the boxing projects cert-in-a-box alerting-service-in-a-box · cert-in-a-box and...
TRANSCRIPT
CERT-in-a-Box and Alerting-Service-in-a-box
“The Boxing projects”
CERT-in-a-Box
&
Alerting-Service-in-a-Box
Douwe Leguit
CERT-in-a-Box and Alerting-Service-in-a-box
The Boxing principles
• An effort to preserve the lessons learned while setting up “De Waarschuwingsdienst”, the Dutch national Alerting service, and GOVCERT.NL, the Dutch government CERT.
• The goal is to help others starting a CSIRT(CERT) or an Alerting Service by
– getting them up to speed faster– help them to avoid making the same mistakes
CERT-in-a-Box and Alerting-Service-in-a-box
Target audience (you?)
• People who plan to set up– a CSIRT– an Alerting service– a WARP?
•If they are– governmental– academic– commercial (CIP?)
• What would they like to hear?
CERT-in-a-Box and Alerting-Service-in-a-box
Quick Overview of “The Boxing projects”
Presented at the GOVCERT.NL Symposium 2005•CERT-in-a-Box•Alerting-Service-in-a-Box
Recent Changes GOVCERT.NL & Waarschuwingsdienst•Project organisation is now landing•Business Continuity Management implemented•More attention for Information Security (Policies)
(both tactical and strategic level)•Focus on Non-Central Government, e.g. States and Cities
CERT-in-a-Box and Alerting-Service-in-a-box
History and future…
• 2001 report: Vulnerability on the Internet– a social obligation to inform the Dutch public– set up a CERT for the Dutch Central Government (GOVCERT.NL)– Membership is optional– look into feasibility of having this CERT function as alerting service
• 2002, June: GOVCERT.NL• 2003, February: De Waarschuwingsdienst• 2005: trusted party for constituency and relations• 2006: consolidation organisation and services
CERT-in-a-Box and Alerting-Service-in-a-box
The organisations
• GOVCERT.NL– Focus on IT Security– “Up to the minute” Advisories 24x7– Advice & Security Scans– Incident Handling and Response 24x7– Knowledge Centre
• De WaarschuwingsdienstAn alerting service for IT security related incidents aimed at Dutch home users and small companies (up to 10 PCs)– independent– quick & accurate– free
GeneralManager
ManagerTechnical Team
TechnicalSpecialist
Technical team
TechnicalSpecialist
TechnicalSpecialist
TechnicalSpecialist
TechnicalSpecialist
TechnicalSpecialist
ProgramSecretary
CommunicatieAdvisor
OfficeManager
CERT-in-a-Box and Alerting-Service-in-a-box
Funding
• GOVCERT.NL – standard services:– Ministry of the Interior– Operational budget for central government bodies– Other governments bodies pay cost price– Non standard Products: at cost price
• Alerting service:– Ministry of Economic Affairs– Operational budget for awareness campaign and
alerting service
• Demonstrating success to stakeholders– Start immediately with producing good statistics!
CERT-in-a-Box and Alerting-Service-in-a-box
Development of Products
Successful:• Advisories• Forums• Quick Scans• E-mail alerts• Websites• Incident handling• Cybercrime manual• Symposium
Less successful:• Knowledge base• Central incident
reporting point• SMS-alerts• Pricing• Good statistics
CERT-in-a-Box and Alerting-Service-in-a-box
GOVCERT.NL ConstituentsPrimary focus:• Pilot constituents• Central government bodies• Use general terms and conditions• Use general service• Trust level of staffing (AIVD A-screening)
Less easy:• Ministry of Defence• Ministries which outsourced all IT• Non central government bodies; states and cities• CIP-players in the private sector
Note local regulations for government services competing on a free market
CERT-in-a-Box and Alerting-Service-in-a-box
Organizational aspects of implementing a CERT
• People• Processes• Systems• Legal issues• Communication & PR• International network
CERT-in-a-Box and Alerting-Service-in-a-box
Processes & people
• Processes:– Formalize operations fast, step by step, but be open for
changes on the way– Establish escalation procedures– Set up a matrix for qualification of incidents– Set up a media matrix for the Alerting service– Revise your information and operational processes – Implement Business Continuity Management
• People:– Technical and non technical employees – 1 FTE communication, 7 FTE technical after 2 years– 24 x 7 on a rotating schedule, once every six weeks.
Active duty: 09:00 – 23:00; on call: 23:00 – 09:00– Technical profile + communication and project skills
CERT-in-a-Box and Alerting-Service-in-a-box
Systems & legal issues
• Systems:– Use proven technology– Share and use knowledge with other CERT’s– Security demands checked by Dutch national security
agency– Redundancy (Business Continuity Management)
• Legal issues– Use (external) legal advise during set-up – Develop General terms & conditions– Develop Privacy policy and disclaimers– Take position in Market regulation issues– Develop Contracts and Service Level Agreements and
Non Disclosure Agreements
CERT-in-a-Box and Alerting-Service-in-a-box
Communications & PR -International network• Communication and PR
– Organize production and editing of all content– Organize co-writing of advisories for website and e-
mail– Organize campaign management & free publicity– Use media contacts– Handle questions from the press
• International network– Establish contacts fast– Decide which value you will add to the network– Start working together
CERT-in-a-Box and Alerting-Service-in-a-box
Processes (boxing project)
Gives an overview of:• Operational process (step by step)• GOVCERT.NL matrix: qualification of incidents• Waarschuwingsdienst media matrix• Escalation process• Job Profiles• Tips and tricks• Templates and process-flows• Future improvement
CERT-in-a-Box and Alerting-Service-in-a-box
Tips and Tricks
Share knowledge & expertise with CERT’s=> the Boxing project ;)
Integrate the Alerting service in the processes of your CERT
Start with alerting to build credits first: be quick and accurate!
Stay in close contact with your target group to improve the quality of your alerts and incident handling
Start a Newsletter service for people who are not specifically interested in alerting, but need to be aware
Establish good contacts with (national) press in case escalationis needed
CERT-in-a-Box and Alerting-Service-in-a-box
CERT-in-a-Box and Alerting-Service-in-a-box
Downloadable
On the GOVCERT.NL websitehttp://www.govcert.nl/render.html?it=69
On the FIRST websitehttp://www.first.org/resources/guides/
Or send an e-mail [email protected]
CERT-in-a-Box and Alerting-Service-in-a-box
Thank you
Douwe [email protected]
www.govcert.nlwww.waarschuwingsdienst.nl