WARPs Gen0304 by HC12083102579

VIEWS: 0 PAGES: 20

									National Infrastructure Security Coordination Centre




          Information Sharing
       within the CNI, and Beyond


                                     Peter Burnett
      8th   March 2004               Head of Information Sharing
                                     peterb@niscc.gov.uk
Where does Information Sharing fit in NISCC ?

               Critical National Infrastructure



  Investigating         Promoting            Vulnerabilities
  and Assessing         Protection and
       INFORMATION SHARING
  the threat of eA
                     Exploits
                        Assurance
                                             Responding to
                                             incidents

         Research and Development/ Policy/ Mapping
        Information Sharing

               What is it ?
– Sharing Information about Incidents
–   With NISCC
–   With each other
–   Sharing Real incidents and experiences
–   Informing Assessment of the Threat
–   Raising Awareness
–   Warning each other
–   Sharing Advice & Good Practice
–   Cooperation, Collaboration
          Information Sharing
           Why is it necessary ?
• There is a need for all connected users to protect their
  own systems and data, and to avoid unwittingly
  attacking others.

• This requires greater Awareness and Education
  amongst all users.

• Different communities require different types and levels
  of advice using appropriate language.

• Delivering relevant messages to small communities is
  much more effective than large-scale alerting.
             Information Sharing


       Why is NISCC doing it ?

•   UK lead on IA for Government & CNI
•   More Reporting = better Warning
•   Efficient Trusted channel for issuing Alerts etc
•   Better Awareness & Protection Generally
•   Everyone benefits, including the CNI
         Information Sharing

           How to do it
•   ISACs (US)
•   CERTs
•   Information Exchanges (CNI)
•   WARPs (Local Govt, SMEs, citizens etc)
           Information Sharing


           CERTs
•   UK CERTs Forum
•   EGC
•   CWN, FIRST etc.
•   Limited in number, scope & reach.
NISCC – Information Sharing

   Information Exchange (IE)
An information sharing mechanism established within
a sub-sector to contribute to the protection of the UK’s
Critical National Infrastructure (CNI)

Regular Face to face sharing

Trust & confidentiality

Supplementary communication links

IE ‘Product’
 NISCC – Information Sharing

             THE WARP
• Issues Alerts & Warnings
• Broker for Advice & best practice
• Gathers, sanitises, and shares
  Incident Reports
• Warning, Advice & Reporting Point
 NISCC – Information Sharing

            Why WARPs ?
• WARPs are small, focused, cheap, semi-
  technical
• They can provide a filtered warning service
• They can work for citizen & SME groups
• They can work at various levels
• They can reproduce to fill the gaps
                     A Shared Solution
Open Sources,
   CERTs


                  WARP
                               Warnings                WARP
                                Advice

                Incident Reports       Filter
                 Good Practice       Prioritise
                    Solutions       Supplement
                     Skills         Add Value

   Problems
                                                  e-COMMUNITY

                e-COMMUNITY                          Experience,
                                                  Expertise, Solutions
  WARP for London Boroughs www.lcwarp.org
                                     London Borough B                   London Borough C etc.
  London Borough A




                       Encrypted links              Encrypted links
    Authorised users
    in each Borough
                                                                      Supported by SOCITM, OeE & NISCC

 33 London Boroughs                                                       Future ‘LA’ WARPs

                                                          LondonConnects                  Secure system
                                                                                          with fallback
                                                              WARP                        contingency

 CERTs
                       NISCC                                                            1 Admin.
Bugtraq                                  Encrypted link
                                                                                          FTE
                                                                          1 Technical
CSIRTs                                    UNIRAS                             FTE
 Sans
  Other
    NISCC – Information Sharing

                    WARPs
• London WARP pilot
    – National ‘Local Authorities’ WARP
•   Secure Kent (Local Government and business)
•   Chamber of Commerce (SMEs)
•   Other groups interested
•   Some large organisations
    NISCC – Information Sharing

    CERT – WARP collaboration
•   Information Sharing Workshop 2003
•   ‘Adopt a WARP’ proposal
•   ‘Twinning’ between WARPs & others
•   WARPs as satellites of CERTs
•   Extend CERT influence
•   Share burdens
    NISCC – Information Sharing

    WARPs – The Way Forward
•   Support several pilots
•   Learn from experience
•   Produce ‘tools’ to assist new WARPs
•   Link WARPs to each other and to CERTs
•   Attract major sponsorship
•   Launch WARP Toolbox
•   Continual Improvement
     The WARP TOOLBOX
 Starts with the Business Case
 Based on 3 core services:
      1.   Reporting and Trusted
           Sharing Service
      2.   Good Practice & Advice
           Brokering Service
      3.   Filtered Warning &
           Alerting Service
 Sample security policies &
  templates
 Guidelines and whitepapers
 Application software
Seven stages in Building a WARP
Business case

                                                 WARP toolbox will
       Service Definition                        provide guidance and
                                                 tools for all stages
                Service Development


                         Service Provision


                                                Service Operation



        Build - budget, team, infrastructure, management and administration


            Marketing, raise awareness, build and maintain membership
          WARP Toolbox -
    Stage 1 - Business case
•   Background information on building Business cases for Information
    Security;
•   Choosing the WARP community, and helping identify a WARP
    champion;
•   Why should I build a WARP should be read by those organisations who
    want to know the benefits of setting up and managing a WARP;
•   Resource/cost template, in setting up a WARP against each of the seven
    stages described in the toolbox;
•   Indicative costings, with stated assumptions on the WARP
    implementation;
•   Funding models for both set-up and running costs.
•   How to attract sponsorship and partners
•   Business case headings, and associated comments to help potential
    members build the case for information sharing;
•   WARP services and benefits, to help argue the ROI for membership;
•   Engaging senior management, describes an approach which may help
    potential members engage with senior management.
                      WARPs



• WARPs will become endemic across the UK,
  and beyond
  –   Self-replicating
  –   Free-standing
  –   Self-regulating
  –   Cooperative
  –   Contributing
       •   To their members
       •   To the CNI
       •   To each other
       •   To NISCC

								
To top