210 likes | 247 Views
The Value of Information Sharing. David Jarrell Director, Federal Computer Incident Response Center. Information Sharing is Key to Infrastructure Protection. An effective incident response program depends on an ongoing exchange of information
E N D
The Value of Information Sharing David Jarrell Director, Federal Computer Incident Response Center
Information Sharing is Key to Infrastructure Protection • An effective incident response program depends on an ongoing exchange of information • Automated attack methods are evolving, leading to a dramatic increase in incident reports • New vulnerabilities are found routinely and attackers quickly learn how to exploit them • Security practices and technologies that are effective at defending against attacks are also evolving
Damage is Increasing • 90% detected security breaches • 70% were serious breaches: theft of proprietary information, financial fraud, sabotage of data or networks • Average loss due to financial fraud or theft of proprietary data was over $1M • Source - Computer Security Institute/FBI Survey Attacks
Vulnerable Organizations Have Many Problems • 71% reported insider attacks • 59% reported Internet as frequent source of attack • 35% reported 2 to 5 incidents • 19% reported 10 or more incidents • Source - Computer Security Institute/FBI Survey Attacks
Intruders are Prepared and Organized • Their ability to effectively network and share vulnerability and attack methodologies outpaces our ability to share protection strategies and information • telephone & voice message systems • electronic mail • intruder/hacker web sites • anonymous FTP services • internet relay chat (IRC) & other chat services • strong encryption • conference (DEF CON) • publications (2600)
1988 exploiting passwords exploiting know vulnerabilities Today exploiting passwords exploiting know vulnerabilities exploiting protocol flaws examining source files for new security flaws abusing anonymous FTP, web servers, email installing sniffer programs IP source address spoofing distributed denial of service attacks widespread, automated scanning of the Internet Changes in Intrusion Profile and Attack Sophistication
The Bottom Line • We can’t fight what we don’t see • Each of us may possess a critical piece of information • Information collected in isolation does not benefit government as a whole • Partial or flawed information results in flawed defenses • Cyber defense has to be a team effort
System Administrators • Understand the requirement for tight integration of operational and security requirements • Adopt risk management practices that are taken as seriously as practices used in the development of system capabilities • Report vulnerabilities, threats, incidents and effective security practices • Use information distributed by FedCIRC, the NIPC and commercial vendors to stay abreast of emerging threats and vulnerabilities
Security Professionals and Organizations • Openly discuss security concerns and issues and employ lessons learned from others in the security community • Listen to security product vendors. There is valuable information buried in the routine sales talk. • Security discussions should be a bilateral exchange. You are a source as well as a consumer of valuable information
Legislation and Policy • Stay current with security relevant legislation and policies. Agency compliance may weigh heavily for future $IT
Predictive Analysis • Identify the need for actions • Provide the insight and context for deciding among courses of action • Provide information on the effectiveness of pursuing the selected course of action
Change of View Your own backyard The world at a mouse click
Operators/Groups Victims Internet Behavior Opportunities Stimuli/Motives -technical -political -economic -social Need for Information Fusion and Correlation Intrusions/Responses Threats/Counters Vulnerabilities/Fixes
Strategic Analysis • Provides “Big Picture” assessment • Trend Analysis • Sector Threat assessments • Potential Damage assessments • Categorization of Attacks and Attackers • Identification of Anomalies
Tactical Analysis • Linking element between macro- and micro- level analysis • Pattern analysis • Profiling • Analysis of intrusion methods • Commonality of targets • Reinforces and compliments Strategic Analytic efforts
FedCIRC Contact Information • Federal Computer Incident Response Center • Phone: 888-282-0870 • Fax: 412-268-6989 • E-Mail: fedcirc@fedcirc.gov • URL: www.fedcirc.gov