INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 2 OSCT Activity Areas –Security Service Challenge  Pal Anderssen –Security Monitoring  Romain Wartel –Incident Response  Ian Neilson

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 3 Incident Response Planning At Pisa(Oct 2005) - –Proposed: Incident Response HandbookIncident Response Handbook  Make procedures out of policy Quicker to update than policy Lighter process than SSC  Framework for planning activity –4 Sections/Activities  Quick Start The basic process  Grid resources References for contacts and administrators  Services Reference Threat and impact by service  Playbook Worked examples

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 4 Incident Response Planning Issues raised (Pisa) –“Not clear there is effort available now”  Clear there is not! –OSCT/IR Integration with operational procedures  CIC, GGUS procedures still evolving –Relations/communications with peering grid projects –NREN CSIRTS  NRENS and Grids workshops Handbook –Almost no feedback  What there was rather negative/off mark –“Playbook” twiki senarios - 2 of 6 

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 5 EGEE-II SA1 structure

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 6 EGEE-II Security Coordination Group (SCG) –“Security tasks are thus spread over several activities that are coordinated via a cross-activity Security Coordination Group (SCG). The SCG members are drawn from SA1, JRA1 and JRA2 and the group is responsible for overall security coordination. The SCG is chaired by a Security Head, organisationally part of the Quality Assurance Activity JRA2.” OPERATIONS COORDINATION CENTRE (OCC) –“ The OCC coordinates the SA1 activity and its tasks and has the mandate to distribute tasks to the ROCs as necessary. Its responsibilities include:  ….  Coordinate the operational security activity;  ….”

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 7 EGEE-II ROC-centric –“The mandatory set of ROC responsibilities is the following:  …..  Responsible for ensuring that operational problems in the region or in resource centres in the region are resolved and followed-up. The ROC owns the operational problems and is responsible for them;  …..  Coordinate Grid security in the region; provide incident response teams (with members from the sites);  …..” Other security ROC activities - –Coordinate the Joint Security Policy Group;  Will be provided by UK/I (CCLRC); –Security vulnerability and risk analysis.  This is a new task that will verify the security of middleware being deployed. This includes coordinating code reviews, providing information on best practices for developers, etc;  Will be provided by UK/I (CCLRC);

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 8 EGEE-II “It is time and effort consuming to work through with each site incident scenarios, but this cost outweighs the potential real cost of a significant incident. Nevertheless investment must be made to handle this. This is also extremely important in the longer term, and for industrial take up - EGEE must be able to show that it is conforming to cuurent, and building future best practices.”

Enabling Grids for E-sciencE INFSO-RI To change: View -> Header and Footer 9 Deliverables and Milestones