1 / 20

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI). Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int. NATO C3 Agency. Mission: Enable NATO’s success through the unbiased provision of comprehensive C4ISR capabilities

najwa
Download Presentation

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc DandurandNATO C3 Agencyluc.dandurand@nc3a.nato.int Addressing security challenges on a global scale

  2. NATO C3 Agency • Mission: • Enable NATO’s success through the unbiased provision of comprehensive C4ISR capabilities • NC3A mainly provides acquisition and scientific support to NATO and NATO Nations • Key player at helping Nations achieve interoperability • CDXI is sponsored by NATO Allied Command Transformation (ACT, Norfolk, VA) • http://www.nc3a.nato.int/ Addressing security challenges on a global scale

  3. What is the CDXI? • Ultimately, the goal of CDXI is to • transport cyber defence data between organisations • through a resilient, global infrastructure • structure the data for machine processing • feed it directly into automated applications • provide assurance of its origin and quality • provide access controls for confidentiality • provide tools to collaborate on improving the data • enable commercial exploitation Addressing security challenges on a global scale

  4. Cyber Defence Data • Reference Information • Vulnerabilities • Software (Applications and Operating Systems) • Hardware • Malware • Patches and Fixes • Verification Tests (e.g. IDS signatures & VA tests) • Protocol specifications • Certifications Addressing security challenges on a global scale

  5. Cyber Defence Data • Operational Information • Events • Incidents • IP addresses • Implicated parties Addressing security challenges on a global scale

  6. What problems does it solve? • Beyond the basic need to exchange data • Lots of data sources saying different things • Errors & Discrepancies • Different focus and taxonomies • → No simple way to fix known errors and collaborate • Limited ability to automate CD applications • Importing from the Web is often “manual” • Limited quality assurance → THIS IS A MAJOR PROBLEM • No resilience → Need a local copy of all data! • No automated implementation/enforcement of sharing policies Addressing security challenges on a global scale

  7. Examples of Discrepancies CVE 2010-2941 18 Nov 2010 Possibly execute arbitrary code via a crafted packet Addressing security challenges on a global scale

  8. CVE 2010-2941 Addressing security challenges on a global scale

  9. CVE 2010-2941 Addressing security challenges on a global scale

  10. CVE 2010-2941 […] Addressing security challenges on a global scale

  11. CVE 2010-2941 ? […] ? Addressing security challenges on a global scale

  12. CVE 2010-2941 […] Addressing security challenges on a global scale

  13. How do we fix this? • “Support dissension to reach consensus” • Easily modify the data and send back to community • “Multiple truths” co-exist until further research uncovers the “ultimate truth” • Reject or block erroneous data coming into own automated systems • Custom Quality Assurance Processes Addressing security challenges on a global scale

  14. Structured Cyber Defence Data • Strategy of CDXI is currently based on • Pure enumerations for the specified topics • Single identifier for each element (e.g. “CVE-ID”) • Used to create all links to other data • Agile Data Model • User-defined taxonomies • User-defined relationships • CDXI could implement most, if not all, standards in CYBEX X.1500. Addressing security challenges on a global scale

  15. Confidentiality • Limited sharing is a reality • User-based and role-based access controls • Organisational sharing policies • Can limit user actions • Can automate sharing • Multiple security labels and mappings • Instances of CDXI exist at every security level (Unclassified, Secret and Top Secret) Addressing security challenges on a global scale

  16. Commercial Exploitation • Required since Industry has lots of data,but more importantly, the resources to refine it • Proposed strategy is to encrypt records • Sell keys to decrypt the data through contract • Industry can resell • Tools that use the CDXI • Content • Quality assurance of content • Data-mining Addressing security challenges on a global scale

  17. CDXI Architecture Addressing security challenges on a global scale

  18. Relation to CYBEX • Similar to CYBEX in that use/acquisition of the data is out of scope • Implements the following CYBEX functions • Structuring cybersecurity information for exchange purposes • Identifying and discovering cybersecurity information and entities • Establishment of trust and policy agreement between exchanging entities • Providing assured cybersecurity information exchange • Adds support for • Dissension to reach consensus, collaboration mechanisms • Custom quality assurance processes • Commercial exploitation • Provides Resilience • CDXI tackles the problem from a prototype implementation point-of-view, rather than the CYBEX standards-based approach Addressing security challenges on a global scale

  19. CDXI Way Ahead • Concept, high-level requirements and proposed architecture will be completed Q1 2011 • We plan to build and test a prototype in 2011 • We plan to continue prototype development/testing in 2012 and beyond • We hope for: Implementation by Industry? • Concept valid for any knowledge centric community! For further information: luc.dandurand@nc3a.nato.int Addressing security challenges on a global scale

More Related