Upload
isalliance
View
220
Download
0
Embed Size (px)
Citation preview
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
1/25
Larry ClintonOperations Officer
Internet Security [email protected]
202-236-0001
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
2/25
The Internet Security Alliance
The Internet Security Alliance is a collaborative effort between
Carnegie Mellon UniversitysSoftware Engineering Institute (SEI)
and its CERT Coordination Center (CERT/CC) and the Electronic
Industries Alliance (EIA), a federation of trade associations with
over 2,500 members.
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
3/25
ISAlliance Mission
OPERATE A PUBLIC-PRIVATE PARTNERSHIPLEADING TO WORLD WIDE CYBER SECURITY
THROUGH:
Thought leadership Information Sharing Cooperative projects Market incentives
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
4/25
ISAlliance Distinctions
International in membership and leadership
Inter-sectoral---like the Internet
Organized on business, not nation state, lines ISAlliance IS a Public Private Partnership
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
5/25
Sponsors of ISAlliance
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
6/25
ISAlliance Leadership
Chairman of the Board, Dr. Bill Hancock, Cableand Wireless
Executive Director, Mr. Dave McCurdy Director of CERT/cc Rich Pethia
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
7/25
ISAlliance Services
Access to CERT/cc knowledgebase including over100 Special and Executive Communications each
year
Regular conference calls with CERT/cc experts andother ISAlliance members to discuss trends in threatand vulnerabilities
Access to development of ISA/CERT products e.g.Threat Metric and Wireless vulnerability library
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
8/25
ISAlliance Services
Emergency calls with CERT and Sponsors if highdegree of serious threats
Best Practices and Standards development Risk Management Committee Government Affairs/Policy Committee Public Relations Committee Membership Development and Ethics Committee
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
9/25
ISAlliance Services
Discounts of up to 15% off cyber insurance (foradopting ISA Best practices)
Discounts of up to 20% off CERT/cc Training,Education and conferences
International programs with business developmentpotential
Featured spots on forums and conferences Sponsorship opportunities Regular updates
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
10/25
ISA Services in
Development Return on Investment research and publicity Greater coordination with international CERTs and
other organizations
Making information more analytical, in addition tofactual
Quarterly cyber security research summaries Expanded Executive Education Expanded definition of Internet threats
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
11/25
Adopt and Implement
ISAlliance Best Practices
Cited in US National DraftStrategy to Protect Cyber
Space (September 2002)
Endorsed by TechNet for CEOSecurity Initiative (April 2003)
Endorsed US India BusinessCouncil (April 2003)
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
12/25
ISAlliance/CERT/cc Special
Communications
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
13/25
Benefits of Information Sharing
Organizations
May lesson the likelihood of attackOrganizations that share information about computer break ins are less
attractive targets for malicious attackers. NYT 2003
Participants in information sharing have theability to better prepare for attacks(Harvard study 2003)
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
14/25
Examples of Successful
ISAlliance Information Sharing I
SNMP vulnerability
October 2001 CERT notified ISAlliance members of SNMPvulnerability. CERT provides protection advise to membership while
waiting for patch development.
CERT provides ISAlliance members with updates in November,January 4, January 16, Feb. 7. ISAlliance conference calls discuss
remediation, press relations and use of vendor patches. SNMP Publicly disclosed Feb. 12, 2002. No ISAlliance members are affected by SNMP
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
15/25
Examples of Successful
Information Sharing II
SLAMMER WORM 2002-2003 May 2002, CERT Notifies ISAlliance members of
slammer vulnerability. Provides advise forprotection while awaiting patch
July 2002 Microsoft provides patch January 2003 Slammer Worm attacks, fastest
infection rate to date.
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
16/25
Examples of Successful
Information Sharing III July 2003 CISCO IOS Interface July 16, acting on information from Cisco, CERT
informs ISAlliance members of vulnerability advises
applying Cisco patch and steps that can be takenuntil the patch is applied.
July 17 ISAlliance Exec Communication &conference call
July 18 ISAlliance Exec Communication & call
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
17/25
Why ISAlliance Info
Sharing Succeeds CERT/cc leadership and credibility
History (2 years) and regularity build trust
Inter-sectoral/International membership notinhibited by competitive concerns
Success breeds success
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
18/25
ISAlliance Cyber-Insurance
Program
Coverage for members
Market incentive for increased security practices
10% discount off best prices from AIG Additional 5% discount for implementing ISAlliance
Best Practices (July 2002)
Discounts more than offset sponsorship dues
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
19/25
US Policy Initiatives
New Dept. Homeland Security (DHS) Creation of separate Cyber Security Division in
DHS
Congressional Committee on Homeland Security Creation of Congressional Cyber Security
Committee
Bilateral/Multi lateral outreach
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
20/25
ISAlliance Board Meeting
Meetings with White House Meetings with DHS Meetings with Congressional leadership in Cyber
Security
---Chairman Thornberry
---Chairman Putnam
---Chairman Boehlert
---Vice Chairmen and Ranking Members
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
21/25
Emerging Policy Issues
R&D funding Information Sharing legislation International Coordination Regulation Proposals ---Govt. Security Standards ---Private Sector Audits and SEC reporting on
Cyber security
---Expand Govt. standards to Private Sector
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
22/25
International Outreach---
India Confederation of Indian Industries/US-India
Business Council/ISAlliance
6 Teleconferences discussing cyber security issuesand needs (summer 2003)
US tour for Indian companies seeking partnershipsin America (fall 2003
ISAlliance trip to India including ISA/CERT Training(winter 2003/4) implementing a gold standard ofcyber security
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
23/25
International Cooperation/
OAS Region
OAS invites ISAlliance and CERT to join firstregional conference. (July 28-29, 2003)
OAS asks ISA to build on India model
Invitations to visit Caribbean, Canada and E.Europe
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
24/25
International
Cooperation---Japan 2002 ISAlliance publishes best Practices in Japanese.
Creates Japanese Micro site on web (first foreign language
2002 Dave McCurdy visits Japan meets with JapaneseMinistry of JEDA and CIAJ
2003 ISAlliance joined by three Japanese basedcompanies, Sony, NEC, Mitsubishi
Partnership?
7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan
25/25
Larry ClintonOperations Officer
Internet Security Alliance
202-236-0001