Presentation is loading. Please wait.

Presentation is loading. Please wait.

DSSA Update Costa Rica – March, 2012. Goals for today Update you on our progress Raise awareness Solicit your input.

Published byDavid Baldwin Modified over 8 years ago

Similar presentations

Presentation on theme: "DSSA Update Costa Rica – March, 2012. Goals for today Update you on our progress Raise awareness Solicit your input."— Presentation transcript:

1 DSSA Update Costa Rica – March, 2012

2 Goals for today Update you on our progress Raise awareness Solicit your input

3 Charter: Background At their meetings during the ICANN Brussels meeting the At-Large Advisory Committee (ALAC), the Country Code Names Supporting Organization (ccNSO), the Generic Names Supporting Organization (GNSO), the Governmental Advisory Committee (GAC), and the Number Resource Organization (NROs) acknowledged the need for a better understanding of the security and stability of the global domain name system (DNS). This is considered to be of common interest to the participating Supporting Organisations (SOs), Advisory Committees (ACs) and others, and should be preferably undertaken in a collaborative effort.

4 Goals and Objectives Report to respective participating SO’s and AC’s on: – Actual level, frequency and severity of threats to the DNS – Current efforts and activities to mitigate these threats to the DNS – Gaps (if any) in the current response to DNS issues – Possible additional risk mitigation activities that would assist in closing those gaps (if considered feasible and appropriate by the WG)

5 Where we are… Approach and status Launch Identify Threats & Vulnerabilities Analyze Threats & Vulnerabilities Analyze Threats & Vulnerabilities Report We are here – just getting started with this phase of the work We are hoping to have a substantial portion of this done by Prague

6 Methodology – NIST 800-30 Rationale The DSSA realized that using a predefined methodology would save time and improve our work product We selected NIST 800-30 after reviewing several dozen alternatives The reasons we selected this one include: – It’s available at no cost – It’s being actively supported and maintained – It’s widely known and supported in the community – It’s likely to be consistent with the needs of other parts of ICANN (and thus our pioneering may produce something that can be “repurposed” elsewhere in the organization) – It’s available in English

7 The methodology presumes a tiered approach to the work DSSA is chartered to look at the broadest, most general tier However we feel it may be useful to pursue one or two deeper, narrower analyses of specific threats once our “survey” work is complete Methodology – NIST 800-30 Risk Management Hierarchy

8 Methodology – NIST 800-30 Adversarial Risk Model An example of the model – risks from “adversarial” events (which differs from “non-adversarial” threats such as errors, accidents, etc.) Benefits: Consistent terminology Shared model Structured work Sample deliverables world

9 Where we’re going Analysis phase – based on NIST methods Assess threat sources and events Assess vulnerabilities and predisposing conditions Determine likelihood Determine level of impact Determine risk Threat sources – broad range of impact, high capability, strong intent, targeting the DNS? Threat events – relevant to the DNS? Vulnerabilities – severe? Predisposing conditions – pervasive? High likelihood that a threat-event will be initiated? High likelihood that a threat-event will result in an adverse impact? Broad harm/consequence from a threat-event – operations, assets, individuals, other organizations, world? Severe impact of a threat-event? Given all of the above – what are the high-risk scenarios?

10 Problem: the evaluation per NIST methodology does not scale It’s all about choices Threat tree could easily grow to over 1000 permutations Prune the tree along the way, in order to focus on the highest risks Leave a framework that can be used to address: – New things – Changes – Greater detail

11 Possible solution: re-sequence the work Start with consequences Evaluate the severity Concentrate on the most severe (e.g. loss of trust in DNS routing) Evaluate only those branches of the threat tree that lead to those outcomes Assess threat sources and events Assess vulnerabilities and predisposing conditions Determine likelihood Determine level of impact Determine risk Threat sources – broad range of impact, high capability, strong intent, targeting the DNS? Threat events – relevant to the DNS? Vulnerabilities – severe? Predisposing conditions – pervasive? High likelihood that a threat-event will be initiated? High likelihood that a threat-event will result in an adverse impact? Broad harm/consequence from a threat-event – operations, assets, individuals, other organizations, world? Severe impact of a threat-event? Given all of the above – what are the high-risk scenarios? Start with consequences…

12 Activity since Singapore The working group has: – Developed a protocol for handling confidential information – Selected a methodology to structure the remaining work – Begun the detailed analysis of the risk assessment

13 Confidential information Note: Sensitivity, attribution and release to public are determined by info-provider SensitiveNot sensitive Not attributed to source (transmitted through trusted 3 rd party or summaries of Type 1 developed by sub-group) Type 2: Distributed to sub- groups only. (Info-providers determine ultimate distribution) Info-provider authorizes release Type 3: Distributed to DSSA and public (“sanitized” info from sub- groups and other non- attributed information) Attributed to sourceType 1: Distributed to sub- groups only (under NDA, most- protected) Confidential info must never pass through this path. This is the exposure of information we’re trying to prevent. Type 4: Distributed to DSSA and public

