• No results found

The Advanced Cyber Security Center (ACSC): A Cyber Threat Information Sharing Consortium. Bruce J. Bakis, The MITRE Corporation

N/A
N/A
Protected

Academic year: 2021

Share "The Advanced Cyber Security Center (ACSC): A Cyber Threat Information Sharing Consortium. Bruce J. Bakis, The MITRE Corporation"

Copied!
21
0
0

Loading.... (view fulltext now)

Full text

(1)

The Advanced Cyber Security Center (ACSC): A Cyber Threat Information Sharing Consortium Bruce J. Bakis, The MITRE Corporation

(2)

Outline

Essence

Goals

Member value proposition

OrganizationMilestonesSharing modelElementsDifferentiatorsChallenges

(3)

ACSC is a cross-sector collaboration among industry, university, and government entities organized to address the most critical cyber security challenges

Founding premise: advanced cyber threat too complex/sophisticated to battle alone

Need force multiplier: power of collaboration and unclassified information sharing

Need diversity of subject matter expertise: technology, policy, behavioral science, modeling, economics, legal, education

Need to improve cyber security ROI: leverage the investments of members

Need to develop next-gen cyber defenses and warriors: R&D and education

Organizing entity: Mass Insight Global Partnerships

(4)

Leverage and establish New England as a leader in cyber security defense, R&D, education programs, and policy development

Be a thought and action leader in the cyber defense ecosystemServe as proof-of-concept test bed and blueprint for global

federated sharing of unclassified cyber threat information Facilitate the advancement of membership cyber maturity

levels

Create talent cluster as incubator and engine for a cyber economy

Operate a leading university cyber security research centerShape and enable cyber defense education

Operate a leading cyber security operations and crisis center

(5)

Cyber threat information sharing, including incident data, analysis techniques, collection and monitoring techniques, malware analysis, and defensive techniques

Better deal with advanced cyber threatIncrease cyber security ROI

Access to effective and emerging cyber security strategies, tools, products, experience, research

Shape cyber research agenda to the benefit of members

Multi-disciplinary perspective

Deeper access to next gen cyber counter-insurgent warriors through university-industry relationships

Cyber security policy analysis and influence

(6)

To be incorporated in MA as a 501 (c) (3) nonprofit

20 charter members: major Boston financial services firms and the FRB of Boston, leading MA defense nonprofits,

utilities, IT products and services organizations, healthcare, universities, and the Commonwealth of Massachusetts

For 1st 3 years, mostly funded by membership, then blended

funding with state and federal grants

Governance

Mass Insight is organizing entityBoard of Advisors

Steering Committee

Working Groups: Threat Evaluation & Data Sharing, Policy-Legal, University-Industry

(7)

2007

Mass Insight Global Partnerships develops kernel of idea for cross-sector collaborative R&D center

MITRE suggestion: work cyber defense cross-sector

2008: Begin work on “MA IT Security Center”

2009

First Advisory Board meeting at MITRE (Bedford, MA) with defense sectors representative to discuss opportunity for collaborative information security center

Renamed ACSC

2010

Steering Committee organized with cross-sector representation to drive Center development

Initial ASCS “tech group” sharing launched at MITRE

(8)

2011

3 Work Groups formed

All members sign Phase I participant agreementUniversity-Industry engagement begins

Developed university cyber research resource guide

Reviewed existing and proposed state (MA) and federal cyber security and privacy policy

September 20 Launch Conference

Ahead

ACSC incorporation in MA as 501 (c) (3) nonprofit

Announcement of first industry-funded R&D project led by university partners

Strategic research agenda

ACSC internships and work-study partnerships in place through industry members

(9)

Post-to-All: members communicate directly with each otherIntrusion attempt information (e.g., malware sample, social

engineering attack method)

Use standardized alerts with a common taxonomy that can be ingested and interpreted through automation

Hub-and-Spoke: members (spoke) communicate through the centralized ACSC (hub)

Intrusion attempt information plus more sensitive information on incident response, vulnerabilities, and depth of “kill-chain” penetration

