SlideShare a Scribd company logo

Olaf Kolkman - FIRST Keynote on Collaborative Security

Internet Technology Matters (Internet Society)
Internet Technology Matters (Internet Society)

The Open Internet has demonstrated to be a powerful driver for social, technical and economic interaction. The success of the Internet is based on a number of Invariants[1], among which are Global connectivity and integrity, Accessibility, permissionless innovation, interoperability and mutual agreements. Those properties not only bring prosperity, they grow the attack surface too. When it comes to Internet Security on a global scale the general approach to security may not be all that applicable. That general approach is usually inward facing: whereby actors look at their own assets and how to protect them in a way that makes economic sense. Security policies are often premised at stopping bad things and not on what the properties are that need protected. When thinking about security for the Internet, then, individual actors also need an external perspective in order to trade off their actions towards the bigger internet: Collaborative Security. Within that context we reflect on resiliency, about outward facing security, governance, and give some examples of collaborative security and the difficulty of them getting traction.

Technology
1 of 25
Download to read offline
www.internetsociety.org Collaborative Security Reflections about Security and the Open Internet 27th Annual First Conference June 18, 2015
Collaborative Security | 18 June 2015 http://www.internetsociety.org/get-involved/individuals 2 independent source of leadership for Internet policy, technology standards, and future development Mission: To promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world. Founded in 1992 by Internet Pioneers Global andInclusive Independent and Not-for-Profit Organizational home for the IETF First a few words about who we are, the Internet society….
www.internetsociety.org The Open Internet What was that about again?
Collaborative Security | 18 June 20154 We usually think of the Internet as a complex network of networks, each operated by autonomous operators whereby the services are only loosely coupled to the offered transport networks that offers a best effort service. where application providers provide their applications
Collaborative Security | 18 June 20155 When we talk about technology we have to remember that the technology is really an enabler for humans. The technology is primarily a driver for Socio economic capabilities. (Although this picture might make you wonder if we give up other social interactions … ) But.. back to the technology for a bit.
Collaborative Security | 18 June 20156 Global Reach & Integrity http://www.internetsociety.org/internet-invariants-what-really-matters General Purpose Permissionless Innovation Accessible Accessible Interoperability& mutual agreement Collaboration Interoperable Building Blocks No Permanent Favorites Global reach, integrity: Any endpoint of the Internet can address any other endpoint, and the information received at one endpoint is as intended by the sender, wherever the receiver connects to the Internet. Implicit in this is the requirement of global, managed addressing and naming services. General purpose: The Internet is capable of supporting a wide range of demands for its use. While some networks within it may be optimized for certain traffic patterns or expected uses, the technology does not place inherent limitations on the applications or services that make use of it. Supports innovation without requiring permission (by anyone): Any person or organization can set up a new service, that abides by the existing standards and best practices, and make it available to the rest of the Internet, without requiring special permission. Accessible – it’s possible to connect to it, build new parts of it, and study it overall: Anyone can “get on” the Internet – not just to consume content from others, but also to contribute content on existing services, put up a server (Internet node), and attach new networks. Based on interoperability and mutual agreement: The key to enabling inter-networking is to define the context for interoperation – through open standards for the technologies, and mutual agreements between operators of autonomous pieces of the Internet. Collaboration: Overall, a spirit of collaboration is required – beyond the initial basis of interoperation and bi-lateral agreements, the best solutions to new issues that arise stem from willing collaboration between stakeholders. Technology – reusable building blocks: Technologies have been built and deployed on the Internet for one purpose, only to be used at a later date to support some other important function. There are no permanent favourites: While some technologies, companies and regions have flourished, their continued success depends on continued relevance and utility, not strictly some favoured status.
Collaborative Security | 18 June 20157 Security, stupid The economy, stupid — James Carville had coined as a campaign strategist of Bill Clinton's successful 1992 presidential campaign against sitting president George H. W. Bush. Security is like economy.
Collaborative Security | 18 June 20158 OpenPlatform Open forattack andintrusion Permission less innovation Malware development & deployment Global Reach Attacks and crime are cross-border Voluntary collaboration Hard to mandate Looking at these invariants to the security perspective.
Collaborative Security | 18 June 20159 Security is not an end in itself There is no thing as suchabsolutesecurity Acceptable residual risks in a specific context Resilience Policy measures that are premised on stopping bad things, rather than protecting what is valued, provide no guide as to how far those measures should go. If we are not careful, the spectre of cyber threats can be used as a vehicle for control of networks and how they are used, plus pervasive monitoring
Collaborative Security | 18 June 201510 Photo credit: Allen Watkin
 Source: https://flic.kr/p/47zXL3
 License: CC-2.0 BY-SA Protect the inside from the outside? Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
Collaborative Security | 18 June 201511 The Internet, with its high degree of interconnection and dependencies, brings another dimension to the management of risks. Security and resilience of the Internet depends not only on how well risks to you and your assets are managed, but also, importantly, on the management of risks that you (by your action or inaction) present to the Internet ecosystem – the “outward” risks. Additionally, some risks need to be managed by more than one actor. This is the notion of collective and shared risk management – a notion that is well aligned with the “public interest” nature of the Internet. This latter aspect of risk management is not necessarily self-evident, especially since there is often no obviously identifiable immediate harm to the actors or their assets and, therefore, no direct business case that can be immediately associated with such effort. And, it also is human nature to seek outcomes that further our individual “self-interest”. However, such a narrow approach is counter-productive and, in the long-term, harmful to everyone’s interests – not only will it impact the security of the ecosystem, but it will also diminish the overall pool of social and economic potential that the Internet offers.
Collaborative Security | 18 June 201512 Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