14 Architecture

15 Non-adversarial threat events (Question: relevance to “the DNS”) NATE-10 Disrupts a "major" zone file (.COM/.NET/.UK/.DE etc.) NATE-20 Disrupts a "lesser" zone file (that is not outsourced to a major provider) NATE-30Root zone -- is published incorrectly NATE-40Root zone -- is not published NATE-50Disrupts the IANA zone file NATE-60Disrupts DNSSEC from a "Major" DNSSEC provider NATE-70Disrupts DNSSEC for a TLD zone NATE-80Disrupts Critical DNS support files NATE-90 Disrupts provisioning systems between registries and registrars (the result being that registrars can't add/change/delete zones from the TLD) Scale: Table E-4 -- Relevance to the organization 10 -- Confirmed -- Seen by the organization 8 -- Expected -- Seen by the organization's peers or partners 5 -- Anticipated -- Reported by a trusted source 3 -- Predicted -- Predicted by a trusted source 1 -- Possible -- Described by a somewhat credible source 0 -- N/A -- Not currently applicable

16 Non-adversarial threat sources (Question: what is the range of impact?) NATS - 10Configuration errors by privaleged users NATS - 20Business failure of a key provider NATS - 30 Nation state -- interventions with accidental or unintended consequences NATS - 40 Key storage, processing or network hardware failure NATS - 50 Key networking or operating-system software failure NATS - 60General-purpose application software failure NATS - 70 Mission-specific software failure (WHOIS, EPP/RPP, Billing) NATS - 80Root scaling NATS - 90Natural disaster (flood, tsunami, earthquake NATS - 100 Widespread telecommunications infrastructure failure NATS - 110Widespread power infrastructure failure Scale: Table D-6 -- Range of impact 10 -- sweeping, involving almost all of the cyber resources of the DNS 8 -- extensive, involving most of the cyber resources of the DNS 5 --wide-ranging, involving a significant portion of the cyber resources of the DNS 3 --limited, involving some of the cyber resources of the DNS 1 -- minimal, involving few if any of the cyber resources of the DNS

17 How we work (design credit -- CLO) Live chat Voting Definitions Agenda Participants Shared document

18 Questions?

Download ppt "DSSA Update Costa Rica – March, 2012. Goals for today Update you on our progress Raise awareness Solicit your input."

Similar presentations

ICANN Strategic planning process Draft key priorities for the July 2006 – June 2009 Plan for community comment November 2005.

ICANN Strategic planning process Draft key priorities for the July 2006 – June 2009 Plan for community comment November 2005.
ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.

DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
DNS Security and Stability Analysis Working Group (DSSA)

DNS Security and Stability Analysis Working Group (DSSA)
DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.

DNS Security and Stability Analysis Working Group (DSSA) DSSA Update Prague – June, 2012.
Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.

Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.
OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
DSSA Update Costa Rica – March, 2012 1. Goals for today Update you on our progress Raise awareness Solicit your input 2.

DSSA Update Costa Rica – March, Goals for today Update you on our progress Raise awareness Solicit your input 2.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)

Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)
Chapter 5: Asset Classification

Chapter 5: Asset Classification
S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.

S2-1 © 2001 Carnegie Mellon University OCTAVE SM Process 2 Identify Operational Area Management Knowledge Software Engineering Institute Carnegie Mellon.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Joint SSR-RT/DSSA meeting DSSA Progress Update Dakar – October 2011.

Joint SSR-RT/DSSA meeting DSSA Progress Update Dakar – October 2011.
Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
Administrivia Lifecycle Architecture (LCA) group assignment will go out later today. Informal feedback meetings with LCO groups EasyShare: Mon, 2:45pm-3:15pm,

Administrivia Lifecycle Architecture (LCA) group assignment will go out later today. Informal feedback meetings with LCO groups EasyShare: Mon, 2:45pm-3:15pm,
1 R&D SDM 1 Software Project Management Capability Maturity Model 2009 Theo Schouten.

1 R&D SDM 1 Software Project Management Capability Maturity Model 2009 Theo Schouten.
Critical Infrastructure Protection and Higher Education: University of California Hazard Vulnerability Assessment Kristine Hafner University of California.

Critical Infrastructure Protection and Higher Education: University of California Hazard Vulnerability Assessment Kristine Hafner University of California.
Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)

Predisposing Conditions Security Controls Vulnerabilities A Non- Adversarial Threat Source (with a range of effects) In the context of… (with varying pervasiveness)

Similar presentations

Ads by Google