Improving Cyber Ecosystems Health by Metrics, … CyberGreen Yuri...Future work: Metrics v.3 •...
26
Improving Cyber Ecosystems Health by Metrics, Measurement and Mitigation Support Borderless Cyber Asia 2016, at Keio University,Tokyo Yurie Ito Executive Director, CyberGreen
Transcript of Improving Cyber Ecosystems Health by Metrics, … CyberGreen Yuri...Future work: Metrics v.3 •...
ImprovingCyberEcosystemsHealthbyMetrics,MeasurementandMitigationSupport
BorderlessCyberAsia2016,atKeioUniversity,TokyoYurieIto
ExecutiveDirector,CyberGreen
2Copyright©CyberGreen2016AllRightsReserved.
3Copyright©CyberGreen2016AllRightsReserved.
CyberGreen:Whatwedo
CyberHealthMeasurementWemeasureRisk-to-others.
ProvideaclearingHouseforRiskMiFgaFonBCPs.
SourcingRiskcondiFonsData
Advocacy
CapacityBuildingNeedsanalysisandImpactmeasurement
4Copyright©CyberGreen2016AllRightsReserved.
CyberGreen:Whoweare–collaborationforGlobalCommonGood
CyberGreenMetricsExperts
Group
SpecialAdvisers
CyberGreenBoard
Directors
TechnicalPartners
MiFgaFonsCSIRTs
GlobalDatasources
Sponsors
Dr.PaulTwomeyFormerICANNCEO)
Dr.RichardSoleyIndustrialInternetConsorFum
Dr.DanGeerSpecialAdviseronMetrics
Dr.JunMuraiDean,KeioUniversity
Dr.PaulVixieFarsightTechnology(SpecialAdviser)
5Copyright©CyberGreen2016AllRightsReserved.
TheCybersecurityLandscape
ThreatResponse
NaFonalsecurity
Publicsafety
Intelligence
LawEnforcement
Military
EcosystemHealthImprovement
Networkoperators
CSIRTs
ProductVendors
Media
Users CorporaFons
Policymakers
6Copyright©CyberGreen2016AllRightsReserved.
LackofmaintenanceisriskstoOTHERS
MisconfiguraFon
VulnerabiliFes
InfecFon
Riskfactorsofthehealthyinternet
7Copyright©2016,CyberGreen Sept2016
Abuse-ablesystemicconditionsposingriskstoothers*includingtoyourself*
OpenrecursiveDNSservers
OpenNTPservers
OpenSSDPservers
OpenSNMPservers
Copyright©CyberGreen2016AllRightsReserved.
CyberGreenv2.0Metrics:Premise
• CGwilltaketheperspecFveofrisk-to-
others.
• On-the-groundrealityisthatDDoSisthedamagingformofa_ackcurrentlymostextensivelyseeninquanFty.
8
9Copyright©CyberGreen2016AllRightsReserved.
v.2Metricsmethod
CyberGreenMetrics
10Copyright©CyberGreen2016AllRightsReserved.
• Risktoothers• Don'tmeasurework/effort,measurerisk
reducFon.• Transparency• Reproducibility/Repeatability• Accuracy
Principles
12Copyright©CyberGreen2016AllRightsReserved.
ETLprocess
13Copyright©CyberGreen2016AllRightsReserved.
14Copyright©CyberGreen2016AllRightsReserved.
CyberGreenPlatformTechnical
Objectives
15Copyright©CyberGreen2016AllRightsReserved.
16Copyright©CyberGreen2016AllRightsReserved.
17Copyright©CyberGreen2016AllRightsReserved.
18Copyright©CyberGreen2016AllRightsReserved.
19Copyright©CyberGreen2016AllRightsReserved.
20Copyright©CyberGreen2016AllRightsReserved.
21Copyright©CyberGreen2016AllRightsReserved.