Collaborative Security | 18 June 201513 Fostering Confidence and Protecting Opportunities Collective Responsibility Evolution and Consensus Fundamental Properties andValues Think GloballyAct Locally Fostering confidence and protecting opportunities: The objective of security is to foster confidence in the Internet and to ensure the continued success of the Internet as a driver for economic and social innovation. Collective Responsibility: Internet participants share a responsibility towards the system as a whole. Fundamental Properties and Values: Security solutions should be compatible with fundamental human rights and preserve the fundamental properties of the Internet — the Internet Invariants. Evolution and Consensus: Effective security relies on agile evolutionary steps based on the expertise of a broad set of stakeholders. Think Globally, act Locally: It is through voluntary bottom-up self-organization that the most impactful solutions are likely to reached.
Collaborative Security | 18 June 2015 Where the rubber meets the road. 14 Enough conceptual talk.. lets see where that takes us.
Collaborative Security | 18 June 2015 Researchers 15 Development OPS Devops SDOs Orgs Collaborative security happens in may places, perhaps not even consciously. Anywhere where people get together and work towards improving trust of the Internet. No claim for completeness. Regional Registries: Maintaining Registries Regional Operators: Best Current Practices Industry organizations like MAAWG and first coordinating Programmers that try to do the right thing by sharing code, reviewing other people code Academic conferences that work on improving security etc…
Collaborative Security | 18 June 201516 STIX Taxii Examples of Standardization One goal of the workshop is to improve mutual awareness of the participating organizations, to understand their roles, and improve communication between them.  A key outcome of the workshop is to provide greater awareness of existing efforts to mitigate specific types of attacks and greater understanding of the options others have to collaborate and engage with these efforts.  Another goal is to improve end user experience through stronger coordination between the security, operations, and research  communities. CARIS Workshop DOTS An example of collaborative security are activities can be found in standardization. Here is some work that is relevant to the people in this room. But… technology alone will not be deployed without a general acceptance of the need, and a baseline of trust. Within OASIS there is (or has been) efforts to work on The Structured Threat Information Expression (STIX) is a language for describing cyber threat information in a standardized and structured manner. Trusted Automated Exchange of Indicator Information (TAXII) standardizes the trusted, automated exchange of cyber threat information. Both subject to another presentation this week. In the IETF we have seen a BOF around this topic too: The aim of DDoS Open Threat Signaling (DOTS) is to develop a standards based approach for the realtime signaling of DDoS related telemetry and threat handling requests and data between elements concerned with DDoS attack detection, classification, traceback and mitigation. There are a number of
Collaborative Security | 18 June 2015 { "handle" : "2001:0DC0:2000::/35", "startAddress" : "2001:dc0:2000::", "endAddress" : "2001:dc0:3fff:ffff:ffff:ffff:ffff:ffff", "ipVersion" : "v6", "name" : "APNIC-AP-V6-BNE", "type" : "ASSIGNED PORTABLE", "country" : "AU", "parentHandle" : "2001:0DC0::/32", "objectClassName" : "ip network", "entities" : [ { "handle" : "DNS3-AP", "vcardArray" : [ "vcard", [ [ "version", { }, "text", "4.0" ], [ "fn", { }, "text", "DNS Administration" ], [ "kind", { }, "text", "group" ], [ "adr", { "label" : "6 Cordelia StreetnSouth BrisbanenQLD 4101" }, "text", [ "", "", "", "", "", "", "" ] ], [ "tel", { "type" : "voice" }, "text", "+61 7 3367 0490" ], [ "tel", { "type" : "fax" }, "text", "+61 7 3367 0482" ], [ "email", { }, "text", "dns-admin@apnic.net" ] ] ], "roles" : [ "administrative" ], "objectClassName" : "entity", "remarks" : [ { "title" : "remarks", "description" : [ "DNS in-addr.arpa zone files maintainer" ] } ], "links" : [ { "value" : "http://rdap.apnic.net/ip/2001:dc0:2000::/35", "rel" : "self", "href" : "http://rdap.apnic.net/entity/DNS3-AP", "type" : "application/rdap+json" } ] }, { "handle" : "IRT-APNIC-AP", "vcardArray" : [ "vcard", [ [ "version", { }, "text", "4.0" ], [ "fn", { }, "text", "IRT-APNIC-AP" ], [ "kind", { }, "text", "group" ], [ "email", { "pref" : "1" }, "text", "security@apnic.net" ], [ "adr", { "label" : "Brisbane, Australia" }, "text", [ "", "", "", "", "", "", "" ] ], [ "email", { }, "text", "helpdesk@apnic.net" ] ] ], "roles" : [ "abuse" ], "objectClassName" : "entity", "remarks" : [ { "title" : "remarks", "description" : [ "APNIC is a Regional Internet Registry.", "We do not operate the referring network and", "is unable to investigate complaints of network abuse.", "For more information, see www.apnic.net/irt" ] } ], "links" : [ { "value" : "http://rdap.apnic.net/ip/2001:dc0:2000::/35", "rel" : "self", 17 RDAP Restful Queries RFC 7480-7485 Query and Response are standardized, structured and parssable JSON responses "Registry Operator shall implement a new standard supporting access to domain name registration data (SAC 051) no later than one hundred thirty--five (135) days after it is requested by ICANN if: 1) the IETF produces a standard (i.e., it is published, at least, as a Proposed Standard RFC as specified in RFC 2026); and 2) its implementation is commercially reasonable in the context of the overall operation of the registry." Currently there is no information in the bootstrap registry, that sort of indicates that there may not be a lot of operational deployment.
Collaborative Security | 18 June 201518 Mutually Agreed Norms for Routing Security (MANRS) Stimulate visible improvements in security and resilience of Internet Routing by changing towards a culture of collective responsibility
Collaborative Security | 18 June 2015 common problems to be addressed 19 incorrect routing information traffic with spoofedsource IP addresses coordination andcollaborationbetween networkoperators 1 The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet. 2 The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions. 3 The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions. 4 The organization encourages its customers and peers to adopt these Principles and Actions. Principles
Collaborative Security | 18 June 201520 Prevent propagation of incorrect routing information. Prevent traffic with spoofed source IP addresses. Facilitate global operational communication and coordination between network operators. Facilitate validation of routing information on a global scale. Action 1 Action 2 Action 3 Advanced Action 4
Collaborative Security | 18 June 201521 http://www.routingmanifesto.org/ http://manrs.org/ or Please have this conversation with your stakeholders
www.internetsociety.org
Collaborative Security | 18 June 2015 More Resources for Presentation In addition to this template, the Internet Society communications team has developed a number of resources to facilitate development of new materials and ensure clear, compelling and consistent branding and design. ▪ Additional templates and resources
 https://wiki.tools.isoc.org/Intranet/Communications/Templates ▪ Writing styleguide
 https://wiki.tools.isoc.org/Intranet/Communications/Styleguide ▪ Branding and logo information
 https://wiki.tools.isoc.org/Intranet/Communications/Branding 23
www.internetsociety.org Kolkman@isoc.org Chief Internet Technology Officer Olaf M. Kolkman
Collaborative Security | 18 June 2015 Today’s musings 25 Open Internet time TopicalFocus Policy Technology Collaborative Security Few Examples Outline of the presentation….

