Post on 05-Apr-2018
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
1/39
Larry ClintonOperations Officer
Internet Security Alliancelclinton@eia.org703-907-7028
202-236-0001
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
2/39
Who we are What we believe Why we must take action What should business should do? A coherent program of cyber
security
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
3/39
The Internet Security Alliance
The Internet Security Alliance is a collaborative effort between
Carnegie Mellon UniversitysSoftware Engineering Institute (SEI)
and its CERT Coordination Center (CERT/CC) and the Electronic
Industries Alliance (EIA), a federation of trade associations with
over 2,500 members.
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
4/39
Sponsors
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
5/39
What We Believe
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
6/39
What We Believe
Internet is privately owned and operated Its our responsibility to demonstrate leadership There will be national and international attemptsto regulate Government mandates are doomed to fail Government mandates could be dangerous We must show real progress to forestall
regulation
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
7/39
Why We Must Act
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
8/39
The Past
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
9/39
Source: http://cm.bell-labs.com/who/ches/map/gallery/index.html
The Present
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
10/39
Human Agents
Hackers Disgruntled employees White collar criminals Organized crime Terrorists
Methods of Attack
Brute force Denial of Service Viruses & worms Back door taps &
misappropriation,
Information Warfare (IW)techniques
Exposures
Information theft, loss &corruption
Monetary theft & embezzlement
Critical infrastructure failure Hacker adventures, e-graffiti/
defacement
Business disruption
Representative Incidents Code Red, Nimda, Sircam CD Universe extortion, e-Toys
Hactivist campaign,
Love Bug, Melissa Viruses
The Threats The Risks
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
11/39
Growth in Incidents Reported
to the CERT/CC
1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002
132
110,000
55,100
21,756
9,8593,7342,1342,5732,4122,3401,3347734062526
0
20000
40000
60000
80000
100000
120000
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
12/39
The Dilemma: Growth in Number ofVulnerabilities Reported to CERT/CC
4,129
2,437
171345 311 262
417
1,090
0
500
1,000
1,500
2,000
2,500
3,000
3,500
4,000
4,500
1995 2002
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
13/39
Attack Sophistication v. Intruder
Technical Knowledge
High
Low
1980 1985 1990 1995 2000
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijackingsessions
sweepers
sniffers
packet spoofing
GUI
automated probes/scans
denial of service
www attacks
Tools
Attackers
IntruderKnowledge
AttackSophistication
stealth / advancedscanning techniques
burglaries
network mgmt. diagnostics
DDOSattacks
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
14/39
Financial Impacts of Attacks
Klez virus:- Clean up and lost productivity: $9 billion
Code Red: 1 million computers affected Clean-up and lost productivity: $2.6 billion
Love Bug: 50 variants, 40 million computers affected Clean-up and lost productivity: $8.8 billion
Nimda
Clean-up and lost productivity: $1.2 billion
Slammer Clean up and lost productivity: $1 billion +
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
15/39
Attacks are Inevitable
According to the US Intelligence community Americannetworks will be increasingly targeted by malicious actors
both for the data and the power they possess. National
Strategy to Secure Cyberspace, 2/14/02
The significance of the NIMDA attack was not in the amountof damage it caused but it foreshadows what we could
face in the future CIPB
Things are getting worse not better. NYT 1/30/03
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
16/39
What Should You Do?
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
17/39
The Private Sector and
National CyberSecurity
US government is holding companiesresponsible for their security
Fiduciary and oversight responsibility isbeing enforced
Corporate governance, vision and goalsreside at the executive level
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
18/39
Wont Advanced Technology
Protect Us?
Installing a network security device is not asubstitute for a constant focus andkeeping our defenses up to date There
is no special technology that can make anenterprise completely secure.
National Plan to Secure Cyberspace, 2/14/03
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
19/39
1.Invest in Cyber Security2.Consider Risk Mitigation
3.Become Involved in the PolicyDebate
4. Implement Best practices
5.Join with us in information sharing
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
20/39
Macro Step 1 Invest in
Cyber Security
US Government increasing spending64 % for cyber security.