MoreEfficientandGreaterImpactofMitigationforGlobalCommonGood
Ecosystemownersandstakeholdersmusttakecareofecosystemhealthandclean-upinfecFonssuchaseffortstoeliminateproxya_ackinfrastructure.EliminaFngtherisksposingtotherestoftheworldwouldbuild;o NaFonallevelàConfidenceo Businessàsocialresponsibility,brandingpowero UsersàIndicaFonofmaturityofcybersociety,educaFonalandawarenesslevel
22Copyright©CyberGreen2016AllRightsReserved.
Futurework:Metricsv.3
• ImproveAssetOwnerMetrics,CreateNewVendorMetrics
• AnalyzewhohasgreaterabilityformiFgaFonimpact• V.2isassetownerfocused• V.3:howcanweadd“vendorrisktoothers”
CyberGreenislookingfortheSponsorforthisresearchanddevelopmentofMetricsv.3PleasecontactushowtoSupport.
G7ICTMinisterscommitment
h_p://www.soumu.go.jp/main_content/000416960.pdf
RegionalhubHighlight:ASEAN
MinisterYaacob’sopeningstatement-13CyberGreenisoneglobaliniFaFvethatwillaidusinsecuringourcommoncyberspace.TheCyberGreenprojectaimstogivecountriesawarenessofthestateofcyberhealthandpotenFalvulnerabiliFeswithinourborders.WiththissituaFonalawareness,countriescanthentakeprevenFveacFontodealwithpotenFalcyberrisksandvulnerabiliFes.Thebe_eracountry’scyberhealth,the“greener”itwillbe.OverFme,CyberGreenwilldeveloprobustcyberhealthmetrics.ThesewillallowpracFFonersandpolicy-makerslikeourselvestoassesshowourcountries,andASEANasawhole,areprogressingonthecybersecurityfront.Cyberincidentresponderscanalsobe_eridenFfyandremediatedifferentclassesofthreats,basedonacFonablethreatinformaFonprovidedbyCyberGreen.14SingaporeisexcitedtobeasponsorofthisglobaliniFaFve.WehavesignedontoCyberGreen,aswerecognisethatASEANMemberStatesincludingourselvescanbenefitfromCyberGreen.Asastart,becauseofoursponsorship,allASEANMemberStateswillbeabletoaccessCyberGreenthroughSingaporeforfree,andgetafirstcutreportonthestateoftheirowncountry’scyberhealthstatus.IwouldliketoinvitefellowASEANMemberStatestocomeonboard,andjoinSingaporeinCyberGreen.Throughthisplaporm,ourcountriescanworktogethertoimproveourcybersituaFonalawareness,sharpenincidentresponse,andthereforesecureASEAN’scommoncyberspace.
25Copyright©CyberGreen2016AllRightsReserved.
PresidentBarackObamaonwhatAIMeansforNationalSecurity–WIRED
OBAMA:TradiFonally,whenwethinkaboutsecurityandprotecFngourselves,wethinkintermsofarmororwalls.Increasingly,Ifindmyselflookingtomedicineandthinkingaboutviruses,anFbodies.PartofthereasonwhycybersecurityconEnuestobesohardisbecausethethreatisnotabunchoftanksrollingatyoubutawholebunchofsystemsthatmaybevulnerabletoawormgeFnginthere.Itmeansthatwe’vegottothinkdifferentlyaboutoursecurity,makedifferentinvestmentsthatmaynotbeassexybutmayactuallyendupbeingasimportantasanything.
h_ps://www.wired.com/2016/10/president-obama-mit-joi-ito-interview/
WhatIspendalotofFmeworryingaboutarethingslikepandemics.Youcan’tbuildwallsinordertopreventthenextairbornelethalflufromlandingonourshores.Instead,whatweneedtobeabletodoissetupsystemstocreatepublichealthsystemsinallpartsoftheworld,Clicktriggersthattelluswhenweseesomethingemerging,andmakesurewe’vegotquickProtocolsandsystemsthatallowustomakevaccinesalotsmarter.SoifyoutakeapublichealthModel,andyouthinkabouthowwecandealwith,youknow,theproblemsofcybersecurity,alotmayendupbeingreallyhelpfulinthinkingabouttheAIthreats.