Recommended

Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Towards Quantification of Cyber Risk
Towards Quantification of Cyber RiskTowards Quantification of Cyber Risk
Towards Quantification of Cyber RiskKirstjen Nielsen
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World Internet Society
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiBiznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiebuc
 
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...sabrangsabrang
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For ActionBarry Greene
 
I4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse BrandaoI4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse BrandaoPaul van Heel
 

Recommended

Global Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityGlobal Partnership Key to Cyber Security
Global Partnership Key to Cyber SecurityDominic Karunesudas
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Towards Quantification of Cyber Risk
Towards Quantification of Cyber RiskTowards Quantification of Cyber Risk
Towards Quantification of Cyber RiskKirstjen Nielsen
 
“Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World “Security” In a Digital Interconnected World
“Security” In a Digital Interconnected World Internet Society
 
Biznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiBiznesa infrastruktūras un datu drošības juridiskie aspekti
Biznesa infrastruktūras un datu drošības juridiskie aspektiebuc
 
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...
2020.10.11 international statement_end-to-end_encryption_and_public_safety_fo...sabrangsabrang
 
Indusrty Strategy For Action
Indusrty Strategy For ActionIndusrty Strategy For Action
Indusrty Strategy For ActionBarry Greene
 
I4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse BrandaoI4ADA 2019 - Presentation Jacques Kruse Brandao
I4ADA 2019 - Presentation Jacques Kruse BrandaoPaul van Heel
 
Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Cissp notes
Cissp notesCissp notes
Cissp notesJagbir Singh
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittJack Whitsitt
 
brochure
brochurebrochure
brochureAri Järvinen
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peacePaul van Heel
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
BCC 2009 - NSTC
BCC 2009 - NSTCBCC 2009 - NSTC
BCC 2009 - NSTCDuane Blackburn
 
Yours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceYours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceJack Whitsitt
 
Pdf lachow anu
Pdf lachow anuPdf lachow anu
Pdf lachow anutheresa may
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013M P Keshava
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEOMicheal Axelsen
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 
Warnambool
WarnamboolWarnambool
Warnamboolafrahtahsin
 
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...Internet Technology Matters (Internet Society)
 

More Related Content

What's hot

Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Dawn Yankeelov
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittJack Whitsitt
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peacePaul van Heel
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Yours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceYours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceJack Whitsitt
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013M P Keshava
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseDavid Berkelmans
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseWilliam McBorrough
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEOMicheal Axelsen
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research CSSaunders
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Microsoft
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionWilliam McBorrough
 

What's hot (20)

Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019Cyber Security Threats Facing Small Businesses--June 2019
Cyber Security Threats Facing Small Businesses--June 2019
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Cissp notes
Cissp notesCissp notes
Cissp notes
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack WhitsittNIST Cybersecurity Framework Background and Review | Jack Whitsitt
NIST Cybersecurity Framework Background and Review | Jack Whitsitt
 
brochure
brochurebrochure
brochure
 
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peaceI4ADA 2019 - Presentation Accountability & cyber security & cyber peace
I4ADA 2019 - Presentation Accountability & cyber security & cyber peace
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
BCC 2009 - NSTC
BCC 2009 - NSTCBCC 2009 - NSTC
BCC 2009 - NSTC
 
Yours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem SpaceYours Anecdotally: Developing a Cybersecurity Problem Space
Yours Anecdotally: Developing a Cybersecurity Problem Space
 
Pdf lachow anu
Pdf lachow anuPdf lachow anu
Pdf lachow anu
 
National cyber security policy 2013
National cyber security policy 2013National cyber security policy 2013
National cyber security policy 2013
 
ISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press releaseISACA Canberra 30th annivesary press release
ISACA Canberra 30th annivesary press release
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
Cyber Security and the CEO
Cyber Security and the CEOCyber Security and the CEO
Cyber Security and the CEO
 
Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research Professor Martin Gill, Director, Perpetuity Research
Professor Martin Gill, Director, Perpetuity Research
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 

Viewers also liked

Shakib Al Hasan Photos
Shakib Al Hasan PhotosShakib Al Hasan Photos
Shakib Al Hasan Photosafrahtahsin
 
Mailing Services Price Changes
Mailing Services Price ChangesMailing Services Price Changes
Mailing Services Price ChangesGraeme Lazarus
 
Shakib Al Hasan Photos
Shakib Al Hasan PhotosShakib Al Hasan Photos
Shakib Al Hasan Photosafrahtahsin
 
Evaluation Question 5
Evaluation Question 5Evaluation Question 5
Evaluation Question 5jameescook
 
Share this consumer sharing trends report q4 2013
Share this consumer sharing trends report q4 2013Share this consumer sharing trends report q4 2013
Share this consumer sharing trends report q4 2013Marketing4eCommerce
 
Radware state of_the_union_report_winter_2013-14
Radware state of_the_union_report_winter_2013-14Radware state of_the_union_report_winter_2013-14
Radware state of_the_union_report_winter_2013-14Marketing4eCommerce
 

Viewers also liked (20)

Warnambool
WarnamboolWarnambool
Warnambool
 
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
Initial Routing Resilience Survey Results Show At Least 10% Of Incidents Are ...
 
Shakib Al Hasan Photos
Shakib Al Hasan PhotosShakib Al Hasan Photos
Shakib Al Hasan Photos
 
Mailing Services Price Changes
Mailing Services Price ChangesMailing Services Price Changes
Mailing Services Price Changes
 
Market live report
Market live reportMarket live report
Market live report
 
v6 World Congress: Measurements from World IPv6 Launch
v6 World Congress: Measurements from World IPv6 Launchv6 World Congress: Measurements from World IPv6 Launch
v6 World Congress: Measurements from World IPv6 Launch
 
Shakib Al Hasan Photos
Shakib Al Hasan PhotosShakib Al Hasan Photos
Shakib Al Hasan Photos
 
Novedades febrero 2014
Novedades febrero 2014Novedades febrero 2014
Novedades febrero 2014
 
Novedades diciembre 2015
Novedades diciembre 2015Novedades diciembre 2015
Novedades diciembre 2015
 
Aliens
AliensAliens
Aliens
 
Routing Resilience Manifesto
Routing Resilience ManifestoRouting Resilience Manifesto
Routing Resilience Manifesto
 
