Cloud Cyber Incident Sharing Center (CISC) Jim Reavis CEO, Cloud Security Alliance
Agenda CSA History CloudCERT White House Legislative Announcements How is CSA addressing the issue of information sharing? Cloud CISC Pilot Demo Next Steps Questions?
CSA History - CloudCERT CloudCERT was conceived of at the same time as the Cloud Security Alliance (CSA) Broad goal is to improve defenses of the cloud ecosystem against attackers Emphasis was placed on developing CSA due to broader scope and potential impact in industry CloudCERT initiative was formally announced 2010 Working Group has been meeting once a month since January 2011
White House Announcements The President signed an Executive Order encouraging and promoting information sharing. Promotes private sector and government information sharing as well as private to private via Information Sharing and Analysis Organizations (ISAO s) Requires DHS, DoJ, and Privacy and Civil Liberties Board to develop disclosure guidelines
Congressional Action the House The U.S. House is expected to vote on two bills this week which will focus on enabling information sharing between companies and with the Department of Homeland Security. The bills originate from the Homeland Security Committee (HR 1731) and Intelligence Committee (HR 1560). The House Judiciary Committee has provided language regarding liability protections for sharing data. The Rules Committee meets tonight to examine dozens of amendments. Both bills are thought to be complimentary and compatible but will require reconciliation which will probably not occur until the Senate passes its bill The bills define cyber threat indicators as well as cyber defense indicators. The bills require companies to take reasonable efforts to redact or encrypt sensitive information that is unrelated to a cyber attack. Both encourage private-to-private sharing as well as sharing with the DHS s National Cybersecurity and Communications Integration Center. Cloud Security Alliance, 2014.
Congressional Action the Senate The Senate Intelligence Committee passed a measure (S 754) similar to the House s proposed bills. It offers liability protection for sharing between companies and with the Department of Homeland Security. The Senate s vote on this measure may be delayed by agreement of extension of the Patriot Act which expires on June 1. A deal on the Patriot Act is reportedly in the works, but privacy advocates remain concerned. The bottom line: the prospects are good that we will have a law signed before Memorial Day. House and Senate leadership agree that an information sharing law is necessary. However.it is Washington. Cloud Security Alliance, 2014.
How is addressing the issue of information sharing?.
The Problem Attacks are becoming incredibly sophisticated. Knowing what happened is one thing. Knowing what to look for to see if it is happening to you is key. ISAC s have had limited success ISAC model is segmented by vertical (Financial Services, Energy, etc.). View across the sectors is critical to protecting companies today. ISACs do not allow for a Cloud Segment
The Problem ISAC Model requires sending sensitive data to a trusted third party. Company identity is known. Snowden incident has made sharing with trusted third parties undesirable today. Need is clear a trusted method of sharing is required. Company identity is not known so not subject to subpoena s, etc. Incident data submission is quick and simple. Rapid analysis of data including correlation with other reports and open source data Alerts sent in minutes, not days/weeks Ability to anonymously discuss attacks with others and share solutions.
The Solution Cloud CISC CSA Cloud Cyber Incident Sharing Center Cloud adoption is progressing at an accelerating pace. We are concerned that the lack of a robust, automated incident sharing function will inhibit the timely resolution of security incidents, hamper our ability to minimize the damage caused by incidents, and could ultimately have a serious negative impact on the industry. The CSA Cloud CISC will: Provide a truly anonymous, global cyber security incident sharing platform for enterprises; Educate the public and private community on Cloud Security Develop vendor neutral best practices and technical standards Develop policies aligning Cloud CISC to industry and governmental standards on an international basis.
How to get Involved Work Group Co-chair Currently seeking leadership for this initiative 2-3 Co-chairs (1appointed by CSA) Co-chair Requirements Appointed Co-chair must be an employee of a CSA Member Company Additional Co-chairs are decided by vote Time commitment required Contact research@cloudsecurityalliance.org for additional details and questions
How to get Involved Work Group Participant Currently seeking Volunteers for the following areas: Sub Group to focus on Researching, Developing & Promoting Vendor Neutral Best Practices Sub Group to define technical standards for information sharing Sub Group focused on Information Sharing Policy development and outreach Sub Group that will liaise with the standard development communities (SDOs) Contact research@cloudsecurityalliance.org if you are interested in getting involved
How to get Involved We need support from our CSA Provider Community to participate in Cloud CISC Pilot CALL TO ACTION: Submit Incident Report Data Data Types Title Date Region Type of Attack Known Remediation Contact pilot@cloudsecurityalliance.org if you are interested in getting involved with the pilot
How to get Involved CISC Pilot Participant We need support from our CSA Provider Community to participate in Cloud CISC Pilot CALL TO ACTION: Submit Incident Report Data Examples: Subject Date of incident Region Type of Attack Known Remediation
How the Cloud CISC Pilot Works Anonymous Authentication When users transmit sanitized reports, we execute a public anonymous authentication protocol that: Confirms the user is a member of the community, without disclosing the identity of the user, and Delivers a mathematic proof that the user has connected with TruSTAR and that TruSTAR does not know identity of the user.
A patent-pending technology that allows for easy sharing while preserving complete anonymity. 5 Rate & Collaborate 1 Scrub Reports are rated to Incident Reports increase relevance and of Identifying members collaborate Information with Cloud CISC Protects customer PII and Coordinator. corporate IP mitigating 4 Alerts & Review discovery concerns. Alerts members to new report for review along with correlated, actionable information 2 Share 3 Correlate & Analyze Immediately correlates report with open source and other submitted reports Unattributable Reports Protects company identity Powered by
CISC Pilot Demo.
Cloud CISC Next Steps Kick-Off Call & Develop a 4 month Information Sharing Pilot Starting in May/June 2015 Develop and deliver educational programs on Cloud Security and the need for information sharing for both the public and private sector ongoing based on results Identify areas of potential CSA research based on Pilot results Q1 2016 Identify best practices and need for technical standards Nov 2015 - May 2016 Identify need for policies and alignment across industries and governments. Nov 2015 May 2016
????