1 / 20

Information Sharing within the CNI, and Beyond

National Infrastructure Security Coordination Centre. Information Sharing within the CNI, and Beyond. 8 th March 2004 . Peter Burnett Head of Information Sharing peterb@niscc.gov.uk . Where does Information Sharing fit in NISCC ?. Critical National Infrastructure. Investigating .

sen
Download Presentation

Information Sharing within the CNI, and Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. National Infrastructure Security Coordination Centre Information Sharingwithin the CNI, and Beyond 8th March 2004 Peter Burnett Head of Information Sharing peterb@niscc.gov.uk

  2. Where does Information Sharing fit in NISCC ? Critical National Infrastructure Investigating Promoting Vulnerabilities INFORMATION SHARING and Assessing Protection and Exploits the threat of eA Assurance Responding to incidents Research and Development/ Policy/ Mapping

  3. Information Sharing What is it ? • Sharing Information about Incidents • With NISCC • With each other • Sharing Real incidents and experiences • Informing Assessment of the Threat • Raising Awareness • Warning each other • Sharing Advice & Good Practice • Cooperation, Collaboration

  4. Information Sharing Why is it necessary ? • There is a need for all connected users to protect their own systems and data, and to avoid unwittingly attacking others. • This requires greater Awareness and Education amongst all users. • Different communities require different types and levels of advice using appropriate language. • Delivering relevant messages to small communities is much more effective than large-scale alerting.

  5. Information Sharing Why is NISCC doing it ? • UK lead on IA for Government & CNI • More Reporting = better Warning • Efficient Trusted channel for issuing Alerts etc • Better Awareness & Protection Generally • Everyone benefits, including the CNI

  6. Information Sharing How to do it • ISACs (US) • CERTs • Information Exchanges (CNI) • WARPs (Local Govt, SMEs, citizens etc)

  7. Information Sharing CERTs • UK CERTs Forum • EGC • CWN, FIRST etc. • Limited in number, scope & reach.

  8. NISCC – Information Sharing Information Exchange (IE) An information sharing mechanism established within a sub-sector to contribute to the protection of the UK’s Critical National Infrastructure (CNI) Regular Face to face sharing Trust & confidentiality Supplementary communication links IE ‘Product’

  9. NISCC – Information Sharing THE WARP • Issues Alerts &Warnings • Broker for Advice & best practice • Gathers, sanitises, and shares Incident Reports • Warning, Advice & Reporting Point

  10. NISCC – Information Sharing Why WARPs ? • WARPs are small, focused, cheap, semi-technical • They can provide a filtered warning service • They can work for citizen & SME groups • They can work at various levels • They can reproduce to fill the gaps

  11. Open Sources, CERTs Warnings Advice Filter Prioritise Supplement Add Value Problems A Shared Solution WARP WARP Incident Reports Good Practice Solutions Skills e-COMMUNITY e-COMMUNITY Experience, Expertise, Solutions

  12. London Borough B London Borough C etc. London Borough A Encrypted links Encrypted links Authorised users in each Borough Supported by SOCITM, OeE & NISCC Future ‘LA’ WARPs 33 London Boroughs LondonConnects WARP Secure system with fallback contingency CERTs NISCC 1 Admin. FTE Bugtraq Encrypted link 1 Technical FTE CSIRTs UNIRAS Sans Other WARP for London Boroughs www.lcwarp.org

  13. NISCC – Information Sharing WARPs • London WARP pilot • National ‘Local Authorities’ WARP • Secure Kent (Local Government and business) • Chamber of Commerce (SMEs) • Other groups interested • Some large organisations

  14. NISCC – Information Sharing CERT – WARP collaboration • Information Sharing Workshop 2003 • ‘Adopt a WARP’ proposal • ‘Twinning’ between WARPs & others • WARPs as satellites of CERTs • Extend CERT influence • Share burdens

  15. NISCC – Information Sharing WARPs – The Way Forward • Support several pilots • Learn from experience • Produce ‘tools’ to assist new WARPs • Link WARPs to each other and to CERTs • Attract major sponsorship • Launch WARP Toolbox • Continual Improvement

  16. The WARP TOOLBOX • Starts with the Business Case • Based on 3 core services: • Reporting and Trusted Sharing Service • Good Practice & Advice Brokering Service • Filtered Warning & Alerting Service • Sample security policies & templates • Guidelines and whitepapers • Application software

  17. Seven stages in Building a WARP Business case WARP toolbox will provide guidance and tools for all stages Service Definition Service Development Service Provision Service Operation Build - budget, team, infrastructure, management and administration Marketing, raise awareness, build and maintain membership

  18. WARP Toolbox - Stage 1 - Business case • Backgroundinformation on building Business cases for Information Security; • Choosing the WARP community, and helping identify a WARP champion; • Why should I build a WARP should be read by those organisations who want to know the benefits of setting up and managing a WARP; • Resource/cost template, in setting up a WARP against each of the seven stages described in the toolbox; • Indicative costings, with stated assumptions on the WARP implementation; • Funding models for both set-up and running costs. • How to attract sponsorship and partners • Business case headings, and associated comments to help potential members build the case for information sharing; • WARP services and benefits, to help argue the ROI for membership; • Engaging senior management, describes an approach which may help potential members engage with senior management.

  19. WARPs The Vision • WARPs will become endemic across the UK, and beyond • Self-replicating • Free-standing • Self-regulating • Cooperative • Contributing • To their members • To the CNI • To each other • To NISCC

More Related