CTO-Cybersecurity-Forum-2010 Forum-Mike hird

456 views
420 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
456
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CTO-Cybersecurity-Forum-2010 Forum-Mike hird

  1. 1. CTO CYBERSECURITY FORUM<br />London 18 June 2010<br />An overview of the Cybersecurity Information Exchange FrameworkCYBEX<br />Mike Hird - mike.hird@ties.itu.int<br />(with thanks to Tony Rutkowski, <br />Rapporteur, ITU-T Q4/17 and the Q4 CYBEX CG)<br />
  2. 2. The basic CYBEX model<br />Cybersecurity<br />Entities<br /><ul><li>structuring information
  3. 3. identifying and discovering objects
  4. 4. requesting and responding with information
  5. 5. exchanging information over networks
  6. 6. assured cybersecurity information exchanges</li></ul>Cybersecurity<br />Entities<br />CybersecurityInformationacquisition(out of scope)<br />CybersecurityInformationuse(out of scope)<br />
  7. 7. What information?<br />Event/Incident/Heuristics Exchange Cluster<br />Vulnerability/State Exchange Cluster<br />Knowledge Base<br />EventExpressions<br />MalwarePatterns<br />VulnerabilitiesandExposures<br />Weaknesses<br />Platforms<br />State<br />IncidentandAttackPatterns<br />Extensionsfor:<br />DPI<br />Traceback<br />Smartgrid<br />Phishing<br />AssessmentResults<br />SecurityStateMeasurement<br />ConfigurationChecklists<br />Evidence Exchange Cluster<br />Terms andconditions<br />ElectronicEvidence Discovery<br />Handover of retained data forensics<br />Handover of real time forensics<br />
  8. 8. How to identify, enable discovery, trust, and exchange information?<br />Discovery Enabling Cluster for parties, standards, schema, enumerations, instances and other objects<br />Requestanddistributionmechanisms<br />CommonNamespace<br />Discoveryenablingmechanisms<br />Identity Assurance Cluster<br />Exchange Cluster<br />AuthenticationAssurance<br />Methods<br />Authentication AssuranceLevels<br />InteractionSecurity<br />TransportSecurity<br />
  9. 9. CYBEX Summary<br />Will provide three essential capabilities for any system or service:<br />Determining cyber-integrity of systems and services in a measurable way<br />Detecting and exchanging incident information to improve cyber-integrity<br />Providing forensics, when necessary, to appropriate authorities<br />Includes<br />Means for identifying, enumerating and exchanging knowledge about weaknesses, vulnerabilities, incidents<br />Measurable assurance (trust) for information and parties involved<br />Extensible to any kinds of networks, services, or platforms – present and future<br />Applicable to Clouds, Online Transaction Security, Smartgrids, eHealth, …<br />Open standards – most imported into ITU-T, published & maintained in multiple languages, and freely downloadable as X-series specifications<br />Excludes<br />Specific implementations (i.e., CYBEX is technology neutral)<br />How to implement<br />CYBEX Framework and some initial stable specifications ready by Dec 2010<br />Potentially ~20 additional in 2011-2012 timeframe<br />
  10. 10. Who is involved*: it takes a global village<br />Comparable government agenciesof other countries/regions<br />Australia, Canada, China, EU, Germany, Kenya, Korea, Japan, Netherlands, Russia, Switzerland, Syria, UK, USA (potentially 191 countries)<br />Vendors/Service Providers<br />Other Bodies<br />Anatel, China Unicom, Cisco, CNRI, France Telecom, Huawei, Intel, KDDI, LAC, Microsoft, Nokia Siemens, NTT, Syrian Telecom, Telcordia, Verizon, Yaana, ZTE<br />APWG, CA/B Forum, CCDB, CNIS, ETSI, FIRST, GSC, IEEE ICSG, IETF, ISO SC6:SC27:TC68, other ITU-T SGs, ITU-D, ITU-R, MITRE, NSTAC, OASIS<br />*ITU-T Q4/17 participants and contributors. Does not include scores more in development communities<br />
  11. 11. Questions?<br />But how do we.....................?<br />Additional information:<br />ITU-T<br /> Cybersecurity Portal - http://www.itu.int/cybersecurity/<br /> SG17 - http://www.itu.int/ITU-T/studygroups/com17/index.asp<br /> SG17 Q4 List of Network Forensics and Vulnerability Organisations -<br />http://www.itu.int/ITU-T/studygroups/com17/nfvo/index.html<br />FIRST - http://www.first.org/<br />ENISA - http://www.enisa.europa.eu/<br />

×