cyber defence data exchange and collaboration infrastructure (cdxi) luc dandurand nato c3 agency...
TRANSCRIPT
![Page 1: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/1.jpg)
![Page 2: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/2.jpg)
Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)
Luc DandurandNATO C3 Agency
2Addressing security challenges on a global scale Geneva, 6-7 December 2010
![Page 3: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/3.jpg)
NATO C3 Agency
Mission: Enable NATO’s success through the unbiased provision of
comprehensive C4ISR capabilities
NC3A mainly provides acquisition and scientific support to NATO and NATO NationsKey player at helping Nations achieve interoperabilityCDXI is sponsored by NATO Allied Command Transformation (ACT, Norfolk, VA)http://www.nc3a.nato.int/
3Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 4: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/4.jpg)
What is the CDXI?
Ultimately, the goal of CDXI is to transport cyber defence data between organisations through a resilient, global infrastructure structure the data for machine processing feed it directly into automated applications provide assurance of its origin and quality provide access controls for confidentiality provide tools to collaborate on improving the data enable commercial exploitation
4Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 5: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/5.jpg)
Cyber Defence Data
Reference Information Vulnerabilities Software (Applications and Operating Systems) Hardware Malware Patches and Fixes Verification Tests (e.g. IDS signatures & VA tests) Protocol specifications Certifications
5Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 6: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/6.jpg)
Cyber Defence Data
Operational Information Events Incidents IP addresses Implicated parties
6Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 7: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/7.jpg)
What problems does it solve?
Beyond the basic need to exchange data Lots of data sources saying different things
Errors & Discrepancies Different focus and taxonomies → No simple way to fix known errors and collaborate
Limited ability to automate CD applications Importing from the Web is often “manual” Limited quality assurance → THIS IS A MAJOR PROBLEM
No resilience → Need a local copy of all data! No automated implementation/enforcement of sharing
policies
7Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 8: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/8.jpg)
Examples of Discrepancies
8Addressing security challenges on a global scale Geneva, 6-7 December 2010
CVE 2010-2941
18 Nov 2010
Possibly execute arbitrary code via a
crafted packet
![Page 9: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/9.jpg)
CVE 2010-2941
9Addressing security challenges on a global scale Geneva, 6-7 December 2010
![Page 10: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/10.jpg)
CVE 2010-2941
10Addressing security challenges on a global scale Geneva, 6-7 December 2010
![Page 11: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/11.jpg)
CVE 2010-2941
11Addressing security challenges on a global scale Geneva, 6-7 December 2010
[…]
![Page 12: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/12.jpg)
CVE 2010-2941
12Addressing security challenges on a global scale Geneva, 6-7 December 2010
[…]
?
?
![Page 13: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/13.jpg)
CVE 2010-2941
13Addressing security challenges on a global scale Geneva, 6-7 December 2010
[…]
![Page 14: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/14.jpg)
How do we fix this?
“Support dissension to reach consensus” Easily modify the data and send back to community “Multiple truths” co-exist until further research
uncovers the “ultimate truth” Reject or block erroneous data coming into own
automated systems
Custom Quality Assurance Processes
14Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 15: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/15.jpg)
Structured Cyber Defence Data
Strategy of CDXI is currently based on Pure enumerations for the specified topics
Single identifier for each element (e.g. “CVE-ID”) Used to create all links to other data
Agile Data Model User-defined taxonomies User-defined relationships
CDXI could implement most, if not all, standards in CYBEX X.1500.
15Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 16: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/16.jpg)
Confidentiality
Limited sharing is a reality User-based and role-based access controls Organisational sharing policies
Can limit user actions Can automate sharing
Multiple security labels and mappings Instances of CDXI exist at every security level
(Unclassified, Secret and Top Secret)
16Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 17: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/17.jpg)
Commercial Exploitation
Required since Industry has lots of data,but more importantly, the resources to refine itProposed strategy is to encrypt records Sell keys to decrypt the data through contract
Industry can resell Tools that use the CDXI Content Quality assurance of content Data-mining
17Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 18: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/18.jpg)
CDXI Architecture
18Addressing security challenges on a global scale Geneva, 6-7 December 2010
![Page 19: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/19.jpg)
Relation to CYBEX
Similar to CYBEX in that use/acquisition of the data is out of scope Implements the following CYBEX functions Structuring cybersecurity information for exchange purposes Identifying and discovering cybersecurity information and entities Establishment of trust and policy agreement between exchanging entities Providing assured cybersecurity information exchange
Adds support for Dissension to reach consensus, collaboration mechanisms Custom quality assurance processes Commercial exploitation Provides Resilience
CDXI tackles the problem from a prototype implementation point-of-view, rather than the CYBEX standards-based approach
19Geneva, 6-7 December 2010 Addressing security challenges on a global scale
![Page 20: Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI) Luc Dandurand NATO C3 Agency luc.dandurand@nc3a.nato.int 2 Addressing security challenges](https://reader035.vdocument.in/reader035/viewer/2022062312/55153e6e55034673228b5d48/html5/thumbnails/20.jpg)
CDXI Way Ahead
Concept, high-level requirements and proposed architecture will be completed Q1 2011We plan to build and test a prototype in 2011We plan to continue prototype development/testing in 2012 and beyondWe hope for: Implementation by Industry? Concept valid for any knowledge centric community!
For further information: [email protected]
20Geneva, 6-7 December 2010 Addressing security challenges on a global scale