• No results found

Cyber Security Information Exchange

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Cyber Security Information Exchange"

Copied!
23
0
0

Loading.... (view fulltext now)

Download now ( 23 Page )

Full text

(1)

Luc Dandurand

NATO Communications and Information Agency

(2)

Overview

▶ Cyber security in NATO

▶ Highlight of existing efforts and solutions

▶ Challenges still affecting information sharing

▶ The Cyber Security Data Exchange and Collaboration Infrastructure (CDXI):

▶  High-Level Requirements

▶  Deployment and Integration

▶  Knowledge Markets

▶  Agile Data Model

(3)

Cyber Security

In NATO

(4)

▶  NATO in a nutshell:

▶  Collective defence

▶  Interoperable capabilities

▶  Policies for sharing information

▶  NATO has its own systems to protect

▶  NATO relies on National systems for its

missions and operations

▶  NATO’s 2010 Strategic concept

▶  Cyber security is a key concern

▶  NATO Computer Incident Response

Capability (NCIRC)

▶  Coordination Centre (CC)

(5)

Highlight of

Existing E

orts and

(6)

Standardization E

orts

▶ Standards:

▶  US Govt / MITRE's “Making

Security Measurable” program

▶  ITU-T’s X.1500 CYBEX

▶  IETF’s Incident Object

Description and Exchange Format (IODEF) and Real-time Inter-network Defence (RID)

▶  Vendor Formats

▶ Proprietary or Open source

(7)

Existing Capabilities

▶  Platforms / Systems / Services:

▶  Information Sharing and Analysis Centres (ISACs)

▶  Resiliency and Security Forum of the Internet Systems Consortium

▶  Multinational Alliance for Collaborative Cyber Situational Awareness (MACCSA)

▶  Collective Intelligence Framework (CIF)

▶  ITU’s IMPACT

▶  NATO’s Malware Information Sharing Platform (MISP)

▶  Many efforts in other domains

(8)

Challenges A

ecting

Information Sharing in Cyber

Security

(9)

Challenges (1/2)

▶ Developing models for complex realities

▶ Lots of data sources available in the public domain, leading to information overload

▶ Timeliness requirement competes with quality requirement

(10)

Challenges (2/2)

▶ Sensitive data requires dissemination controls

▶ Poor quality and current data management approaches significantly limit automation

▶ Current processes and technologies do not support burden-sharing collaboration and outsourcing

▶ No direct financial benefit

Ongoing efforts must be continued,

(11)

Addressing the Challenges…

▶ Previous efforts have looked at how to exchange

information between parties without much consideration for the internal problems for handling the exchanged

data…

▶ In cyber security, there are many challenges in the management and exploitation of exchanged data…

▶ In cyber security, these challenges are mostly common to all…

(12)

CDXI

:

A Cyber Security Information

Exchange Platform

(13)

CDXI Overview

▶ CDXI capability has 3 objectives:

▶  Facilitate information sharing

▶  Enable automation

▶  Facilitate the generation, refinement and vetting of cyber

security data through burden-sharing collaboration and outsourcing

▶ Focused on structured cyber security data

(14)

High-Level Requirements

HLR #1: Provide a flexible, scalable,

secure and decentralized infrastructure based on freely

available software

HLR #2: Provide for the controlled evolution of the syntax and semantics of multiple independent

data models and their correlation

HLR #3: Securely store both shared and private data

HLR #4: Provide for customizable, controlled multilateral sharing HLR #5: Enable the exchange of data across

non-connected domains

HLR #6: Provide human and machine interfaces HLR #7: Provide collaboration tools that enable burden sharing on the generation, refinement,

and vetting of data HLR #8: Provide customizable

quality-control processes

HLR #9: Expose dissension to reach consensus

(15)

Deployment and Integration

A CS App App CS CS App CDXI Core Services

(authentication, data storage) Networking CDXI UI User facing Applications Services / Infrastructure Integration Organisation B CS App App CS CS App CDXI Core Services