Novedades septiembre 2015
Novedades septiembre 2015Novedades septiembre 2015
Novedades septiembre 2015
 
Evaluation Question 5
Evaluation Question 5Evaluation Question 5
Evaluation Question 5
 
ISOC Panel at IETF 90 - Internet Security and Privacy: Ten years later
ISOC Panel at IETF 90 - Internet Security and Privacy: Ten years laterISOC Panel at IETF 90 - Internet Security and Privacy: Ten years later
ISOC Panel at IETF 90 - Internet Security and Privacy: Ten years later
 
Share this consumer sharing trends report q4 2013
Share this consumer sharing trends report q4 2013Share this consumer sharing trends report q4 2013
Share this consumer sharing trends report q4 2013
 
Giant Pandas
Giant PandasGiant Pandas
Giant Pandas
 
Novedades marzo 2014
Novedades marzo 2014Novedades marzo 2014
Novedades marzo 2014
 
Novedades marzo 2016
Novedades marzo 2016Novedades marzo 2016
Novedades marzo 2016
 
Radware state of_the_union_report_winter_2013-14
Radware state of_the_union_report_winter_2013-14Radware state of_the_union_report_winter_2013-14
Radware state of_the_union_report_winter_2013-14
 
Novedades septiembre 2014
Novedades septiembre 2014Novedades septiembre 2014
Novedades septiembre 2014
 

Similar to Olaf Kolkman - FIRST Keynote on Collaborative Security

Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Silvia Cardona
 
Why Is Security A Shared Responsibility.pdf
Why Is Security A Shared Responsibility.pdfWhy Is Security A Shared Responsibility.pdf
Why Is Security A Shared Responsibility.pdfCiente
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in IndiaDinesh O Bareja
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaRahul Neel Mani
 
Report on zero rating and its definition – 18 annenberg-oxford media policy s...
Report on zero rating and its definition – 18 annenberg-oxford media policy s...Report on zero rating and its definition – 18 annenberg-oxford media policy s...
Report on zero rating and its definition – 18 annenberg-oxford media policy s...Shreedeep Rayamajhi
 
Cyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperCyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperMicrosoft
 
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018FERMA
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Future Risk: 12 Key Issues for Insurance in the Next Decade
Future Risk: 12 Key Issues for Insurance in the Next DecadeFuture Risk: 12 Key Issues for Insurance in the Next Decade
Future Risk: 12 Key Issues for Insurance in the Next DecadeFuture Agenda
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperMicrosoft
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxdaniahendric
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexShivamSharma909
 
Re thinking regulation at the age of AI
Re thinking regulation at the age of AIRe thinking regulation at the age of AI
Re thinking regulation at the age of AILofred Madzou
 
ICT and Disaster Risk Reduction
ICT and Disaster Risk ReductionICT and Disaster Risk Reduction
ICT and Disaster Risk ReductionGisli Olafsson
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 

Similar to Olaf Kolkman - FIRST Keynote on Collaborative Security (20)

Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014Wef risk responsibility_hyperconnectedworld_report_2014
Wef risk responsibility_hyperconnectedworld_report_2014
 
Why Is Security A Shared Responsibility.pdf
Why Is Security A Shared Responsibility.pdfWhy Is Security A Shared Responsibility.pdf
Why Is Security A Shared Responsibility.pdf
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in India
 
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY IndiaGet Ahead of Cyber Security by Tiffy Issac, Partner EY India
Get Ahead of Cyber Security by Tiffy Issac, Partner EY India
 
Report on zero rating and its definition – 18 annenberg-oxford media policy s...
Report on zero rating and its definition – 18 annenberg-oxford media policy s...Report on zero rating and its definition – 18 annenberg-oxford media policy s...
Report on zero rating and its definition – 18 annenberg-oxford media policy s...
 
Cyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaperCyber Security Conference - Msps cybersecurity whitepaper
Cyber Security Conference - Msps cybersecurity whitepaper
 
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
Io t whitepaper_5_15_17
Io t whitepaper_5_15_17Io t whitepaper_5_15_17
Io t whitepaper_5_15_17
 
Future Risk: 12 Key Issues for Insurance in the Next Decade
Future Risk: 12 Key Issues for Insurance in the Next DecadeFuture Risk: 12 Key Issues for Insurance in the Next Decade
Future Risk: 12 Key Issues for Insurance in the Next Decade
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Cyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paperCyber Security Conference - Trustworthy computing cybersecurity white paper
Cyber Security Conference - Trustworthy computing cybersecurity white paper
 
Analysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docxAnalysis of personal information security behavior and awareness.docx
Analysis of personal information security behavior and awareness.docx
 
ICISS Newsletter March 14
ICISS Newsletter March 14ICISS Newsletter March 14
ICISS Newsletter March 14
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
 
