c d cyber incident sharing center (cisc) · 2019-08-15 · csa cloud cyber incident sharing center...
TRANSCRIPT
© Cloud Security Alliance, 2015
Cloud Cyber Incident Sharing
Center (CISC)Jim Reavis
CEO, Cloud Security Alliance
Agenda
© Cloud Security Alliance, 2015
•CSA History – CloudCERT
•White House Legislative
Announcements
•How is CSA addressing the issue
of information sharing?
•Cloud CISC Pilot Demo
•Next Steps
•Questions?
CSA History - CloudCERT
• CloudCERT was conceived of at the same time as the Cloud Security Alliance (CSA)• Broad goal is to improve defenses of the cloud ecosystem against
attackers• Emphasis was placed on developing CSA due to broader scope and
potential impact in industry
• CloudCERT initiative was formally announced 2010• Working Group has been meeting once a month since January 2011
White House Announcements
• The President signed an Executive Order “encouraging and promoting” information sharing. • Promotes private sector and government information sharing as well as
private to private via Information Sharing and Analysis Organizations (ISAO’s)• Requires DHS, DoJ, and Privacy and Civil Liberties Board to develop
disclosure guidelines
Congressional Action—the House
© Cloud Security Alliance, 2014.
• The U.S. House is expected to vote on two bills this week which will focus on enabling information sharing between companies and with the Department of Homeland Security. • The bills originate from the Homeland Security Committee (HR 1731)
and Intelligence Committee (HR 1560). The House Judiciary Committee has provided language regarding liability protections for sharing data. • The Rules Committee meets tonight to examine dozens of amendments. • Both bills are thought to be complimentary and compatible but will
require reconciliation which will probably not occur until the Senate passes its bill• The bills define cyber threat indicators as well as cyber defense
indicators.• The bills require companies to “take reasonable efforts” to redact or
encrypt sensitive information that is unrelated to a cyber attack. • Both encourage private-to-private sharing as well as sharing with the
DHS’s National Cybersecurity and Communications Integration Center.
Congressional Action–the Senate
© Cloud Security Alliance, 2014.
• The Senate Intelligence Committee passed a measure (S 754) similar to the House’s proposed bills.• It offers liability protection for sharing between companies and with the
Department of Homeland Security.• The Senate’s vote on this measure may be delayed by agreement
of extension of the Patriot Act which expires on June 1. • A deal on the Patriot Act is reportedly in the works, but privacy
advocates remain concerned.• The bottom line: the prospects are good that we will have a
law signed before Memorial Day. House and Senate leadership agree that an information sharing law is necessary. However….it is Washington….
The Problem
© Cloud Security Alliance, 2015
• Attacks are becoming incredibly sophisticated. Knowing what happened is one thing. Knowing what to look for to see if it is happening to you – is key.
• ISAC’s have had limited success
• ISAC model is segmented by vertical (Financial Services, Energy, etc.). • View across the sectors is critical to
protecting companies today.• ISACs do not allow for a Cloud
Segment
The Problem
© Cloud Security Alliance, 2015
• ISAC Model requires sending sensitive data to a trusted third party. • Company identity is known.• Snowden incident has made sharing with
trusted third parties undesirable today.
• Need is clear – a trusted method of sharing is required. • Company identity is not known – so not
subject to subpoena’s, etc.• Incident data submission is quick and simple. • Rapid analysis of data including correlation with
other reports and open source data• Alerts sent in minutes, not days/weeks• Ability to anonymously discuss attacks with
others and share solutions.
The Solution – Cloud CISC
© Cloud Security Alliance, 2015
CSA Cloud Cyber Incident Sharing Center
Cloud adoption is progressing at an accelerating pace. We are concerned that the lack of a robust, automated incident sharing function will inhibit the timely resolution of security incidents, hamper our ability to minimize the damage caused by incidents, and could ultimately have a serious negative impact on the industry. The CSA Cloud CISC will:
• Provide a truly anonymous, global cyber security incident sharing platform for enterprises;
• Educate the public and private community on Cloud Security
• Develop vendor neutral best practices and technical standards
• Develop policies aligning Cloud CISC to industry and governmental standards on an international basis.
How to get Involved
© Cloud Security Alliance, 2015
•Work Group Co-chair• Currently seeking leadership for this
initiative• 2-3 Co-chairs (1appointed by CSA)• Co-chair Requirements
• Appointed Co-chair must be an employee of a CSA Member Company
• Additional Co-chairs are decided by vote• Time commitment required
• Contact [email protected] for additional details and questions
How to get Involved
© Cloud Security Alliance, 2015
•Work Group Participant• Currently seeking Volunteers for the
following areas:• Sub Group to focus on Researching,
Developing & Promoting Vendor Neutral Best Practices
• Sub Group to define technical standards for information sharing
• Sub Group focused on Information Sharing Policy development and outreach
• Sub Group that will liaise with the standard development communities (SDOs)
• Contact [email protected] if you are interested in getting involved
How to get Involved
© Cloud Security Alliance, 2015
•We need support from our CSA Provider Community to participate in Cloud CISC Pilot• CALL TO ACTION: Submit
Incident Report Data• Data Types
• Title • Date• Region• Type of Attack• Known Remediation
• Contact [email protected] if you are interested in getting involved with the pilot
How to get Involved
© Cloud Security Alliance, 2015
• CISC Pilot Participant•We need support from our CSA
Provider Community to participate in Cloud CISC Pilot• CALL TO ACTION: Submit
Incident Report Data• Examples:
• Subject• Date of incident• Region• Type of Attack• Known Remediation
How the Cloud CISC Pilot Works
© Cloud Security Alliance, 2015
• Anonymous Authentication
• When users transmit sanitized reports, we execute a public anonymous authentication protocol that:
• Confirms the user is a member of the community, without disclosing the identity of the user, and
• Delivers a mathematic proof that the user has connected with TruSTAR and that TruSTAR does not know identity of the user.
A patent-pending technology that allows for easy sharing while preserving complete anonymity.
Share Unattributable
Reports
Protects company identity
2
Correlate & Analyze
Immediately correlates report with open source
and other submitted reports
3
Alerts & Review
Alerts members to new report for review along
with correlated, actionable information
4
Rate & CollaborateReports are rated to
increase relevance and members collaborate
with Cloud CISC Coordinator.
5 ScrubIncident Reports
of Identifying Information
Protects customer PII and corporate IP – mitigating
discovery concerns.
1
Powered by
Cloud CISC Next Steps
© Cloud Security Alliance, 2015
•Kick-Off Call & Develop a 4 month Information Sharing Pilot Starting in May/June 2015•Develop and deliver educational programs on Cloud Security and the need for information sharing for both the public and private sector – ongoing based on results• Identify areas of potential CSA research based on Pilot results Q1 2016• Identify best practices and need for technical standards Nov 2015 - May 2016• Identify need for policies and alignment across industries and governments. Nov 2015 – May 2016