4/21/2015. Jim Reavis CEO, Cloud Security Alliance. Cloud Security Alliance, Agenda

Transcription

1 Jim Reavis CEO, Cloud Security Alliance Agenda CSA History CloudCERT White House Legislative Announcements How is CSA addressing the issue of information sharing? Cloud CISC Pilot Demo Next Steps Questions? 1

2 CSA History - CloudCERT CloudCERT was conceived of at the same time as the Cloud Security Alliance (CSA) Broad goal is to improve defenses of the cloud ecosystem against attackers Emphasis was placed on developing CSA due to broader scope and potential impact in industry CloudCERT initiative was formally announced 2010 Working Group has been meeting once a month since January 2011 White House Legislative Announcements Enable Cybersecurity Information Sharing Promotes private sector and government information sharing as well as private to private via Information Sharing and Analysis Organizations (ISAO s) Encourages the development of ISAO s by providing targeted liability protection that share with these entities Requires DHS, DoJ, and Privacy and Civil Liberties Board to develop disclosure guidelines 2

3 White House Legislative Announcements Modernize Law Enforcement Authorities to Combat Cyber Crime Enable stronger authority to shut down botnets and prosecute operators Criminalize the sale of US financial information like credit cards and bank account numbers overseas. Update the Racketeering Influenced and Corrupt Organizations Act so that it clearly applies to cyber crimes, and clarifies penalties Clarifies Computer Fraud and Abuse Act so that insignificant conduct does not fall within the scope of the statute, while making it clear it can be used to prosecute insiders. White House Legislative Announcements National Data Breach Reporting Standardize that patchwork quilt of breach laws in place among 46 states into one Federal statute, and establish a single clear and timely notice requirement to ensure companies notify their employees and customers about security breaches 3

4 White House Legislative Announcements White House Summit on Cyber Security and Consumer Protection Summit was held on February 13 at Stanford Convene government and private sector leaders Topics include: information sharing, creating and improving cybersecurity practices and technologies, and improving the adoption of more secure payment technologies How is addressing the issue of information sharing?. 4

5 The Problem Attacks are becoming incredibly sophisticated. Knowing what happened is one thing. Knowing what to look for to see if it is happening to you is key. ISAC s have had limited success ISAC model is segmented by vertical (Financial Services, Energy, etc.). View across the sectors is critical to protecting companies today. ISACs do not allow for a Cloud Segment The Problem ISAC Model requires sending sensitive data to a trusted third party. Company identity is known. Snowden incident has made sharing with trusted third parties undesirable today. Need is clear a trusted method of sharing is required. Company identity is not known so not subject to subpoena s, etc. Incident data submission is quick and simple. Rapid analysis of data including correlation with other reports and open source data Alerts sent in minutes, not days/weeks Ability to anonymously discuss attacks with others and share solutions. 5

6 The Solution Cloud CISC CSA Cloud Cyber Incident Sharing Center Cloud adoption is progressing at an accelerating pace. We are concerned that the lack of a robust, automated incident sharing function will inhibit the timely resolution of security incidents, hamper our ability to minimize the damage caused by incidents, and could ultimately have a serious negative impact on the industry. The CSA Cloud CISC will: Provide a truly anonymous, global cyber security incident sharing platform enterprises; Educate the public and private community on Cloud Security Develop vendor neutral best practices and technical standards Develop policies aligning Cloud CISC to industry and governmental an international basis. How to get Involved Work Group Co-chair Currently seeking leadership for this initiative 2-3 Co-chairs (1appointed by CSA) Co-chair Requirements Appointed Co-chair must be an employee of a CSA Member Company Additional Co-chairs are decided by vote Time commitment required Contact research@cloudsecurityalliance.org for additional details and questions 6

7 How to get Involved Work Group Participant Currently seeking Volunteers for the following areas: Sub Group to focus on Researching, Developing & Promoting Vendor Neutral Best Practices Sub Group to define technical standards for information sharing Sub Group focused on Information Sharing Policy development and outreach Sub Group that will liaise with the standard development communities (SDOs) Contact if you are interested in getting involved How to get Involved We need support from our CSA Provider Community to participate in Cloud CISC Pilot CALL TO ACTION: Submit Incident Report Data Data Types Title Date Region Type of Attack Known Remediation Contact if you are interested in getting involved with the pilot 7

8 How to get Involved CISC Pilot Participant We need support from our CSA Provider Community to participate in Cloud CISC Pilot CALL TO ACTION: Submit Incident Report Data Examples: Title Date Region Type of Attack Known Remediation How the Cloud CISC Pilot Works Anonymous Authentication When users transmit sanitized reports, we execute a public anonymous authentication protocol that: Confirms the user is a member of the community, without disclosing the identity of the user, and Delivers a mathematic proof that the user has connected with Cloud CISC and that Cloud CISC does not know identity of the user. 8

9 The Cloud CISC methodology allows for easy sharing while preserving complete anonymity. 4 Alerts & Review Alerts members to new report for review along with correlated, actionable information 5 Rate & Collaborate Reports are rated to increase relevance and members collaborate with Cloud CISC Coordinator. 3 Correlate & Analyze Immediately correlates report with open source and other submitted reports 1 Scrub Incident Reports of Identifying Information Protects customer PII and corporate IP mitigating discovery concerns. 2 Share Unattributable Reports Protects company identity Powered by CISC Pilot Demo. 9

10 Cloud CISC Next Steps Kick-Off Call & Develop a 6 month Information Sharing Pilot Starting in May/June 2015 Develop and deliver educational programs on Cloud Security and the need for information sharing for both the public and private sector ongoing based on results Identify areas of potential CSA research based on Pilot results Q Identify best practices and need for technical standards Nov May 2016 Identify need for policies and alignment across industries and governments. Nov 2015 May 2016??? 10