(authentication, data storage) Networking

CDXI UI

Integration

(16)

KM 2

Knowledge Markets

KM 1 Organisation A Organisation C Data Offering ABC Publish Data Offering XYZ Publish Subscribe Subscribe A B Z

(17)

Subscribe

Knowledge Markets

KM 1 Organisation A Organisation C KM 2 Data Offering ABC Publish Data Offering XYZ Publish Subscribe A B Z Data Offering XYZ

(18)

Agile Data Model

Producer’s Initial Data Offering

Org A Org B Org C

Consumers

Producer’s Improved Offering

Emerging Market!

Org Z

Version Control

(19)

CDXI at Organisation A

Enabling Automation

Data Offering ABC Data Offering XYZ API Alerting System Fully Automated Response System API QCP 1 QCP 2 API Semi-Automated Response System Prioritize! Correlation

(20)

Support for Commercial Exploitation

▶ Enable easy accounting of exchange and use of information

▶ Support different business models, e.g.:

▶  Pay a monthly fee for receiving continually updated data

▶  Remote queries into a database, and “buy” a subset of records

found

▶  Only pay for records used to support automated processes

▶ Accounting for data-related services, e.g.:

▶  Correlation of data sources

(21)

Core Elements of CDXI

▶  Independent Topic Ontologies

▶  Information Exchange Policies

▶  Participating Organizations

▶  Quality Control Processes

▶  Communication Channels ▶  Knowledge Markets ▶  Digital Curations Enterprise Security Version Control Collaboration Workflows APIs ITOs Orgs KMs QCPs IEPs

(22)

Conclusion

▶ CDXI is a knowledge management platform specifically designed to address the information sharing issues of the Cyber Security domain

▶ NATO is seeking feedback on the proposed capability

▶  If freely available, would you provide data accessible to NATO?

▶ CDXI implementation will be considered by NATO Nations in 2014

▶ Possible collaboration on refining use cases in 2014:

▶  ACT: Mario Beccia (Mario.Beccia@act.nato.int)

(23)

Thank  you!  

Luc Dandurand

NATO Communications and Information Agency luc.dandurand@ncia.nato.int

References

Download now ( PDF - 23 Page - 7.74 MB )

Related documents

Industry. Cyber Security. Information Sharing at the Technical Level. Guidelines

With these Guidelines, the NCI Agency implements a voluntary bilateral Cyber Information Sharing Programme which will allow industry working with NATO and NATO to share cyber

Visualization of Fuzzy Clustering Result in Metric Space

In addition, the Euclidean distance among these objects as well as among objects and clusters in figure 4 can be correctly measured, since the space shown in figure 4 is a

MSc Cyber Security UKPASS P Course 1 Year Full-Time, 2-3 Years Part-Time

You will develop an understanding of current issues in information security and cyber security, as well as gain in- depth knowledge of a variety of techniques for strategically

Comparative Review of VSaaS and Local CCTV Recording and Management

Nigel has in-depth knowledge of cyber security, information security, business risk, data breach incident response, digital forensics, business continuity, cyber warfare, cyber

Presented By: Corporate Security Information Security Treasury Management

Corporate Security Information Security Treasury Management.?. Is Your Business Prepared for a

Cloud Computing with IBM z Systems

Cloud Mgmt SW Enterprise Mgmt SW Other Mgmt SW Nova drivers Server Cinder drivers Storage Network AMQP DBMS Infrastructure Mgmt Capabilities Image Management. Virtual

HOLLAND: YOUR PORTAL TO OFFSHORE WIND POWER

Direct Access, Short Distances Renowned international companies in the supply chain recognize this natural competitive advantage and choose Dutch seaports as a high-quality and

Mindfulness and Implicit Political Intergroup Bias

Items 5 and 6 were asked of participants in the control (no attentional instruction) condition, and response options ranged from 1 (not at all) to 5 (very much). Items 7 and 8