Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CSIRT Contributions to National Efforts in Critical Information Infrastructure Protection

advertisement 
CSIRT Contributions to National Efforts
in Critical Information Infrastructure
Protection
Bradford J. Willke, CISSP
17 October 2007
ITU Regional Workshop
Buenos Aires, Argentina
© 2007 Carnegie Mellon University
Overview
This presentation examines best practices pervasive in CIIP
frameworks related to CSIRTs, common intersections of CSIRT-toCIIP practice, and benefits of planning or scoping of CSIRT-to-CIIP
activities and multi-national event coordination under a CIIP
framework
© 2007 Carnegie Mellon University
2
Culture of Cybersecurity
A Focus on security in the development of information
systems and networks and the adoption of new ways of
thinking and behaving when using and interacting within
information systems and networks
[OECD Council definition, July 2002]
… factor[ing] security into design and use of all information
systems and networks by promoting consideration of
security as an important objective when thinking about,
assessing and acting…
[OECD Guidelines, Aug 2007]
© 2007 Carnegie Mellon University
3
Components of the Culture
Awareness, Training, and Education
Assigned Responsibility
Responsiveness
Ethics
Neutrality
Risk Attentiveness
Planning and Design
Management
Assessment
© 2007 Carnegie Mellon University
4
National and Multi-National Cybersecurity
Culture Impediments
Goal Orientation: Cybersecurity, business continuity, and ICT
operations support critical information infrastructure protection (I.e.,
provide elements of resiliency) but are often performed independent
of one another
Problem Recognition: The field of cybersecurity and CIIP tends to be
focused on technical not managerial solutions; true process
improvement elusive
Preparation: Nation’s have false sense of preparedness; only tested
during disruptive events
Process: Codes of practice are numerous; however practice
effectiveness is rarely measured
Measurement: There are few reliable benchmarks for determining an
nation’s capability for protecting critical information infrastructures
© 2007 Carnegie Mellon University
5
CIIP Strategic Goals - Example
GOAL 1: Facilitate the development of a national Critical
Information Infrastructure programme (CIIP) strategy
GOAL 2: Assisting owners & operators of Critical
Infrastructure, (both Government and private sectors) to
mitigate their information risk
GOAL 3: Identify and understanding sector issues and
cross-sector dependencies
GOAL 4: Working with international CIP/CIIP
organizations for determining transnational solutions
GOAL 5: Testing and measuring CIP/CIIP maturity over
time and guiding strategy based on measurement
© 2007 Carnegie Mellon University
6
CIIP Strategies - How It Is Organised
CIP Steering Group
CSOs
Transnational
Solutions
International
International Activities
Activities
Assisting Critical Sector Organizations
Industry
Industry Sector
Sector Activities
Activities
Organisational
Organisational Activities
Activities
Developing a Strategy for
National Critical Information
Infrastructure Protection
Sector
Working
Groups
Understanding Sector Issues
Testing &
Measurement
Strategic Measurement
© 2007 Carnegie Mellon University
7
Services Offered by CSIRTs/CERTs with
National Responsibility (Many related to CIIP) 1
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
es
s
Tr
ai
ni
ng
en
Aw
ar
&
h
ac
re
O
ut
en
tA
ci
d
In
al
w
ar
e
Fo
r
en
Ar
si
ti f
cs
ac
tA
na
ly
si
s
O
th
er
na
ns
tio
ra
pe
O
M
ly
si
s
C
C
tr
tr
g
ns
Se
c
O
pe
r
at
io
ni
n
W
ar
et
on
rly
ey
po
t/
N
et
g
rin
ito
on
rti
ng
Al
e
em
ag
M
H
Ea
N
ci
de
nt
M
an
tR
de
n
ci
In
en
t
e
ns
es
po
or
ep
R
nt
de
ci
In
In
In
ci
d
en
tC
oo
rd
in
at
tin
io
n
g
0%
Based on survey of CERTs with national responsibility conducted June 2007
