 | 0 | 0 | 1* | 0 | 0 |
| For non-public information – not disclosed | 0 | 0 | 2 | 0 | 0 | 0 | 0 |
| For information APNIC does not have | 0 | 5 | 1 | 0 | 5 | 5 | 2 |
| For information not related to APNIC | 0 | 1 | 1 | 0 | 1 | 0 | 1 |
| Total | 3 | 13 | 6 | 9 | 9 | 7 | 10 |
* Information disclosed with the Member’s permission
Community Relationships
APNIC works closely with many organizations to raise awareness of computer security incidents. These include:
- Forum of Incident Response and Security Teams (FIRST) – sharing training resources and working together on events including Technical Symposiums held at APNIC conferences. APNIC’s Adli Wahid is currently serving on the FIRST Board.
- APCERT (Asia Pacific Computer Emergency Response Team) – on skills development and security outreach. APNIC has also been supporting APCERT member activities such as conferences and training in the region
- Team Cymru – on capacity development, in particular, related to CSIRT support and mitigating cybercrime
- ShadowServer Foundation – on mitigating botnets and malware propagation
- INTERPOL Global Complex for Innovation – capacity development for regional LEAs
Government Policymakers
Government policymakers are increasingly engaging with the challenges presented by cybersecurity and a well-versed understanding of the Internet’s technical operations are important to produce informed policy decisions. It is vital that decision makers understand the technical challenges faced by Internet operators and the impact of legislative decisions on Internet infrastructure.
APNIC engages with governments and policymakers across the region and globally to help increase understanding of Internet operations, dispel misconceptions, and encourage engagement with the wider multistakeholder community in the interest of facilitating well-informed decision making.
APNIC cooperation with policy makers on security issues include:
- APNIC staff regularly present updates to the APEC TEL Security and Prosperity Steering Group (SPSG), ASEAN Regional Forum, and the APT Cybersecurity Forum
- APNIC engages with the public safety community at the ICANN GAC Public Safety Working Group and through training for LEAs and judiciary in partnership with INTERPOL and others
- APNIC staff participate in Internet security-related capacity building for policymakers through the Third Country Training Program (TCTP) on Cybersecurity for ASEAN countries, UNIDIR, Global Forum on Cyber Expertise (GFCE), and general security engagement with the wider community
- Multistakeholder discussion on policy-related security issues also feature strongly in APNIC’s efforts at the IGF, APrIGF and during the Cooperation SIG at APNIC conferences.