Presentation is loading. Please wait.

Presentation is loading. Please wait.

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

Published byAmy Waters Modified over 9 years ago

Similar presentations

Presentation on theme: "National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,"— Presentation transcript:

1 National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies, and Scenarios Threat Information Sharing; Perspectives, Strategies, and Scenarios 15 June 2015 Tim Grance, NIST, Sarah Brown, Fox-IT, Luc Dandurand, ITU Thomas Millar, US CERT, Pawel Pawlinski, CERT.PL 1

2 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Information Sharing Benefits Organizations are sharing information and collaborating on its refinement for: –Shared Situational Awareness –Expanded Understanding of Threat Horizon –Knowledge Maturation –Greater Defensive Agility –Improved Decision-Making 2

3 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Information Sharing Challenges Prior to Sharing –Establishing Trust –Policy, Legal, and Organizational Restrictions –Risk / Benefit Analysis – what to share? As Data is Shared –Collecting and classifying information –System interoperability –Preserving Anonymity Post Sharing –Classification of information –Generate / refine / action the intelligence 3

4 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Desired Characteristics of Cyber Threat Information Timely – in time for the recipient to act Relevant – applicable to the recipient’s operational environment Accurate – correct, complete, and unambiguous Specific – providing sufficient detail and context Actionable – providing or suggesting an effective course of action 4

5 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Cyber Threat Information Sources Internal –Intrusion Detection/Protection Systems –Security Information and Event Management –OS, network, security, and application logs –Personnel External –Open, public sharing communities –Government sources –Sector peers and business partners –Vendor alerts and advisories –Commercial Services 5

6 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Cyber Threat Information Types Indicators – an artifact or observation that suggests that an attack is imminent, is underway, or may have already occurred Tactics, Techniques, and Procedures – insights related to an adversary’s behavior, conduct, and tools Countermeasures – actions to counter a specific threat Adversary – information regarding the threat agent or actor 6

7 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Observations on Trust Trust equals knowledge, skills, experience, abilities, accuracy, integrity, reliability, commitment Trust gives us confidence to act When we trust we are more likely to share Trust is hard to earn, it must be cultivated Trust is difficult to restore if lost 7

8 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Building and Maintaining Trust Trust is built through shared experiences Use sharing models that bring together contributors, participants, and consumers –Discuss current threats –Share technical insights –Develop mitigation strategies –Train, mentor, and develop skills –Mentor new community members –Develop key practices and resources 8

9 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Establishing Sharing Relationships Define Goals, Objectives, and Scope of Sharing –Mission specifics; resources; approvals Conduct an Information Inventory Establish Information Sharing Rules –Sources; sensitivity; restrictions; marking Join existing Sharing Communities –Info actionable; mechanisms; NDAs, etc. Supporting an Information Sharing Capability –Resources; proactive measures Look for information that is easier to share (e.g., threats vs incidents) 9

10 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory 1.What are the sharing barriers? 2.Overview of sharing architectures, capabilities, technical mechanisms (e.g.identity, access control, etc), and trust issues 3.How is sharing done today? 1.Non-attributed vs attributed. 2.Protection of shared information. 3.Data analytics, etc. 4.Advice on how to create, maintain, and enhance sharing relationships 5.How can sharing be more scalable? 6.Specific technical and policy recommendations for the use of shared threat information. Indemnification? 7.What examples (past or future) or specific incident scenarios illustrate how sharing could realistically work to improve security and operational capability? 10 Discussion Questions

11 National Institute of Standards and Technology Information Technology Laboratory NIST National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Achieving Meaningful Information Sharing: A Few Take-Aways Operate at time scales consistent with the information Trust leverages personal connections, operational record, legal processes Trust is paramount and hard to establish, but preparation helps As communities grow in size, trust is harder to achieve Organizational abilities vary greatly Roles and responsibilities need to be clearly articulated before sharing Simplicity facilitates sharing 11

Download ppt "National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,"

Similar presentations

CDCs 21 Goals. CDC Strategic Imperatives 1. Health impact focus: Align CDCs people, strategies, goals, investments & performance to maximize our impact.

CDCs 21 Goals. CDC Strategic Imperatives 1. Health impact focus: Align CDCs people, strategies, goals, investments & performance to maximize our impact.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.

What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works

Security Controls – What Works
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
The Information Systems Audit Process

The Information Systems Audit Process
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
Network security policy: best practices

Network security policy: best practices
MENTORSHIP IN RESEARCH BY GEOFFREY LAMTOO GULU UNIVERSITY.

MENTORSHIP IN RESEARCH BY GEOFFREY LAMTOO GULU UNIVERSITY.
T HE CHALLENGES OF COMMUNICATING THE FORESIGHT STUDY OUTCOMES TO BETTER ADVISE DECISION MAKERS IN POLICY AND STRATEGY MATTERS Claudio Chauke Nehme –

T HE CHALLENGES OF COMMUNICATING THE FORESIGHT STUDY OUTCOMES TO BETTER ADVISE DECISION MAKERS IN POLICY AND STRATEGY MATTERS Claudio Chauke Nehme –
Competency Models Impact on Talent Management

Competency Models Impact on Talent Management
Information Technology Audit

Information Technology Audit
Factors influencing open source software adoption

Factors influencing open source software adoption
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
How to Manage the Organizational Change LaMarsh & Associates, Inc.

How to Manage the Organizational Change LaMarsh & Associates, Inc.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google