cyber security information sharing
play

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber - PowerPoint PPT Presentation

Mar 11, 2023 •228 likes •666 views

Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED Cyber Security In NATO NATO in a nutshell: Collective defence Interoperable

  1. Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED

  2. Cyber Security In NATO • NATO in a nutshell: – Collective defence – Interoperable capabilities – Policies for sharing information – NATO has its own systems to protect – NATO relies on National systems for its missions and operations • NATO’s 2010 Strategic concept – Cyber security is a key concern • NATO Computer Incident Response Capability (NCIRC) – Coordination Centre (CC) – Technical Centre (TC) • Annual Cyber Coalition Exercise • Many ongoing initiatives on cyber security information sharing NATO UNCLASSIFIED 2 20 March 2014

  3. Cyber Security Data Overload 02/12/14 NATO UNCLASSIFIED 3

  4. Drivers for Information Sharing • Strategic drivers – CCDCOE’s National Cyber Security Strategy Manual – NATO’s new Cyber Defence Policy – U.S. Executive Order on Improving Critical Infrastructure Cybersecurity – UK’s Cyber Security Information Sharing Partnership • Operational drivers – Common systems, threats and vulnerabilities – Trusted communities – Too few qualified personnel • Enablers – Standardization efforts – Commercial and open source software NATO UNCLASSIFIED 4 20 March 2014

  5. Standardization Efforts • Standards: – US Govt / MITRE's “Making Security Measurable” program – ITU-T’s X.1500 CYBEX – IETF’s Incident Object Description and Exchange Format (IODEF) and Real- time Inter-network Defence (RID) – Vendor Formats • Proprietary or Open source • Most are interoperable! NATO UNCLASSIFIED 5 20 March 2014

  6. Existing Capabilities • Platforms / Systems / Services / Organizations: – FS-ISAC Avalanche / Soltra Edge – Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA) – Microsoft’s Interflow – Collective Intelligence Framework (CIF) – ITU’s IMPACT – NATO’s Malware Information Sharing Platform (MISP) • Many efforts in other domains (e.g. bioinformatics) NATO UNCLASSIFIED 6 20 March 2014

  7. Challenges ! • Policy and legal issues • Many data sources available • Timeliness requirement competes with quality requirement • Multi-lateral, differentiated sharing is a requirement • Sensitive data requires dissemination controls • Current processes and technologies do not support well burden-sharing collaboration and outsourcing • Managing uncertainly • No direct financial benefit Ongoing efgorts must be continued, but they must also be complemented ! NATO UNCLASSIFIED 7 20 March 2014

  8. Addressing the Challenges… • Previous efforts have looked the formats for expressing the information to be exchanged and the transport mechanism… Shouldn’t we aim for a • In cyber security, there are many challenges in the management and exploitation of exchanged common platform? data… • In cyber security, these challenges are mostly common to all… NATO UNCLASSIFIED 8 20 March 2014

  9. Manage, Share, Automate • Collaboration is key • Timely, high-quality information is critical • Well-defined exchange policies • Wide-scale sharing 02/12/14 NATO UNCLASSIFIED 9

  10. CDXI Capability Definition Document • Identifies 11 High-Level Requirements – Both necessary and sufficient • Is publically available on request 02/12/14 NATO UNCLASSIFIED 10

  11. High-Level Requirements (HLRs) HLR #1: Provide a fmexible, HLR #2: Provide for the controlled scalable, secure and evolution decentralized infrastructure of the syntax and semantics of multiple based on freely available independent data models and their correlation software HLR #3: Securely store both shared and private data HLR #5: Enable the exchange of data across non-connected domains HLR #4: Provide for customizable, controlled multilateral sharing HLR #6: Provide human and machine HLR #7: Provide collaboration tools interfaces that enable burden sharing on the generation, refjnement, and vetting of HLR #8: Provide customizable data quality-control processes HLR #9: Expose dissension to reach consensus HLR #10: Support continuous availability of data HLR #11: Enable commercial activities NATO UNCLASSIFIED 11 20 March 2014

  12. Deployment and integration Organisation A Organisation B User facing User facing CS CS CDX CS CS CDX CS CS CS CS CDX CS CS CDX CS CS Application Application App App I UI App App I UI App App App App I UI App App I UI App App s s Integration Integration Integration Integration A Organisation B A Organisation B CDXI CDXI CDXI CDXI Core Services Core Services Core Services Core Services Services / (authentication, data (authentication, data Services / (authentication, data (authentication, data Infrastructu storage) storage) Infrastructu storage) storage) re re Networking Networking Networking Networking CDXI Communication Channel Internet 02/12/14 NATO UNCLASSIFIED 12

  13. Information Exchange Policies • Created at any organizational level • For a data set or individual item • Approved by legal departments 1. Scope • Machine-readable encoding 2. Participants 3. Joining rules 4. Data quality/confidence 5. Handling requirements 6. Exchange mechanisms 7. Intellectual property 8. Retention … 9. Anonymization NATO UNCLASSIFIED

