2004 02 00 larry clinton isa overview and philosophy presentation at homeland security event in fl

7/31/2019 2004 02 00 Larry Clinton ISA Overview and Philosophy Presentation at Homeland Security Event in FL

1/34

Larry ClintonOperations Officer

Internet Security [email protected]

202-236-0001


2/34

Presentation Outline

The Growing Problem of Cyber Security

Traditional Solutions and Why They Wont Work

A New Paradigm (tools and incentives) Bringing it all Together


3/34

The Past


4/34

Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html

The Present


5/34

Human Agents

Hackers Disgruntled employees White collar criminals Organized crime Terrorists

Methods of Attack

Brute force Denial of Service Viruses & worms Back door taps &

misappropriation,

Information Warfare (IW)techniques

Exposures

Information theft, loss &corruption

Monetary theft & embezzlement

Critical infrastructure failure Hacker adventures, e-graffiti/

defacement

Business disruption

Representative Incidents Code Red, Nimda, Sircam CD Universe extortion, e-Toys

Hactivist campaign,

Love Bug, Melissa Viruses

The Threats The Risks


6/34

Growth in Incidents Reported

to the CERT/CC

1988 1989 1990 1991 1992 1993 1994 19951996 1997 1998 1999 2000 2001 2002

132

110,000

55,100

21,756

9,8593,7342,1342,5732,4122,3401,3347734062526

0

20000

40000

60000

80000

100000

120000


7/34

The Dilemma: Growth in Number ofVulnerabilities Reported to CERT/CC

4,129

2,437

171345 311 262

417

1,090

0

500

1,000

1,500

2,000

2,500

3,000

3,500

4,000

4,500

1995 2002


8/34

Attack Sophistication v. Intruder

Technical Knowledge

High

Low

1980 1985 1990 1995 2000

password guessing

self-replicating code

password cracking

exploiting known vulnerabilities

disabling audits

back doors

hijackingsessions

sweepers

sniffers

packet spoofing

GUI

automated probes/scans

denial of service

www attacks

Tools

Attackers

IntruderKnowledge

AttackSophistication

stealth / advancedscanning techniques

burglaries

network mgmt. diagnostics

DDOSattacks


9/34

Computer Virus Costs (in

billions)

0

30

60

90

120

150

'96 '97 '98 '99 '00 '01 '02 '03

Ran e

(Through Oct 7)

$

billion


10/34

Traditional Solutions &

Why They Wont Work

Technology Solutions (its like Y2K) Government Regulation (just mandate security) Great Wall of China (Secure our boarders)


11/34

Cyber Security is not an IT

Problem

Y2K WAS:

Simple Passive Not an attack Cyber Security requires people, processes,

procedures and management of the risk.


12/34

A Risk Management

Approach is Needed

Installing a network security device is not a

substitute for a constant focus andkeeping our defenses up to date There

is no special technology that can make anenterprise completely secure.

National Plan to Secure Cyberspace, 2/14/03


13/34

You Cant Mandate Cyber

Security Policy Must Address Internet as a new Technology No one owns the Internet It is Constantly Evolving International Operation makes regulation difficult Mandates will Truncate innovation and the

economy

Beware the Roadmap for mischief


14/34

Putnam Legislation

Risk Assessment Risk Mitigation

Incident Response Program Tested Continuity plan Updated Patch management program Putnam has said it wont work.


15/34

Build a Great Wall around

your Organization The Internet has no walls, no boarders, no one

actually owns it.

You are only as secure as the organizations youinterconnect with, and thats pretty much everyone.

