Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)

Published byDavid Forbes Modified over 10 years ago

Similar presentations

Presentation on theme: "Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)"— Presentation transcript:

1

2 Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)
Luc Dandurand NATO C3 Agency Geneva, 6-7 December 2010 Addressing security challenges on a global scale

3 Addressing security challenges on a global scale
NATO C3 Agency Mission: Enable NATO’s success through the unbiased provision of comprehensive C4ISR capabilities NC3A mainly provides acquisition and scientific support to NATO and NATO Nations Key player at helping Nations achieve interoperability CDXI is sponsored by NATO Allied Command Transformation (ACT, Norfolk, VA) Geneva, 6-7 December 2010 Addressing security challenges on a global scale

4 Addressing security challenges on a global scale
What is the CDXI? Ultimately, the goal of CDXI is to transport cyber defence data between organisations through a resilient, global infrastructure structure the data for machine processing feed it directly into automated applications provide assurance of its origin and quality provide access controls for confidentiality provide tools to collaborate on improving the data enable commercial exploitation Geneva, 6-7 December 2010 Addressing security challenges on a global scale

5 Addressing security challenges on a global scale
Cyber Defence Data Reference Information Vulnerabilities Software (Applications and Operating Systems) Hardware Malware Patches and Fixes Verification Tests (e.g. IDS signatures & VA tests) Protocol specifications Certifications Geneva, 6-7 December 2010 Addressing security challenges on a global scale

6 Addressing security challenges on a global scale
Cyber Defence Data Operational Information Events Incidents IP addresses Implicated parties Geneva, 6-7 December 2010 Addressing security challenges on a global scale

7 What problems does it solve?
Beyond the basic need to exchange data Lots of data sources saying different things Errors & Discrepancies Different focus and taxonomies → No simple way to fix known errors and collaborate Limited ability to automate CD applications Importing from the Web is often “manual” Limited quality assurance → THIS IS A MAJOR PROBLEM No resilience → Need a local copy of all data! No automated implementation/enforcement of sharing policies Geneva, 6-7 December 2010 Addressing security challenges on a global scale

8 Examples of Discrepancies
CVE 18 Nov 2010 Possibly execute arbitrary code via a crafted packet Geneva, 6-7 December 2010 Addressing security challenges on a global scale

9 Addressing security challenges on a global scale
CVE Geneva, 6-7 December 2010 Addressing security challenges on a global scale

10 Addressing security challenges on a global scale
CVE Geneva, 6-7 December 2010 Addressing security challenges on a global scale

11 Addressing security challenges on a global scale
CVE […] Geneva, 6-7 December 2010 Addressing security challenges on a global scale

12 Addressing security challenges on a global scale
CVE ? ? […] Geneva, 6-7 December 2010 Addressing security challenges on a global scale

13 Addressing security challenges on a global scale
CVE […] Geneva, 6-7 December 2010 Addressing security challenges on a global scale

14 Addressing security challenges on a global scale
How do we fix this? “Support dissension to reach consensus” Easily modify the data and send back to community “Multiple truths” co-exist until further research uncovers the “ultimate truth” Reject or block erroneous data coming into own automated systems Custom Quality Assurance Processes Geneva, 6-7 December 2010 Addressing security challenges on a global scale

15 Structured Cyber Defence Data
Strategy of CDXI is currently based on Pure enumerations for the specified topics Single identifier for each element (e.g. “CVE-ID”) Used to create all links to other data Agile Data Model User-defined taxonomies User-defined relationships CDXI could implement most, if not all, standards in CYBEX X.1500. Geneva, 6-7 December 2010 Addressing security challenges on a global scale

16 Addressing security challenges on a global scale
Confidentiality Limited sharing is a reality User-based and role-based access controls Organisational sharing policies Can limit user actions Can automate sharing Multiple security labels and mappings Instances of CDXI exist at every security level (Unclassified, Secret and Top Secret) Geneva, 6-7 December 2010 Addressing security challenges on a global scale