© 2007 Carnegie Mellon University
8
ln
er
ab
ilit
y
as
en
ar
io
Te
st
in
te
g
rR
ec
O
ov
ffer
si
y
Ba
te
St
ck
or
-u
ag
p
O
e
ps
Bu
si
C
ne
en
ss
te
r
C
on
tin
ui
ty
D
is
Sc
As
se
Pe
ss
ne
m
t
r
en
N
at
et
io
t
n
In
Te
tru
st
si
in
on
g
D
et
R
ec
is
k
tio
As
n
se
s
Se
sm
cu
en
rit
t
y
To
ol
D
ev
Se
el
cu
op
rit
m
y
en
To
t
ol
Te
st
in
g
Se
cu
rit
y
Se
Au
cu
di
rit
tin
y
g
St
an
da
rd
C
s
er
tif
ic
at
io
n
Vu
Services Offered by CSIRTs/CERTs with
National Responsibility (Many related to CIIP) 2
100%
90%
80%
70%
60%
50%
40%
30%
20%
10%
0%
Based on survey of CERTs with national responsibility conducted June 2007
© 2007 Carnegie Mellon University
9
CSIRT Activities In CIIP
Develop and sustain an understanding of national cybersecurity
environment
•
Threats, Vulnerabilities, Risks, Capabilities, Sensitivities
Create metrics to quantify understanding
Track the state of cybersecurity over time
Assist critical information infrastructure providers and government
regulatory bodies in identifying and addressing information security
vulnerabilities and threats
Disseminate “lessons learned” from analysis of the cyber environment
and information gained from the various sectors in to expand and
improve the overall state of security within the nation
Liase with law enforcement, regulators, subject matter experts, … on
the technical solutions and implications
© 2007 Carnegie Mellon University
10
International Cybersecurity Goals Require
CSIRT Facilitations
To Identify experts
To Identify resources
To Identify mutual countermeasures and areas of responsibility
To coordinate the vendor and service provider communities on
technical and procedural solutions and remedies
To coordinate within management frameworks (such as CIP
programmes, national emergency response plans, etc)
To advise government and industry on steps to take, and actions not to
take
To participate in planning, design, implementation, operation, and
reconstitution processes with partners
© 2007 Carnegie Mellon University
11
National Cybersecurity Goals Intersect with
CSIRT Responsibilities
1.
Develop National Strategy for Cybersecurity and Critical
Infrastructure Protection
2.
Establish National Government-to-Industry
Collaboration
3.
Deter Cyber Crime
4.
Operate National Incident Management Capability
5.
Promote National Culture of Cybersecurity
© 2007 Carnegie Mellon University
12
Elements of a National Strategy Pertaining to
CSIRTs
Formalise the relationship of partners
•
Public-Private partnerships (government-to-business,
government-to-Subject-Matter-Experts, government-toacademic/research)
Create a risk management process for prioritizing and
examining protective measures
•
Assess and re-assess the national state of cybersecurity
•
Identify requirements:
•
Information channels for distribution of urgent,
normal, or informative communications
© 2007 Carnegie Mellon University
13
Questions and Discussion
Contact Information:
Bradford Willke
Email: bwillke@cert.org
Phone: +1 412 268-5050
Postal Address:
CERT Survivable Enterprise Management Group
Software Engineering Institute
Carnegie Mellon University
Pittsburgh, Pennsylvania 15213-3890
USA
© 2007 Carnegie Mellon University
14
Related documents
2 question eval form - Carnegie Mellon University
2 question eval form - Carnegie Mellon University
Second Carnegie Mellon Conference in Electric Power Systems:
Second Carnegie Mellon Conference in Electric Power Systems:
Carnegie Mellon University Application for Transfer Credit Masters
Carnegie Mellon University Application for Transfer Credit Masters
The Carnegie Mellon Electricity Industry Center
The Carnegie Mellon Electricity Industry Center
Scientific discovery is among the most celebrated ... attention
Scientific discovery is among the most celebrated ... attention
Document10483874 10483874
Document10483874 10483874
Download
advertisement