ITSAFE Warning Service in the UK German Presidency IT Security Conference 5 June 2007 Berlin © Crown Copyright 2007. All Rights Reserved. Origins •2002 Alerting Systems Workshop in UK – Belgian Anti-Virus Warning system •2003 Workshop on Alerting systems – Germany, Netherlands, Industry, Government – Established Principles •Principles – – – – – Very few serious Warnings Keep channels open with low-level information, news Plain English ‘Push’ mechanism Citizens & Micro-businesses © Crown Copyright 2007. All Rights Reserved. Features •Authentication - ‘Secure Word’ •Choice of channels •Simple website (initially) •Non-technical language •Partnership © Crown Copyright 2007. All Rights Reserved. Types of Warning • Vulnerabilities - technical problems, of either an architectural, implementation or configuration nature, which would allow a malefactor to perform undesirable actions to a system • Exploits - techniques used by malefactors to perform undesirable actions to a system, which may either be as a result of a new or changed Vulnerability, or by an unintended approach to a legitimate facility, typically a failure in non-technical Information Assurance (IA) countermeasures in the personnel, physical or procedural realms such as leaving a system logged in where unauthorised personnel could gain access •(Plain English ???) © Crown Copyright 2007. All Rights Reserved. Now linking with other services • Critical National Infrastructure (CNI) • CSIRTUK(ex-UNIRAS) Service • Communities of Interest • WARP Initiative • Citizens and Micro-Businesses – ITsafe Warning Service – GetSafeOnline Campaign © Crown Copyright 2007. All Rights Reserved. ‘CSIRTUK (formerly UNIRAS)’ UNIRAS) the CPNI CERT • Established in 1992, as CSIRT for Central Government Community • Role extended on formation of National Infrastructure Security Coordination Centre (NISCC) in 1999 to include responsibility for Critical National Infrastructure (CNI) • As part of CPNI, still responsible for CNI sectors, working closely with the new GOVCERTUK (CESG) responsible for systems in UK Govt depts. • Issues wide range of technically phrased warnings to its communities © Crown Copyright 2007. All Rights Reserved. WARP • The Warning, Advice and Reporting Point (WARP) WARP initiative • Aimed at providing “CSIRT Light” services to small Communities of Interest • Founded and supported by UK Government (NISCC/CPNI) and Cabinet Office’s Central Sponsor for Information Assurance (CSIA) • Developing into a self-supporting Trust, backed by CPNI © Crown Copyright 2007. All Rights Reserved. ITsafe and GetSafeOnline • ITsafe is a service, launched on 23rd February 2005 by Home Office Minister Hazel Blears MP, to provide Plain Language Warnings to Micro-Businesses and Private Citizens in the UK • GetSafeOnline is a Public / Private initiative, working in partnership with the ITsafe Warning Service, to provide a source of information and good practice to MicroBusinesses and Private Citizens in the UK © Crown Copyright 2007. All Rights Reserved. Current Warning Information Flows Closed Sources CSIRT-UK ‘UNIRAS’ Service Open Sources WARP Operators UNIRAS Service ITsafe Warning Service © Crown Copyright 2007. All Rights Reserved. CNI CNI Customers Customers WARP CNI Communities Customers Citizens/ CNI ?Businesses Customers CPNI Structured Data Feed • Based on Extensible Markup Language (XML) • Initial offering will have 3 variants : – A Document Object Model (DOM) replication of the full, analysed, Vulnerability or Exploit records – A public RSS “Ticker” pointing to the record – A “rich” RSS Ticker with a full structured XML version of the vulnerability or exploit for onward processing by other systems ▪ WARP Trust ▪ GetSafeOnline ▪ Australian service © Crown Copyright 2007. All Rights Reserved. Structured feed elements • Generic Dublin Core (DC) Metadata fields • Generic e-Government Metadata Standard (eGMS) fields • Data Labelling Namespace (DL-NS) fields • Interim Vulnerability and exploit Description and exchange Format (IVDF) fields • Information and Communications Technology Namespace (ICT-NS) fields • Fields to support profiling of outputs © Crown Copyright 2007. All Rights Reserved. Possible Future Warning Information Flows Closed Sources CERIF RSS Closed CPNI Infosec Advisors Open Sources RSS CERIF Open © Crown Copyright 2007. All Rights Reserved. CNI CNI Customers Customers ITsafe Dissemination Partner WARP UNIRAS Operators Service Citizens CNI / ?Businesses Customers WARP CNI Communities Customers Extending the Model • The dataset has been built for CPNI’s needs, but is based on XML, and as such is inherently Extensible, for instance : – Multilingual support could be added – The ICT-NS implementation will probably be replaced by CPE when that is completed – The profile mechanism (VEXWM) used for the ITsafe RSS could support multiple communities’ profiles • CPNI are already in discussion with several parties about collaborative options © Crown Copyright 2007. All Rights Reserved. Conclusions •Principles – Don’t ‘Cry Wolf’ – Very few serious Warnings – Keep channels open – with low-level information, news – Plain (Non-technical) English – (/German/Dutch/French etc etc) – Simple authentication mechanism – ‘Push’ mechanism – (not just a website) – If possible create a hybrid service – make it personal ! ▪ Each subscriber/group selects what they want pushed to them ▪ Use a flexible ‘Triage’ process – Make it customisable semi-automatically © Crown Copyright 2007. All Rights Reserved. The Future ? – Every Home User and Small business gets (what they think is) a personalised service of warnings – Supplemented by non-urgent news etc to keep the channel open – Plain (Non-technical) Language – Possibly locally sourced – Supplement IT security with e-crime, physical & personnel security warnings and info © Crown Copyright 2007. All Rights Reserved. Questions ? General Queries Peter Burnett CPNI Corporate Strategy & Policy +44 207 233 8181 peterb@cpni.gsi.gov.uk Technical XML implementation Ian Bryant ITsafe Technical Authority +44 87 0114 4561 Hd-tech@itsafe.gov.uk Þ http://www.cpni.gov.uk © Crown Copyright 2007. All Rights Reserved. The END © Crown Copyright 2007. All Rights Reserved. In case you only came for this – here’s an Alpaca picture © Crown Copyright 2007. All Rights Reserved.