  14. Knowledge markets KM 1 KM 2 Z A B Z A B Data Data Ofgerin Ofgerin g 1 g 2 Publish Publish Subscribe Organisation Organisation Organisation Organisation A C A C Subscribe Organisation Organisation B B 02/12/14 NATO UNCLASSIFIED 14

  15. Knowledge markets KM 1 KM 2 Z A B Z A B Data Data Data Ofgerin Ofgerin Ofgerin g 2 g 2 g 1 Publish Publish Subscribe Organisation Organisation Organisation Organisation A C A C Subscribe Organisation Organisation B B 02/12/14 NATO UNCLASSIFIED 15

  16. Ontologies • Multiple, overlapping, evolving ontologies • Aiming for one ontology is impractical • Evolving size, scope, and depth of ontologies must be supported 02/12/14 NATO UNCLASSIFIED 16

  17. Agile data model Producer’s Initial Data Producer’s Improved Ofgering Ofgering Data Sync Version Version Control Control Consumers Emerging Market! Org A Org B Org C Org Z Org A Org B Org C Org Z Intrusion Vulnerability Risk Policy Intrusion Vulnerability Risk Policy APT Detection APT Detection Detection Assessment Assessment Compliance Detection Assessment Assessment Compliance CD Applications: Business Logic for Difgerent Uses 02/12/14 NATO UNCLASSIFIED 17

  18. Enabling automation CDXI at Organisation A Alerting Alerting API API System System Data QCP Ofgerin 1 Semi- Semi- g 1 Automated Automated Correlation API Correlation API Response Response Data System System Ofgerin g 2 QCP Fully Fully 2 Automated Automated API API Response Response System System CDXI at Vendor CDXI at Partner QCP QCP 2 2 02/12/14 NATO UNCLASSIFIED 18

  19. Other features Anonymisation • Attribute sanitation Management of uncertainty • Attribution, attacker motivation, etc • Multiversioned DBs 02/12/14 NATO UNCLASSIFIED 19

  20. Conclusion • There is a need for a knowledge management platform specifically designed to address the information sharing issues of the Cyber Security domain • NATO is seeking feedback • CDXI implementation will be considered by NATO Nations in 2015 • Possible collaboration on refining use cases: – NCIA: Manisha Parmar (Manisha.Parmar@ncia.nato.int) 02/12/14 NATO UNCLASSIFIED 20

  21. Questions 02/12/14 NATO UNCLASSIFIED 21

  22. Cyber Security Information Sharing Oscar Serrano NCI Agency Cyber Security Service Line DeepSec 2014, Vienna, 21 November 2014 NATO UNCLASSIFIED 1

  23. Cyber Security In NATO • NATO in a nutshell: – Collective defence – Interoperable capabilities – Policies for sharing information – NATO has its own systems to protect – NATO relies on National systems for its missions and operations • NATO’s 2010 Strategic concept – Cyber security is a key concern • NATO Computer Incident Response Capability (NCIRC) – Coordination Centre (CC) – Technical Centre (TC) • Annual Cyber Coalition Exercise • Many ongoing initiatives on cyber security information sharing 20 March 2014 NATO UNCLASSIFIED 2 2

  24. Cyber Security Data Overload 02/12/14 NATO UNCLASSIFIED 3 we are overloaded with data. governments that need to coordinate on cyber defense information industry sectors working to protect themselves from cybercrime threats We have law enforcement following criminal networks And we have large military organizations that must maintain a strong cyber defense posture. while we gather so much data, we still wonder what we are missing, and we find we want more. The irony is that there is too much data but there is not enough data at the same time. 3

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security

Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security

Cyber Security and Smart Infrastructure: Research Dr. Stacy Prowell Chief Cyber Security Research Scientist Oak Ridge National Laboratory Main Points Information Sharing Enable discovering and sharing information about real threats to

216 views • 6 slides
UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

UTSA Information Sharing and Coordination Initiatives collaboration and coordination to

Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ram Krishnan, Ravi Sandhu Institute for Cyber Security University of Texas at San

219 views • 17 slides
UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber

UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber

UTSA Hierarchical Secure Information and Resource Sharing in OpenStack Community Cloud Cyber Incident Response An Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu, Bo Tang Institute for Cyber Security

522 views • 17 slides
UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident

UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident

UTSA Secure Information and Resource Sharing in Cloud Infrastructure as a Service Cyber Incident Response Models for Information and Resource Sharing Amy(Yun) Zhang, Ravi Sandhu Institute for Cyber Security University of Texas at San

704 views • 42 slides
UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident Response A Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu Institute for Cyber Security University of Texas

578 views • 19 slides
UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in Azure Cloud IaaS Cyber Incident Response Models for Information and Resource Sharing Yun Zhang, Farhan Patwa , Ravi Sandhu Institute for Cyber Security University of Texas at

