WARPs Gen0304 by HC12083102579


									National Infrastructure Security Coordination Centre

          Information Sharing
       within the CNI, and Beyond

                                     Peter Burnett
      8th   March 2004               Head of Information Sharing
Where does Information Sharing fit in NISCC ?

               Critical National Infrastructure

  Investigating         Promoting            Vulnerabilities
  and Assessing         Protection and
  the threat of eA
                                             Responding to

         Research and Development/ Policy/ Mapping
        Information Sharing

               What is it ?
– Sharing Information about Incidents
–   With NISCC
–   With each other
–   Sharing Real incidents and experiences
–   Informing Assessment of the Threat
–   Raising Awareness
–   Warning each other
–   Sharing Advice & Good Practice
–   Cooperation, Collaboration
          Information Sharing
           Why is it necessary ?
• There is a need for all connected users to protect their
  own systems and data, and to avoid unwittingly
  attacking others.

• This requires greater Awareness and Education
  amongst all users.

• Different communities require different types and levels
  of advice using appropriate language.

• Delivering relevant messages to small communities is
  much more effective than large-scale alerting.
             Information Sharing

       Why is NISCC doing it ?

•   UK lead on IA for Government & CNI
•   More Reporting = better Warning
•   Efficient Trusted channel for issuing Alerts etc
•   Better Awareness & Protection Generally
•   Everyone benefits, including the CNI
         Information Sharing

           How to do it
•   ISACs (US)
•   CERTs
•   Information Exchanges (CNI)
•   WARPs (Local Govt, SMEs, citizens etc)
           Information Sharing

•   UK CERTs Forum
•   EGC
•   CWN, FIRST etc.
•   Limited in number, scope & reach.
NISCC – Information Sharing

   Information Exchange (IE)
An information sharing mechanism established within
a sub-sector to contribute to the protection of the UK’s
Critical National Infrastructure (CNI)

Regular Face to face sharing

Trust & confidentiality

Supplementary communication links

IE ‘Product’
 NISCC – Information Sharing

             THE WARP
• Issues Alerts & Warnings
• Broker for Advice & best practice
• Gathers, sanitises, and shares
  Incident Reports
• Warning, Advice & Reporting Point
 NISCC – Information Sharing

            Why WARPs ?
• WARPs are small, focused, cheap, semi-
• They can provide a filtered warning service
• They can work for citizen & SME groups
• They can work at various levels
• They can reproduce to fill the gaps
                     A Shared Solution
Open Sources,

                               Warnings                WARP

                Incident Reports       Filter
                 Good Practice       Prioritise
                    Solutions       Supplement
                     Skills         Add Value


                e-COMMUNITY                          Experience,
                                                  Expertise, Solutions
  WARP for London Boroughs www.lcwarp.org
                                     London Borough B                   London Borough C etc.
  London Borough A

                       Encrypted links              Encrypted links
    Authorised users
    in each Borough
                                                                      Supported by SOCITM, OeE & NISCC

 33 London Boroughs                                                       Future ‘LA’ WARPs

                                                          LondonConnects                  Secure system
                                                                                          with fallback
                                                              WARP                        contingency

                       NISCC                                                            1 Admin.
Bugtraq                                  Encrypted link
                                                                          1 Technical
CSIRTs                                    UNIRAS                             FTE
    NISCC – Information Sharing

• London WARP pilot
    – National ‘Local Authorities’ WARP
•   Secure Kent (Local Government and business)
•   Chamber of Commerce (SMEs)
•   Other groups interested
•   Some large organisations
    NISCC – Information Sharing

    CERT – WARP collaboration
•   Information Sharing Workshop 2003
•   ‘Adopt a WARP’ proposal
•   ‘Twinning’ between WARPs & others
•   WARPs as satellites of CERTs
•   Extend CERT influence
•   Share burdens
    NISCC – Information Sharing

    WARPs – The Way Forward
•   Support several pilots
•   Learn from experience
•   Produce ‘tools’ to assist new WARPs
•   Link WARPs to each other and to CERTs
•   Attract major sponsorship
•   Launch WARP Toolbox
•   Continual Improvement
 Starts with the Business Case
 Based on 3 core services:
      1.   Reporting and Trusted
           Sharing Service
      2.   Good Practice & Advice
           Brokering Service
      3.   Filtered Warning &
           Alerting Service
 Sample security policies &
 Guidelines and whitepapers
 Application software
Seven stages in Building a WARP
Business case

                                                 WARP toolbox will
       Service Definition                        provide guidance and
                                                 tools for all stages
                Service Development

                         Service Provision

                                                Service Operation

        Build - budget, team, infrastructure, management and administration

            Marketing, raise awareness, build and maintain membership
          WARP Toolbox -
    Stage 1 - Business case
•   Background information on building Business cases for Information
•   Choosing the WARP community, and helping identify a WARP
•   Why should I build a WARP should be read by those organisations who
    want to know the benefits of setting up and managing a WARP;
•   Resource/cost template, in setting up a WARP against each of the seven
    stages described in the toolbox;
•   Indicative costings, with stated assumptions on the WARP
•   Funding models for both set-up and running costs.
•   How to attract sponsorship and partners
•   Business case headings, and associated comments to help potential
    members build the case for information sharing;
•   WARP services and benefits, to help argue the ROI for membership;
•   Engaging senior management, describes an approach which may help
    potential members engage with senior management.

• WARPs will become endemic across the UK,
  and beyond
  –   Self-replicating
  –   Free-standing
  –   Self-regulating
  –   Cooperative
  –   Contributing
       •   To their members
       •   To the CNI
       •   To each other
       •   To NISCC

To top