1 / 14

AGENDA

AGENDA . General comments / background Point-of-departure definitions Discussion. BACKGROUND. Current USG interest Ongoing private sector interest Lack of common definitions Potential impact on national & international debate. “Active Defense” - A Proposal. Five categories

winter
Download Presentation

AGENDA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AGENDA • General comments / background • Point-of-departure definitions • Discussion

  2. BACKGROUND • Current USG interest • Ongoing private sector interest • Lack of common definitions • Potential impact on national & international debate

  3. “Active Defense” - A Proposal • Five categories • 0 - Unconscious • 1 - Involved • 2 - Interactive • 3 - Cooperative Response • 4 - Non-cooperative Response

  4. “Unconscious” • Stage 0: “Right out-of-the-box” • “The firm/system owner/operator takes no active role, either directly or through proxy, to modify, improve, enhance, or alter defensive capabilities inherent in the hardware, firmware, and/or software as delivered from the manufacturer or installer.”

  5. “Involved” • Stage 1: “Doing Business” • “The firm/system owner/operator establishes (either directly or via proxy) a baseline, tailored, day-to-day defensive posture involving only resources directly owned or operated by that owner/operator. The posture is maintained / kept current.”

  6. “Interactive” • Stage 2: “We’ve Got a Problem” • “The firm/system owner/operator applies measures, in response to warning or evidence of malfeasance, to resources directly owned or operated by them. The measures are beyond the baseline because they cause some loss of flexibility, capability, or ease of use and the owner/operator does not want/intend them to become routine business practice.”

  7. “Cooperative Response” • Stage 3: “Reach out …..” • “The firm/system owner/operator engages other organizations/firms/systems to take measures intended to attribute, mitigate, or eliminate the threat through cooperative efforts beyond the ability of the owner/operator to effect but within the lawful authority of the cooperating other party or parties.”

  8. “Non-cooperative Response” • Stage 4: “….. And Touch Someone.” • “The firm/system owner/operator takes measures, with or without cooperative support from other parties, to attribute, mitigate, or eliminate the threat by acting against an uncooperative perpetrator or against an organization/firm/system that could (if cooperative) attribute, mitigate, or eliminate the threat.”

  9. ACTIVE DEFENSE • 7 June Group consensus: “active defense” is stage 4, but it comes in ‘flavors’ • 4.1: Non-cooperative ‘intelligence’ collection • 4.2: Non-cooperative ‘cease & desist’ • 4.3: Retribution or counter-strike • 4.4: Preemptive defense

  10. What Do We Need to Know? • Are your losses and the potential risk to you at least equal to the benefit gained if you are successful? • Who is it? Or “Attribution; the $64,000 question.” • What are you contemplating doing? • What effect do you intend to achieve? • What ‘blow back’ could occur?

  11. What Do We Need to Know? • What are your personal and organizational risks? • Who can help? • Who are you going to call if you do this? • Who/what is the target? How do you know? • Who defines what active defense is for you? • Was there another way? Or “Creative Response versus Active Defense”

  12. Is There Recourse via the Government? • Group question: 85% said “No” • Perception issue. Recourse processes exist, but • They’re seen as unsatisfactory • Usually a response speed problem • Government is responding & changing • Fast enough? • Resource issues • Withheld data

  13. Best Practice is to Think Ahead • Risk Mitigation Strategy: Early, early, early • Pre-arranged ‘moves’ with your ISP • Business interruption insurance • Before-the-fact discussions with the Law • Pre-arranged responses within • Time things out • Range of response options for the CEO • Who provides the oversight of this decision?

  14. Other Points • If this hurts your head, be glad you’re not in Congress • Dark Noise: It’s there and it’s useful • People with the power of nation states • Roles of government: Can it ever get fast enough? • AGORA as mentor

More Related