711 views • 20 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Cyber Security & Intelligence Sharing in Our Schools By Steve Palmer & Anthony

Cyber Security & Intelligence Sharing in Our Schools By Steve Palmer & Anthony

Cyber Security & Intelligence Sharing in Our Schools By Steve Palmer & Anthony Aukland Todays Topics Digital Citizenship EduTech O365 Security Pages Physical School Access Intelligence Sharing & North Dakota

828 views • 31 slides
Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security

Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security

Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security Security Insurance: Security Insurance: Insurance: Insurance: A Montana Perspective A Montana Perspective Presented by: d b Brett E. Dahl,

197 views • 8 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
AFIIA 2017 Cyber Attack Demonstration Overview of Information Security Information Security

AFIIA 2017 Cyber Attack Demonstration Overview of Information Security Information Security

5/30/2017 Presentation Outline Cyber Security - Safeguarding your IT Environment Cyber Attack Demonstration Overview of Information Security Situational Analysis of Current Attacks Wednesday, May 17, 2017 @ AFIIA Conference, 2017

498 views • 5 slides
Cyber Information Security Solution, Data Governance within the Transportation Industry Speakers

Cyber Information Security Solution, Data Governance within the Transportation Industry Speakers

Cyber Information Security Solution, Data Governance within the Transportation Industry Speakers Eric Toler Nicole Cliff David Allen Jeff Hill Sam Blaney Executive Director, Cyber Security State Chief CIO, Information Group Vice

347 views • 12 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
Upcoming AIA/ISA Webinars Information Sharing Modern Technology and Legal Structures

Upcoming AIA/ISA Webinars Information Sharing Modern Technology and Legal Structures

Aero Webinar Series September 24, 2009 The Financial Impact of Cyber Risk 50 Questions Every CFO Should Ask The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask Page 1 A publication of the American National Standards

711 views • 21 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
iRODS UGM2017 Welcome Carolien Besselink CIO Utrecht University Information and Technology

iRODS UGM2017 Welcome Carolien Besselink CIO Utrecht University Information and Technology

iRODS UGM2017 Welcome Carolien Besselink CIO Utrecht University Information and Technology Services High-quality research data infrastructure is a precondition for excellent research Scientific integrity and access to data demand quality

210 views • 5 slides
Team Optimal Control of Coupled Subsystems with Mean-Field Sharing Jalal Arabneydi and Aditya

Team Optimal Control of Coupled Subsystems with Mean-Field Sharing Jalal Arabneydi and Aditya

Team Optimal Control of Coupled Subsystems with Mean-Field Sharing Jalal Arabneydi and Aditya Mahajan Electrical and Computer Engineering Department, McGill University Email: jalal.arabneydi@mail.mcgill.ca Date: December 15th, 2014 (J.

382 views • 23 slides
MapReduce Design Patterns This section is based on the book by Jimmy Lin Now lets look at

MapReduce Design Patterns This section is based on the book by Jimmy Lin Now lets look at

MapReduce Design Patterns This section is based on the book by Jimmy Lin Now lets look at important program design and Chris Dyer patterns for MapReduce. Programmer can control program execution only through implementation of

394 views • 6 slides
Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information Security Group Royal Holloway, University of London ACM Workshop on Secure Web Services 2004 George Mason University, 29 October 2004 Applying

647 views • 31 slides
Analysis-driven Engineering of Comparison-based Sorting Algorithms on GPUs 32nd ACM International

Analysis-driven Engineering of Comparison-based Sorting Algorithms on GPUs 32nd ACM International

AlgoPARC Analysis-driven Engineering of Comparison-based Sorting Algorithms on GPUs 32nd ACM International Conference on Supercomputing June 17, 2018 Ben Karsin 1 karsin@hawaii.edu Volker Weichert 2 weichert@cs.uni-frankfurt.de Henri

1.11k views • 77 slides
Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth

psrikanth@bitglass.com Booth #450 Surviving the Cloud: How Big Is Your Risk? Prasidh Srikanth Booth #450 Agenda Cloud BYOD Security Booth #450 Time Travel to 2004 Virtual Private Server Dedicated Server Shared Hosting Cloud Booth

498 views • 14 slides
The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th

The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th

The Cloud Computations on Encrypted Data and Privacy David Pointcheval CNRS - ENS - INRIA 11th International Conference on Provable Security Xian, China - October 23rd, 2017 David Pointcheval Introduction 2 / 26 Anything from Anywhere

103 views • 7 slides
Control Path Design and Lab 3 1 Separating Control From Data The datapath is where data

Control Path Design and Lab 3 1 Separating Control From Data The datapath is where data

Control Path Design and Lab 3 1 Separating Control From Data The datapath is where data moves from place to place. Computation happens in the datapath No decisions are made here. Things you should find in a datapath Muxes

321 views • 16 slides

More recommend