Re thinking regulation at the age of AI
Re thinking regulation at the age of AIRe thinking regulation at the age of AI
Re thinking regulation at the age of AI
 
ICT and Disaster Risk Reduction
ICT and Disaster Risk ReductionICT and Disaster Risk Reduction
ICT and Disaster Risk Reduction
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperation
 

More from Internet Technology Matters (Internet Society)

More from Internet Technology Matters (Internet Society) (6)

New Security Mechanisms for Network Time Synchronization Protocols
New Security Mechanisms for Network Time Synchronization ProtocolsNew Security Mechanisms for Network Time Synchronization Protocols
New Security Mechanisms for Network Time Synchronization Protocols
 
The I in Internet of Things: Implications for the Global Open Internet
The I in Internet of Things: Implications for the Global Open InternetThe I in Internet of Things: Implications for the Global Open Internet
The I in Internet of Things: Implications for the Global Open Internet
 
Tackling Protocol Diversity: ISOC@IETF Panel at IETF 93
Tackling Protocol Diversity: ISOC@IETF Panel at IETF 93Tackling Protocol Diversity: ISOC@IETF Panel at IETF 93
Tackling Protocol Diversity: ISOC@IETF Panel at IETF 93
 
ISOC Efforts in Collaborative Responsibility Toward Internet Security and Res...
ISOC Efforts in Collaborative Responsibility Toward Internet Security and Res...ISOC Efforts in Collaborative Responsibility Toward Internet Security and Res...
ISOC Efforts in Collaborative Responsibility Toward Internet Security and Res...
 
Evolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other networkEvolution of end-to-end: why the Internet is not like any other network
Evolution of end-to-end: why the Internet is not like any other network
 
IPv6 Predictions for 2014
IPv6 Predictions for 2014IPv6 Predictions for 2014
IPv6 Predictions for 2014
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