Provide anonymization (as needed) and value-added analytical services

Provide repository of advanced cyber threat information (e.g., malware samples, best practices, policies)

Distributed Database: structured threat information database fed by information from the other models

(10)

Physical: ACSC MITRE Bedford, MAFunctions as cyber security ops center

Cyber ops and cyber researchers work side-by-side

Focus on research that translates more quickly into practice (translational research) as well as strategic research

Proving ground for new and prototype products

Provide cyber security incident response capability for

members and function as a response center in the event of a regional cyber disaster

(11)
(12)
(13)

Core Elements: ACSC Notional Cyber

Operations & Research Facility

(4/8)

(14)

Face-to-Face

Cyber Tuesdays

Technical Exchange Meetings (TEMS)Committee meetings

Virtual

MITRE cyber threat information sharing portal: wiki and forum, information and tools repository

Email list server

Tool for online innovation brokering and collaboration (planned)

Structured threat information database (future)

Standards-based automated sharing of cyber threat information (future)

(15)
(16)

Core Elements: Portal Authentication

(7/8)

(17)
(18)

Cross-sector membership

Strong focus on advanced persistent threat (APT)

Operate cyber security ops center

Cyber ops and R&D work side-by-side

Hybrid information sharing model: hub-and-spoke, post-to-all, distributed database

Cyber disaster recovery center for members

Hybrid funding: members, state, and federal grants

Shape and enable cyber education programs

Incubator and engine for regional cyber economy

ACSC Key Differentiators when Compared

with Other Cyber Threat Information

(19)

Establishing strong trust among members

Right-sizing the organization (trust relationships don’t scale well)

Organizations with global operations have non U.S. citizens, which currently limits (under Phase I participant agreement) sharing of sensitive information

Reciprocal participation among members

IP ownership of research and products (Phase II participation agreement)

Delivering on the value proposition

Maintaining due diligence awareness of other players

Automated yet human-readable exchange of cyber threat information in standardized format

Federation with other cyber threat information exchanges

(20)

http://www.massinsight.com/initiatives/cyber_security_center/

(21)

Blue Cross Blue Shield of Massachusetts ▪ Commonwealth of Massachusetts ▪ CSC ▪ Draper Laboratory ▪ Federal

Reserve Bank of Boston ▪ Fidelity Investments ▪ Foley Hoag, Counsel ▪ Harvard University ▪ John Hancock Financial

Services ▪ Liberty Mutual Group ▪ Massachusetts Institute of Technology ▪ MIT, Lincoln Laboratory ▪ MITRE ▪ Northeast Utilities ▪ NSTAR Electric & Gas ▪ Partners Healthcare

System ▪ RSA/EMC ▪ State Street Corporation ▪ University of Massachusetts ▪ Veracode

Active engagement by ▪ Babson College ▪ Boston University

Brandeis University ▪ Middlesex Community College

Northeastern University ▪ Tufts University ▪ Worcester Polytechnic Institute

References

Related documents

Park et al, 1999 ). The two maize genes are compared to their shared single orthologs in the Sorghum, fox- tail millet, rice and Brachypodium genomes. The conserved

For example, according to Armstrong (2006, p.8), “the overall purpose of human resource management is to ensure that the organization is able to achieve success

Specify alert text on the Message Record Action - Detail window or New Event Alert Policy window (shown in Define Alert Classes). For more information about alert text, see

An explanatory paragraph following the opinion paragraph, describing that (i) the statement of social insurance presents the actuarial present value of the agency’s estimated

Identifying the genes that convey risk of alcoholism is a second major goal of genetic re s e a rc h ; scans of the human genome re veal evi- dence of genes in certain chro m o s o m

this Presentation contains a misrepresentation and it was a misrepresentation at the time of purchase of securities by you, you will be deemed to have relied upon the

In addition, the Euclidean distance among these objects as well as among objects and clusters in figure 4 can be correctly measured, since the space shown in figure 4 is a

1) Online Book : concept videos, step-by-step tutorials.. Context: Data Visualization for All courses and products.. Two