1 / 26

National Infrastructure Security Co-ordination Centre - Information Sharing and Warning Network

This network aims to improve internet security by sharing threat and vulnerability information, providing help and advice, and issuing warnings and alerts. It involves CIP organizations, research centers, vendors, ISACs, and CERTs/CSIRTs.

jmargie
Download Presentation

National Infrastructure Security Co-ordination Centre - Information Sharing and Warning Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National Infrastructure Security Co-ordination Centre Peter Burnett Head of Information Sharing

  2. Background • Late 70’s – Mainframes, Minis, Micros • Languages • Evaluation & Certification, CLEFs • Compusec, Infosec • CNI/CIP Programme • CERT Management • EU & Intnl Liaison

  3. Information Sharing What is it ? • ‘Incident Reporting’, + • Intrusions, Viruses, Observation, Tipoffs • Warnings, Alerts etc, + • Education/Awareness material, + • Peer to Peer exchanges, networking, + • Threat & vulnerability information, + • Help, Advice, • To improve Internet Security

  4. Information Sharing Who is it ? • CIP Organisations (e.g. incl CESG) + • Research Centres, Groups + • (e.g. SANS, EICAR, AVIEN) • Vendors, AVS etc + • ISACs ? + • WARPs • Warning, Advice & Reporting Points

  5. Information Sharing Who is it ? • Most important of all …. • CERTs & CSIRTs • Key to the whole network • Already doing it. • RFC 2350 • The model for development.

  6. Information Sharing UK CERT Involvement • UNIRAS - Govt CERT since 1992 • Incorporated into CIP organisation • Links to US/CAN/AUS/NZ • European Govt CERTs Forum • Participation in TF/CSIRT, FIRST

  7. Information Sharing UK Initiatives • UK CERTs forum • Encouraging new CERTs in UK • Encouraging Information Sharing Bodies • SAINT, ISACs • Support for EU projects (CASES, EWIS etc) • Conceive & promote WARPs • Warning, Advice & Reporting Points • Linked to CyberHood Watch (IAAC)

  8. Information Sharing Warning, Advice & Reporting Points (WARPs) - Functions • Issue Alerts & Warnings from CERT/WARP network (and CASES) • Act as helpdesk for Advice on Internet/Infosec problems • Gather, sanitise, and share Incident Reports (with CERTs, WARPs, CASES) • Geared to SMEs, small organisations & Citizens

  9. Information Sharing Network Warnings Advice Incident Reports Problems The WARP model WARP e-COMMUNITY Trade association, interest group, local authority, industry sector

  10. Information Sharing WARPs Approach • Internet-based • Distributed (the Internet is not mainframe-based) • User-oriented ( bottom-up) • Devolved (allows specialisation) • Small is beautiful • In touch with community’s requirements • Builds trust through familiarity • Builds on successful ideas • Neighbourhood Watch • Citizens Advice Bureaux • CERTs/CSIRTs

  11. Information Sharing What do WARPs do ? • Receive warnings/advisories from WARPs/CSIRTs/CERTs and other sources, filter and assess them, and reissue them to their community where appropriate, (perhaps with increased priority or added value). • Provide Email and/or telephone advice to community members on security matters. • Solicit and record IT-security incident reports from community.

  12. Information Sharing • Share (possibly sanitised) incident reporting data with other WARPs/CERTs etc with whom a sharing agreement has been reached (formal or informal). • Contribute incident data, resources and/or expertise/knowledge to peers etc to help deal with widespread problems. • Participate in ‘networking’ and sharing of experiences and knowledge with other members of Information Sharing network • Develop close links with selected WARPs/CSIRTs/CERTs for support and collaboration on problems.

  13. Information Sharing WARPS – What DON’T they do ? • RESPONSE !!!

  14. Information Sharing Objectives • Increase Awareness, Education : • general e-environment (reduce Viruses, Worms, Trojans, DDoS etc) • Provide useful and timely warnings • Gather incident reports • Crime reports (pass on only with consent) • Statistics, Trends • Attack detection

  15. WARPs ISACs CSIRTs NISCC/ UNIRAS CIP orgs Other Sources Information Sharing Network CASES

  16. Information Sharing - CSIRTs CSIRTs & WARPs ? • What’s in it for you ? • Your country needs more CSIRTs • WARPs are cheap & simple (relatively) • CSIRTs can increase their coverage, effectiveness and influence, at little cost • You can help SMEs, Citizens & others • We can improve the general environment • It’s an incident early warning system

  17. Information Sharing - CSIRTs CSIRTs & WARPs ? • What do they need from you ? • Acceptance/tolerance • Advice on establishing themselves • A feed of advisories etc • Technical advice (if convenient) • Trust (eventually) • Someone to pass incident reports to, (with no obligation for Response)

  18. Information Sharing - CSIRTs CSIRTs & WARPs ? • Think of WARPS as: • Satellites • Sub-CSIRTs • Local branches • Nodes to help reach a wider audience • Something to fill the coverage gaps • Future CSIRTs ? • Anything you like really !

  19. CASESCyber-Awareness and Security Enhancement Structure • A Coordinating Centre to encourage dissemination of Warning & Awareness materials via National Nodes

  20. CASES National Contact Point (Node) NCP NCP NCP Dissemination Dissemination Dissemination NCP NCP

  21. CASES CASES – Transnational approach • Builds on elements already there (CSIRTs, WARPs, e-Platforms) • Provides Coordination i.e. Cooperation (not control) • Aids e-Europe Programmes (confidence) • Promotes new national nodes (where they don’t exist) • Stimulates national Dissemination network, WARPs • Complements R&D work (identifies needs) • Provides test-bed

  22. Information Sharing WARPs – A local approach • Builds on elements already there • Reflects Internet philosophy • Cooperation not control • Provides help & advice • Builds Trust • Builds Confidence • Builds an Incident Reporting network

  23. CASES National Node WARP WARP WARP WARP WARP e-COMMUNITY e-COMMUNITY e-COMMUNITY

  24. Plain Sailing from now on ?

  25. No such thing as Plain Sailing !

More Related