Olaf Kolkman - FIRST Keynote on Collaborative Security

  • 1. www.internetsociety.org Collaborative Security Reflections about Security and the Open Internet 27th Annual First Conference June 18, 2015
  • 2. Collaborative Security | 18 June 2015 http://www.internetsociety.org/get-involved/individuals 2 independent source of leadership for Internet policy, technology standards, and future development Mission: To promote the open development, evolution, and use of the Internet for the benefit of all people throughout the world. Founded in 1992 by Internet Pioneers Global andInclusive Independent and Not-for-Profit Organizational home for the IETF First a few words about who we are, the Internet society….
  • 4. Collaborative Security | 18 June 20154 We usually think of the Internet as a complex network of networks, each operated by autonomous operators whereby the services are only loosely coupled to the offered transport networks that offers a best effort service. where application providers provide their applications
  • 5. Collaborative Security | 18 June 20155 When we talk about technology we have to remember that the technology is really an enabler for humans. The technology is primarily a driver for Socio economic capabilities. (Although this picture might make you wonder if we give up other social interactions … ) But.. back to the technology for a bit.
  • 6. Collaborative Security | 18 June 20156 Global Reach & Integrity http://www.internetsociety.org/internet-invariants-what-really-matters General Purpose Permissionless Innovation Accessible Accessible Interoperability& mutual agreement Collaboration Interoperable Building Blocks No Permanent Favorites Global reach, integrity: Any endpoint of the Internet can address any other endpoint, and the information received at one endpoint is as intended by the sender, wherever the receiver connects to the Internet. Implicit in this is the requirement of global, managed addressing and naming services. General purpose: The Internet is capable of supporting a wide range of demands for its use. While some networks within it may be optimized for certain traffic patterns or expected uses, the technology does not place inherent limitations on the applications or services that make use of it. Supports innovation without requiring permission (by anyone): Any person or organization can set up a new service, that abides by the existing standards and best practices, and make it available to the rest of the Internet, without requiring special permission. Accessible – it’s possible to connect to it, build new parts of it, and study it overall: Anyone can “get on” the Internet – not just to consume content from others, but also to contribute content on existing services, put up a server (Internet node), and attach new networks. Based on interoperability and mutual agreement: The key to enabling inter-networking is to define the context for interoperation – through open standards for the technologies, and mutual agreements between operators of autonomous pieces of the Internet. Collaboration: Overall, a spirit of collaboration is required – beyond the initial basis of interoperation and bi-lateral agreements, the best solutions to new issues that arise stem from willing collaboration between stakeholders. Technology – reusable building blocks: Technologies have been built and deployed on the Internet for one purpose, only to be used at a later date to support some other important function. There are no permanent favourites: While some technologies, companies and regions have flourished, their continued success depends on continued relevance and utility, not strictly some favoured status.
  • 7. Collaborative Security | 18 June 20157 Security, stupid The economy, stupid — James Carville had coined as a campaign strategist of Bill Clinton's successful 1992 presidential campaign against sitting president George H. W. Bush. Security is like economy.
  • 8. Collaborative Security | 18 June 20158 OpenPlatform Open forattack andintrusion Permission less innovation Malware development & deployment Global Reach Attacks and crime are cross-border Voluntary collaboration Hard to mandate Looking at these invariants to the security perspective.
  • 9. Collaborative Security | 18 June 20159 Security is not an end in itself There is no thing as suchabsolutesecurity Acceptable residual risks in a specific context Resilience Policy measures that are premised on stopping bad things, rather than protecting what is valued, provide no guide as to how far those measures should go. If we are not careful, the spectre of cyber threats can be used as a vehicle for control of networks and how they are used, plus pervasive monitoring
  • 10. Collaborative Security | 18 June 201510 Photo credit: Allen Watkin
 Source: https://flic.kr/p/47zXL3
 License: CC-2.0 BY-SA Protect the inside from the outside? Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
  • 11. Collaborative Security | 18 June 201511 The Internet, with its high degree of interconnection and dependencies, brings another dimension to the management of risks. Security and resilience of the Internet depends not only on how well risks to you and your assets are managed, but also, importantly, on the management of risks that you (by your action or inaction) present to the Internet ecosystem – the “outward” risks. Additionally, some risks need to be managed by more than one actor. This is the notion of collective and shared risk management – a notion that is well aligned with the “public interest” nature of the Internet. This latter aspect of risk management is not necessarily self-evident, especially since there is often no obviously identifiable immediate harm to the actors or their assets and, therefore, no direct business case that can be immediately associated with such effort. And, it also is human nature to seek outcomes that further our individual “self-interest”. However, such a narrow approach is counter-productive and, in the long-term, harmful to everyone’s interests – not only will it impact the security of the ecosystem, but it will also diminish the overall pool of social and economic potential that the Internet offers.
  • 12. Collaborative Security | 18 June 201512 Traditional approaches to security were principally concerned with external and internal threats, and the impact they may have on one’s own assets [in other words, threat-based and self-interested]. There is, however, a growing recognition that a security paradigm for the Internet ecosystem should be premised on protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm.
  • 13. Collaborative Security | 18 June 201513 Fostering Confidence and Protecting Opportunities Collective Responsibility Evolution and Consensus Fundamental Properties andValues Think GloballyAct Locally Fostering confidence and protecting opportunities: The objective of security is to foster confidence in the Internet and to ensure the continued success of the Internet as a driver for economic and social innovation. Collective Responsibility: Internet participants share a responsibility towards the system as a whole. Fundamental Properties and Values: Security solutions should be compatible with fundamental human rights and preserve the fundamental properties of the Internet — the Internet Invariants. Evolution and Consensus: Effective security relies on agile evolutionary steps based on the expertise of a broad set of stakeholders. Think Globally, act Locally: It is through voluntary bottom-up self-organization that the most impactful solutions are likely to reached.