The Internet is Interdependent, and Security isInterdependent


16/34

Attacks are Inevitable

According to the US Intelligence community Americannetworks will be increasingly targeted by malicious actors

both for the data and the power they possess. National

Strategy to Secure Cyberspace, 2/14/02

The significance of the NIMDA attack was not in the amountof damage it caused but it foreshadows what we could

face in the future CIPB

Things are getting worse not better. NYT 1/30/03


17/34

A New paradigm:Tolls

and Incentives TOOLS

Information Sharing Best Practice Development Standards/Certification/Qualification Training Policy Development A Total SystemS Approach


18/34

ISAlliance/CERT

Knowledgebase Examples


19/34

Benefits of Information Sharing

Organizations

May lesson the likelihood of attackOrganizations that share information about computer break ins are less

attractive targets for malicious attackers. NYT 2003

Participants in information sharing have theability to better prepare for attacks


20/34

Benefits of Information Sharing

Organizations

SNMP vulnerability CERT notified Alliance members Oct. 2001 Publicly disclosed Feb. 2002

Slammer worm CERT notified Alliance members May 2002 Worm exploited Jan. 2003


21/34

Step 4. Adopt and

Implement Best Practices

Cited in US National DraftStrategy to Protect Cyber

Space (September 2002)

Endorsed by TechNet for CEOSecurity Initiative (April 2003)

Endorsed US India BusinessCouncil (April 2003)


22/34

Common Sense Guide

Top Ten Practice Topics

Practice #1: General ManagementPractice #2: PolicyPractice #3: Risk ManagementPractice #4: Security Architecture & DesignPractice #5: User IssuesPractice #6: System & Network ManagementPractice #7: Authentication & AuthorizationPractice #8: Monitor & AuditPractice #9: Physical SecurityPractice #10: Continuity Planning & Disaster Recovery


23/34

Cooperative work on

assessment/certification TechNet CEO Self-

Assessment Program

Bring cyber security to theC-level based on ISA Best

Practices

Create a baseline ofsecurity even CEOs can

understand

American SecurityConsortium 3-Party

Assessment program

Risk Preparedness Indexfor assessment and

certification

Develop quantitativeindependent ROI for cybersecurity


24/34

ISAlliance/CERT Training

Concepts and Trends In Information Security Information Security for Technical Staff OCTAVE Method Training Workshop Overview of Managing Computer Security Incident

Response Teams

Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Information Survivability an Executive Perspective


25/34

ISAlliance Incentive

Model Model Programs for market Incentives---AIG ----Nortel

---Visa ----Verizon

SemaTech Program

Tax Incentives

Liability Carrots

Procurement Model

Research and Development


26/34

Chief Technology OfficersKnowledge of their Cyber Insurance

34% Incorrectlythought they werecovered

36% Did not haveInsurance

23% Did not know ifthey had insurance

7% Knew that theywere insured by aspecific policy


27/34

ISAlliance Cyber-Insurance

Program

Coverage for members

Free Assessment through AIG Market incentive for increased security practices 10% discount off best prices from AIG Additional 5% discount for implementing ISAlliance

Best Practices (July 2002)


28/34

ISAlliance Qualification

Program No Standardized Certification Program Exists or

will exist soon

ISAlliance in cooperation with big 4 and insuranceindustry create quantitative measurement forqualification for ISA discounts as proxy forcertification

ISA works with CMU CyLab on Certification


29/34

A Coherent 10 step

Program of Cyber Security

1. Members and CERT create best practices

2. Members and CERT share information

3. Cooperate with industry and government todevelop new models and products consistent with

best practices


30/34

A Coherent Program of

Cyber Security

4. Provide Education and Training programs based

on coherent theory and measured compliance

5. Coordinate across sectors

6. Coordinate across boarders


31/34

A coherent program

7. Develop the business case (ROI) for improvedcyber security

8. Develop market incentives and tools for consistent

maintenance of cyber security

9. Integrate sound theory and practice and

evaluation into public policy

10. Constantly expand the perimeter of cybersecurity by adding new members


32/34

The Internet Security Alliance

The Internet Security Alliance is a collaborative effort between

Carnegie Mellon UniversitysSoftware Engineering Institute (SEI)

and its CERT Coordination Center (CERT/CC) and the Electronic

Industries Alliance (EIA), a federation of trade associations with

over 2,500 members.


33/34

Sponsors


34/34

Larry ClintonOperations Officer

Internet Security Alliance

[email protected]

202-236-0001

2004 02 00 larry clinton isa overview and philosophy presentation at homeland security event in fl

Documents