ITSAFE Warning Service in the UK German Presidency IT Security Conference

ITSAFE Warning Service in the UK
German Presidency IT Security Conference
5 June 2007
Berlin
© Crown Copyright 2007. All Rights Reserved.
Origins
•2002 Alerting Systems Workshop in UK
– Belgian Anti-Virus Warning system
•2003 Workshop on Alerting systems
– Germany, Netherlands, Industry, Government
– Established Principles
•Principles
–
–
–
–
–
Very few serious Warnings
Keep channels open with low-level information, news
Plain English
‘Push’ mechanism
Citizens & Micro-businesses
© Crown Copyright 2007. All Rights Reserved.
Features
•Authentication - ‘Secure Word’
•Choice of channels
•Simple website (initially)
•Non-technical language
•Partnership
© Crown Copyright 2007. All Rights Reserved.
Types of Warning
• Vulnerabilities - technical problems, of either an
architectural, implementation or configuration nature,
which would allow a malefactor to perform undesirable
actions to a system
• Exploits - techniques used by malefactors to perform
undesirable actions to a system, which may either be as
a result of a new or changed Vulnerability, or by an
unintended approach to a legitimate facility, typically a
failure in non-technical Information Assurance (IA)
countermeasures in the personnel, physical or
procedural realms such as leaving a system logged in
where unauthorised personnel could gain access
•(Plain English ???)
© Crown Copyright 2007. All Rights Reserved.
Now linking with other services
• Critical National Infrastructure (CNI)
• CSIRTUK(ex-UNIRAS) Service
• Communities of Interest
• WARP Initiative
• Citizens and Micro-Businesses
– ITsafe Warning Service
– GetSafeOnline Campaign
© Crown Copyright 2007. All Rights Reserved.
‘CSIRTUK (formerly UNIRAS)’
UNIRAS)
the CPNI CERT
• Established in 1992, as CSIRT for Central Government
Community
• Role extended on formation of National Infrastructure
Security Coordination Centre (NISCC) in 1999 to include
responsibility for Critical National Infrastructure (CNI)
• As part of CPNI, still responsible for CNI sectors,
working closely with the new GOVCERTUK (CESG)
responsible for systems in UK Govt depts.
• Issues wide range of technically phrased warnings to its
communities
© Crown Copyright 2007. All Rights Reserved.
WARP
• The Warning, Advice and Reporting Point
(WARP)
WARP initiative
• Aimed at providing “CSIRT Light” services to
small Communities of Interest
• Founded and supported by UK Government
(NISCC/CPNI) and Cabinet Office’s Central
Sponsor for Information Assurance (CSIA)
• Developing into a self-supporting Trust, backed
by CPNI
© Crown Copyright 2007. All Rights Reserved.
ITsafe and GetSafeOnline
• ITsafe is a service, launched on 23rd February 2005 by
Home Office Minister Hazel Blears MP, to provide Plain
Language Warnings to Micro-Businesses and Private
Citizens in the UK
• GetSafeOnline is a Public / Private initiative, working in
partnership with the ITsafe Warning Service, to provide a
source of information and good practice to MicroBusinesses and Private Citizens in the UK
© Crown Copyright 2007. All Rights Reserved.
Current Warning Information Flows
Closed
Sources
CSIRT-UK
‘UNIRAS’
Service
Open
Sources
WARP
Operators
UNIRAS
Service
ITsafe
Warning
Service
© Crown Copyright 2007. All Rights Reserved.
CNI
CNI
Customers
Customers
WARP
CNI
Communities
Customers
Citizens/
CNI
?Businesses
Customers
CPNI Structured Data Feed
• Based on Extensible Markup Language (XML)
• Initial offering will have 3 variants :
– A Document Object Model (DOM) replication of the full,
analysed, Vulnerability or Exploit records
– A public RSS “Ticker” pointing to the record
– A “rich” RSS Ticker with a full structured XML version of the
vulnerability or exploit for onward processing by other systems
▪ WARP Trust
▪ GetSafeOnline
▪ Australian service
© Crown Copyright 2007. All Rights Reserved.
Structured feed elements
• Generic Dublin Core (DC) Metadata fields
• Generic e-Government Metadata Standard
(eGMS) fields
• Data Labelling Namespace (DL-NS) fields
• Interim Vulnerability and exploit Description
and exchange Format (IVDF) fields
• Information and Communications Technology
Namespace (ICT-NS) fields
• Fields to support profiling of outputs
© Crown Copyright 2007. All Rights Reserved.
Possible Future Warning Information
Flows
Closed
Sources
CERIF
RSS
Closed
CPNI
Infosec
Advisors
Open
Sources
RSS
CERIF
Open
© Crown Copyright 2007. All Rights Reserved.
CNI
CNI
Customers
Customers
ITsafe
Dissemination
Partner
WARP
UNIRAS
Operators
Service
Citizens
CNI /
?Businesses
Customers
WARP
CNI
Communities
Customers
Extending the Model
• The dataset has been built for CPNI’s needs,
but is based on XML, and as such is inherently
Extensible, for instance :
– Multilingual support could be added
– The ICT-NS implementation will probably be replaced
by CPE when that is completed
– The profile mechanism (VEXWM) used for the ITsafe
RSS could support multiple communities’ profiles
• CPNI are already in discussion with several
parties about collaborative options
© Crown Copyright 2007. All Rights Reserved.
Conclusions
•Principles
– Don’t ‘Cry Wolf’
– Very few serious Warnings
– Keep channels open
– with low-level information, news
– Plain (Non-technical) English
– (/German/Dutch/French etc etc)
– Simple authentication mechanism
– ‘Push’ mechanism
– (not just a website)
– If possible create a hybrid service – make it personal !
▪ Each subscriber/group selects what they want pushed to them
▪ Use a flexible ‘Triage’ process
– Make it customisable semi-automatically
© Crown Copyright 2007. All Rights Reserved.
The Future ?
– Every Home User and Small business gets (what they think is)
a personalised service of warnings
– Supplemented by non-urgent news etc to keep the channel open
– Plain (Non-technical) Language
– Possibly locally sourced
– Supplement IT security with e-crime, physical & personnel
security warnings and info
© Crown Copyright 2007. All Rights Reserved.
Questions ?
General Queries
Peter Burnett
CPNI Corporate Strategy & Policy
+44 207 233 8181
peterb@cpni.gsi.gov.uk
Technical XML implementation
Ian Bryant
ITsafe Technical Authority
+44 87 0114 4561
Hd-tech@itsafe.gov.uk
Þ http://www.cpni.gov.uk
© Crown Copyright 2007. All Rights Reserved.
The END
© Crown Copyright 2007. All Rights Reserved.
In case you only came for this – here’s an Alpaca picture
© Crown Copyright 2007. All Rights Reserved.