  • 14. Collaborative Security | 18 June 2015 Where the rubber meets the road. 14 Enough conceptual talk.. lets see where that takes us.
  • 15. Collaborative Security | 18 June 2015 Researchers 15 Development OPS Devops SDOs Orgs Collaborative security happens in may places, perhaps not even consciously. Anywhere where people get together and work towards improving trust of the Internet. No claim for completeness. Regional Registries: Maintaining Registries Regional Operators: Best Current Practices Industry organizations like MAAWG and first coordinating Programmers that try to do the right thing by sharing code, reviewing other people code Academic conferences that work on improving security etc…
  • 16. Collaborative Security | 18 June 201516 STIX Taxii Examples of Standardization One goal of the workshop is to improve mutual awareness of the participating organizations, to understand their roles, and improve communication between them.  A key outcome of the workshop is to provide greater awareness of existing efforts to mitigate specific types of attacks and greater understanding of the options others have to collaborate and engage with these efforts.  Another goal is to improve end user experience through stronger coordination between the security, operations, and research  communities. CARIS Workshop DOTS An example of collaborative security are activities can be found in standardization. Here is some work that is relevant to the people in this room. But… technology alone will not be deployed without a general acceptance of the need, and a baseline of trust. Within OASIS there is (or has been) efforts to work on The Structured Threat Information Expression (STIX) is a language for describing cyber threat information in a standardized and structured manner. Trusted Automated Exchange of Indicator Information (TAXII) standardizes the trusted, automated exchange of cyber threat information. Both subject to another presentation this week. In the IETF we have seen a BOF around this topic too: The aim of DDoS Open Threat Signaling (DOTS) is to develop a standards based approach for the realtime signaling of DDoS related telemetry and threat handling requests and data between elements concerned with DDoS attack detection, classification, traceback and mitigation. There are a number of
  • 17. Collaborative Security | 18 June 2015 { "handle" : "2001:0DC0:2000::/35", "startAddress" : "2001:dc0:2000::", "endAddress" : "2001:dc0:3fff:ffff:ffff:ffff:ffff:ffff", "ipVersion" : "v6", "name" : "APNIC-AP-V6-BNE", "type" : "ASSIGNED PORTABLE", "country" : "AU", "parentHandle" : "2001:0DC0::/32", "objectClassName" : "ip network", "entities" : [ { "handle" : "DNS3-AP", "vcardArray" : [ "vcard", [ [ "version", { }, "text", "4.0" ], [ "fn", { }, "text", "DNS Administration" ], [ "kind", { }, "text", "group" ], [ "adr", { "label" : "6 Cordelia StreetnSouth BrisbanenQLD 4101" }, "text", [ "", "", "", "", "", "", "" ] ], [ "tel", { "type" : "voice" }, "text", "+61 7 3367 0490" ], [ "tel", { "type" : "fax" }, "text", "+61 7 3367 0482" ], [ "email", { }, "text", "dns-admin@apnic.net" ] ] ], "roles" : [ "administrative" ], "objectClassName" : "entity", "remarks" : [ { "title" : "remarks", "description" : [ "DNS in-addr.arpa zone files maintainer" ] } ], "links" : [ { "value" : "http://rdap.apnic.net/ip/2001:dc0:2000::/35", "rel" : "self", "href" : "http://rdap.apnic.net/entity/DNS3-AP", "type" : "application/rdap+json" } ] }, { "handle" : "IRT-APNIC-AP", "vcardArray" : [ "vcard", [ [ "version", { }, "text", "4.0" ], [ "fn", { }, "text", "IRT-APNIC-AP" ], [ "kind", { }, "text", "group" ], [ "email", { "pref" : "1" }, "text", "security@apnic.net" ], [ "adr", { "label" : "Brisbane, Australia" }, "text", [ "", "", "", "", "", "", "" ] ], [ "email", { }, "text", "helpdesk@apnic.net" ] ] ], "roles" : [ "abuse" ], "objectClassName" : "entity", "remarks" : [ { "title" : "remarks", "description" : [ "APNIC is a Regional Internet Registry.", "We do not operate the referring network and", "is unable to investigate complaints of network abuse.", "For more information, see www.apnic.net/irt" ] } ], "links" : [ { "value" : "http://rdap.apnic.net/ip/2001:dc0:2000::/35", "rel" : "self", 17 RDAP Restful Queries RFC 7480-7485 Query and Response are standardized, structured and parssable JSON responses "Registry Operator shall implement a new standard supporting access to domain name registration data (SAC 051) no later than one hundred thirty--five (135) days after it is requested by ICANN if: 1) the IETF produces a standard (i.e., it is published, at least, as a Proposed Standard RFC as specified in RFC 2026); and 2) its implementation is commercially reasonable in the context of the overall operation of the registry." Currently there is no information in the bootstrap registry, that sort of indicates that there may not be a lot of operational deployment.
  • 18. Collaborative Security | 18 June 201518 Mutually Agreed Norms for Routing Security (MANRS) Stimulate visible improvements in security and resilience of Internet Routing by changing towards a culture of collective responsibility
  • 19. Collaborative Security | 18 June 2015 common problems to be addressed 19 incorrect routing information traffic with spoofedsource IP addresses coordination andcollaborationbetween networkoperators 1 The organization (ISP/network operator) recognizes the interdependent nature of the global routing system and its own role in contributing to a secure and resilient Internet. 2 The organization integrates best current practices related to routing security and resilience in its network management processes in line with the Actions. 3 The organization is committed to preventing, detecting and mitigating routing incidents through collaboration and coordination with peers and other ISPs in line with the Actions. 4 The organization encourages its customers and peers to adopt these Principles and Actions. Principles
  • 20. Collaborative Security | 18 June 201520 Prevent propagation of incorrect routing information. Prevent traffic with spoofed source IP addresses. Facilitate global operational communication and coordination between network operators. Facilitate validation of routing information on a global scale. Action 1 Action 2 Action 3 Advanced Action 4
  • 21. Collaborative Security | 18 June 201521 http://www.routingmanifesto.org/ http://manrs.org/ or Please have this conversation with your stakeholders
  • 23. Collaborative Security | 18 June 2015 More Resources for Presentation In addition to this template, the Internet Society communications team has developed a number of resources to facilitate development of new materials and ensure clear, compelling and consistent branding and design. ▪ Additional templates and resources
 https://wiki.tools.isoc.org/Intranet/Communications/Templates ▪ Writing styleguide
 https://wiki.tools.isoc.org/Intranet/Communications/Styleguide ▪ Branding and logo information
 https://wiki.tools.isoc.org/Intranet/Communications/Branding 23
  • 25. Collaborative Security | 18 June 2015 Today’s musings 25 Open Internet time TopicalFocus Policy Technology Collaborative Security Few Examples Outline of the presentation….