17 Commercial Exploitation
Required since Industry has lots of data, but more importantly, the resources to refine it Proposed strategy is to encrypt records Sell keys to decrypt the data through contract Industry can resell Tools that use the CDXI Content Quality assurance of content Data-mining Geneva, 6-7 December 2010 Addressing security challenges on a global scale

18 Addressing security challenges on a global scale
CDXI Architecture Geneva, 6-7 December 2010 Addressing security challenges on a global scale

19 Addressing security challenges on a global scale
Relation to CYBEX Similar to CYBEX in that use/acquisition of the data is out of scope Implements the following CYBEX functions Structuring cybersecurity information for exchange purposes Identifying and discovering cybersecurity information and entities Establishment of trust and policy agreement between exchanging entities Providing assured cybersecurity information exchange Adds support for Dissension to reach consensus, collaboration mechanisms Custom quality assurance processes Commercial exploitation Provides Resilience CDXI tackles the problem from a prototype implementation point-of-view, rather than the CYBEX standards-based approach Geneva, 6-7 December 2010 Addressing security challenges on a global scale

20 Addressing security challenges on a global scale
CDXI Way Ahead Concept, high-level requirements and proposed architecture will be completed Q1 2011 We plan to build and test a prototype in 2011 We plan to continue prototype development/testing in 2012 and beyond We hope for: Implementation by Industry? Concept valid for any knowledge centric community! For further information: Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Download ppt "Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)"

Similar presentations

Introduction to Web Bill of Lading Q1 2005. Proprietary and Confidential Copyright © 2005 INTTRA Inc. 2 Agenda Industry Challenges INTTRA Solution Value.

Introduction to Web Bill of Lading Q Proprietary and Confidential Copyright © 2005 INTTRA Inc. 2 Agenda Industry Challenges INTTRA Solution Value.
Presentation Title | Date | Page 1 Extracting Value from SOA.

Presentation Title | Date | Page 1 Extracting Value from SOA.
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
©euroCRIS/Keith G JefferyOA Workshop May 2010 CNR Roma 20100510-11 1 The euroCRIS view of the Rome OA Workshop Keith G Jeffery President, euroCRIS

©euroCRIS/Keith G JefferyOA Workshop May 2010 CNR Roma The euroCRIS view of the Rome OA Workshop Keith G Jeffery President, euroCRIS
Institute for Cyber Security

Institute for Cyber Security
1. 2 Configuring the Cloud Inside and out Paul Anderson publications/mysore-2010-talk.pdf School of.

1. 2 Configuring the Cloud Inside and out Paul Anderson publications/mysore-2010-talk.pdf School of.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
September, 2005What IHE Delivers 1 Joe Auriemma Siemens Medical Solutions, Health Services Senior Director, Integration Engineering Siemens Medical Solutions.

September, 2005What IHE Delivers 1 Joe Auriemma Siemens Medical Solutions, Health Services Senior Director, Integration Engineering Siemens Medical Solutions.
Service Oriented Architecture Reference Model

Service Oriented Architecture Reference Model
OMV Ontology Metadata Vocabulary April 10, 2008 Peter Haase.

OMV Ontology Metadata Vocabulary April 10, 2008 Peter Haase.
Introduction to Product Family Engineering. 11 Oct 2002 Ver 2.0 ©Copyright 2002 Vortex System Concepts 2 Product Family Engineering Overview Project Engineering.

Introduction to Product Family Engineering. 11 Oct 2002 Ver 2.0 ©Copyright 2002 Vortex System Concepts 2 Product Family Engineering Overview Project Engineering.
© Copyright 1998-2001 International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
Data Architecture at CIA Dave Roberts Chief Technical Officer Application Services, CIO CIA

Data Architecture at CIA Dave Roberts Chief Technical Officer Application Services, CIO CIA
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.

Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
1 2 nd Shanghai, 19/02/06 Architecture for Next Generation Grids Kostas Tserpes, NTUA Shanghai, 20th of February 2006.

1 2 nd Shanghai, 19/02/06 Architecture for Next Generation Grids Kostas Tserpes, NTUA Shanghai, 20th of February 2006.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Seminar on Standardization and ICT Development for the Information.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Similar presentations

Ads by Google