1 / 21

The Value of Information Sharing

The Value of Information Sharing. David Jarrell Director, Federal Computer Incident Response Center. Information Sharing is Key to Infrastructure Protection. An effective incident response program depends on an ongoing exchange of information

ericross
Download Presentation

The Value of Information Sharing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Value of Information Sharing David Jarrell Director, Federal Computer Incident Response Center

  2. Information Sharing is Key to Infrastructure Protection • An effective incident response program depends on an ongoing exchange of information • Automated attack methods are evolving, leading to a dramatic increase in incident reports • New vulnerabilities are found routinely and attackers quickly learn how to exploit them • Security practices and technologies that are effective at defending against attacks are also evolving

  3. What do we know today?

  4. Incident Reports are Increasing

  5. Damage is Increasing • 90% detected security breaches • 70% were serious breaches: theft of proprietary information, financial fraud, sabotage of data or networks • Average loss due to financial fraud or theft of proprietary data was over $1M • Source - Computer Security Institute/FBI Survey Attacks

  6. Vulnerable Organizations Have Many Problems • 71% reported insider attacks • 59% reported Internet as frequent source of attack • 35% reported 2 to 5 incidents • 19% reported 10 or more incidents • Source - Computer Security Institute/FBI Survey Attacks

  7. Intruders are Prepared and Organized • Their ability to effectively network and share vulnerability and attack methodologies outpaces our ability to share protection strategies and information • telephone & voice message systems • electronic mail • intruder/hacker web sites • anonymous FTP services • internet relay chat (IRC) & other chat services • strong encryption • conference (DEF CON) • publications (2600)

  8. 1988 exploiting passwords exploiting know vulnerabilities Today exploiting passwords exploiting know vulnerabilities exploiting protocol flaws examining source files for new security flaws abusing anonymous FTP, web servers, email installing sniffer programs IP source address spoofing distributed denial of service attacks widespread, automated scanning of the Internet Changes in Intrusion Profile and Attack Sophistication

  9. Vulnerabilities Reports are Increasing

  10. The Bottom Line • We can’t fight what we don’t see • Each of us may possess a critical piece of information • Information collected in isolation does not benefit government as a whole • Partial or flawed information results in flawed defenses • Cyber defense has to be a team effort

  11. What can we do today?

  12. System Administrators • Understand the requirement for tight integration of operational and security requirements • Adopt risk management practices that are taken as seriously as practices used in the development of system capabilities • Report vulnerabilities, threats, incidents and effective security practices • Use information distributed by FedCIRC, the NIPC and commercial vendors to stay abreast of emerging threats and vulnerabilities

  13. Security Professionals and Organizations • Openly discuss security concerns and issues and employ lessons learned from others in the security community • Listen to security product vendors. There is valuable information buried in the routine sales talk. • Security discussions should be a bilateral exchange. You are a source as well as a consumer of valuable information

  14. Legislation and Policy • Stay current with security relevant legislation and policies. Agency compliance may weigh heavily for future $IT

  15. What do we need for tomorrow?

  16. Predictive Analysis • Identify the need for actions • Provide the insight and context for deciding among courses of action • Provide information on the effectiveness of pursuing the selected course of action

  17. Change of View Your own backyard The world at a mouse click

  18. Operators/Groups Victims Internet Behavior Opportunities Stimuli/Motives -technical -political -economic -social Need for Information Fusion and Correlation Intrusions/Responses Threats/Counters Vulnerabilities/Fixes

  19. Strategic Analysis • Provides “Big Picture” assessment • Trend Analysis • Sector Threat assessments • Potential Damage assessments • Categorization of Attacks and Attackers • Identification of Anomalies

  20. Tactical Analysis • Linking element between macro- and micro- level analysis • Pattern analysis • Profiling • Analysis of intrusion methods • Commonality of targets • Reinforces and compliments Strategic Analytic efforts

  21. FedCIRC Contact Information • Federal Computer Incident Response Center • Phone: 888-282-0870 • Fax: 412-268-6989 • E-Mail: fedcirc@fedcirc.gov • URL: www.fedcirc.gov

More Related