Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure.

Session 4.2 Creation of national ICT security infrastructure for developing countries

Industry-wide approach:

Raising awareness for ICT security infrastructure

Miho NaganumaLittle eArth Corporation

Rapporteur Q3/17Information Security Operators Group Japan (ISOG-J)

2Addressing security challenges on a global scale Geneva, 6-7 December 2010

Issues in Cybersecurity

Together with rapid growth of economies, multi-rateral business relations are expanding and connected. Meanwhile, it also raises issues for the necessity of secure network infrastructures with sophisticated cybersecurity services.

3Geneva, 6-7 December 2010 Addressing security challenges on a global scale

We are facing an urgent crisis in a continuing effort to raise awareness of cybersecurity incident response planning against DDoS attacks, targeted

attacks including Advanced Persistent Threat (APT) attacks with practice-based information

fast development of technologies for countermeasures

Issues in Cybersecurity (cont.)

Key issue : Information exchange Cybersecurity information exchange and technical

collaboration Wide range of collaboration – International,

regional, national level and industry level

4Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Developing international recommendation/ standards in Cybersecurity and information exchange

industry-wide/unique collaborationby Managed Security Service Providers

Information Security Operators Group Japan

5Geneva, 6-7 December 2010 Addressing security challenges on a global scale

1. Support for industrya. Providing guideline for

service usersb. Research for related

legal, regulatory requirements

2 ． Communicationsa. Technical exchange

and updateb. workshop and

seminar

Building trust in the community and enhance

active collaborationhttp://www.jnsa.org/isog-j/e/

Organisation

6Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Active involvement of related parties

Government support

New WG:Security Operation Information sharing

and collaboration

Members organisations

Security Operation information sharing and collaboration WG

Seeking “effective” information sharing and collaboration by Providing information and analysis methodologies Review actions with management view Support actions with research view Involving SOC Operators/Analyst, specialist for process management etc.

Information transmission enjoying the nature of neutrality Consideration on the requirements for cybersecurity operation collaboration Obstacles toward the collaboration Criteria of collaborating operations / sharing information Actions to conquer the obstacles

8Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Obstacles for information sharing

Differences between free-of-charge information and charged oneDifferences between contracted users and non-contracted onesDisadvantageous to offer information first?Difficulties to provide information even if the information is wantedDifficulties to acquire information due to separation of operational unit

9Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Case 1

Failed to re-utilise the collected information Failed to find the reason to share the information Lack of sense of purpose to continue the sharing Trap of money as a purpose

the information sharing will be terminated when the monetary relationship terminated

Failed to invoke any meaningful actions after gaining some information from the logs of the other companies Value of Information possess

10Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Case 2

Collaboration based on personal relationship disappears when the person moves to the other place The information sharing is difficult if the boss/supervisor is

not supportive to the activities It is difficult to advance the collaboration actively if we

cannot get any useful feedback for our customers When the person in charge move to different department,

the hand-over procedure is not good enough If sharing information itself becomes the objective, the

motivation of the operators at field will drop

11Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Other obstacles

Different view of Technologies, and operations among organizations best to start from information sharing collaboration will be next step

Internal relations vs External relationsReluctant feeling to share information in Security-industryQuestion what kind of information we want to shareSupport from management level and department heads. How does the information sharing and collaboration lead to the profit

of the company? Merit for each organization need to be considered

12Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Advantage of information sharing in ISOG-J

Members can issue incident information with the name of ISOG-J use both individual company name and ISOG-J name when

disclosing information depending on the situation share the practices of certain incidents among members share some trend information or some notes on that instead of

cybersecurity information itself

By disclosing information periodically from ISOG-J such information becomes a reference sourceFrom the viewpoint of education, it is beneficial to analyze detection information over certain network collaboratively is a good first step

13Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Candidate solutions1. Issuing threat analysis document for management

figures Information on what kind of threats against IT system we have,

and what kind of business continuity risk they pose

2. Starting with sharing statistical information on logs of IDS/IPS, NW appliances, servers etc.

Objective of sharing information and collaboration Policy of the data handling Manipulate the log so that sensitive information can be hidden

(such as user name) Log information sharing scheme Standard log format With considering how we can take best advantage of the log

data of each company14Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Candidate solutions

3. Quantative information of incidents that are detected

Gather incident information collected by SOCs Member organisations get access to the information

4. Sharing Meta information instead of raw data Sensitive information including threads information

that is difficult to be disclosed can be shared General information can be shared to customers

15Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Highlights for raising awareness

Industry–wide approach Involving related parties for ICT infrastructure

security (Gov, Gov. agencies, CIRT, ISP, MSSP, Security Vendors etc.)

“Neutral” organisation/association

Communication in industries Encourage bottom-up approach Analyse obstacles and make feasible scenarios and

candidate solutions Communication as education

16Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Contact: [email protected]

17Addressing security challenges on a global scale Geneva, 6-7 December 2010

Thank you

www.jnsa.org/isog-j/en