*****For Business there is a 21% ROI for early
incorporation of security
- CSO Magazine 12/02
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
21/39
Step 2. Become Involved
in Policy Debate Calls for security mandates are being heard
federal, state and internationally
The structures for dealing with these issues arebeing erected now
If industry wants to maintain control over theInternet they must make it secure
A coordinated message is needed
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
22/39
Putnam Legislation
Risk Assessment Risk Mitigation Incident Response Program Tested Continuity plan Updated Patch management program
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
23/39
Ridge May Support
Concept
Companies that sell stock to the public may be
required to disclose what they are doing to protecttheir computer systems, Homeland Security
Secratery Tom Ridge said.
---Atlanta Journal Constitution October 10, 2003
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
24/39
Mandates or Incentives ?
Government mandates standards ? SEC reporting ? California style reporting ? Tax Credits for security investment? Insurance Discounts? Model Private Sector Programs ?
AIG Visa
Nortel Verizon
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
25/39
Step 3. Risk Mitigation/Cyber
Insurance
Consider Cyber Insurance
Are you covered? Should you be covered?
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
26/39
ISAlliance Cyber-Insurance
Program
Coverage for members
Free Assessment through AIG Market incentive for increased security practices 10% discount off best prices from AIG Additional 5% discount for implementing ISAlliance
Best Practices (July 2002)
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
27/39
Step 4. Adopt and
Implement Best Practices
Cited in US National DraftStrategy to Protect Cyber
Space (September 2002)
Endorsed by TechNet for CEOSecurity Initiative (April 2003)
Endorsed US India BusinessCouncil (April 2003)
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
28/39
Common Sense Guide
Top Ten Practice Topics
Practice #1: General ManagementPractice #2: PolicyPractice #3: Risk ManagementPractice #4: Security Architecture & DesignPractice #5: User IssuesPractice #6: System & Network ManagementPractice #7: Authentication & AuthorizationPractice #8: Monitor & AuditPractice #9: Physical SecurityPractice #10: Continuity Planning & Disaster Recovery
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
29/39
ISAlliance/CERT Training
Concepts and Trends In Information Security Information Security for Technical Staff OCTAVE Method Training Workshop Overview of Managing Computer Security Incident
Response Teams
Fundamentals of Incident Handling Advanced Incident Handling for Technical Staff Information Survivability an Executive Perspective
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
30/39
Macro Step 5
Join and participate in a cyber-security
information sharing organization
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
31/39
Benefits
Share critical information across industries andacross national boarders
Provide secure setting to work on commonproblems
Provide economic incentive programs Develop model industry programs Give policy makers an alternative to regulatory
models
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
32/39
CERT Knowledgebase
Examples
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
33/39
Benefits of Information Sharing
Organizations
May lesson the likelihood of attackOrganizations that share information about computer break ins are less
attractive targets for malicious attackers. NYT 2003
Participants in information sharing have theability to better prepare for attacks
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
34/39
Benefits of Information Sharing
Organizations
SNMP vulnerability CERT notified Alliance members Oct. 2001 Publicly disclosed Feb. 2002
Slammer worm CERT notified Alliance members May 2002 Worm exploited Jan. 2003
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
35/39
Why ISA Info Sharing
Works Carnigie Mellon/CERT leadership and credibility History, and regularity build up trust Enforce the rules builds trust Cross-sector/international model lessens
competitive concerns
Success breeds greater success
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
36/39
A Coherent 10 step
Program of Cyber Security
1. Members and CERT create best practices
2. Members and CERT share information
3. Cooperate with industry and government todevelop new models and products consistent with
best practices
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
37/39
A Coherent Program of
Cyber Security
4. Provide Education and Training programs based
on coherent theory and measured compliance
5. Coordinate across sectors
6. Coordinate across boarders
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
38/39
A coherent program
7. Develop the business case (ROI) for improvedcyber security
8. Develop market incentives for consistent
maintenance of cyber security
9. Integrate sound theory and practice into public
policy
10. Constantly expand the perimeter of cybersecurity by adding new members
7/31/2019 2003 00 00 Larry Clinton Silicon Valley Presentation About Best Practices and ISA Activities
39/39
Larry ClintonOperations Officer
Internet Security Alliance
lclinton@eia.org703-907-7028
202-236-0001