© cloud security alliance, 2015 jim reavis ceo, cloud security alliance
TRANSCRIPT
© Cloud Security Alliance, 2015
Cloud Cyber Incident
Sharing Center (CISC)Jim Reavis
CEO, Cloud Security Alliance
© Cloud Security Alliance, 2015
Agenda
• CSA History – CloudCERT
•White House Legislative
Announcements
• How is CSA addressing the
issue of information sharing?
• Cloud CISC Pilot Demo
• Next Steps
• Questions?
CSA History - CloudCERT
• CloudCERT was conceived of at the same time as the Cloud Security Alliance (CSA)• Broad goal is to improve defenses of the cloud ecosystem
against attackers• Emphasis was placed on developing CSA due to broader scope
and potential impact in industry
• CloudCERT initiative was formally announced 2010• Working Group has been meeting once a month since January
2011
White House Legislative Announcements• Enable Cybersecurity Information Sharing• Promotes private sector and
government information sharing as well as private to private via Information Sharing and Analysis Organizations (ISAO’s)• Encourages the development of
ISAO’s by providing targeted liability protection that share with these entities• Requires DHS, DoJ, and Privacy and
Civil Liberties Board to develop disclosure guidelines
White House Legislative Announcements• Modernize Law Enforcement Authorities to Combat Cyber Crime• Enable stronger authority to shut down
botnets and prosecute operators
• Criminalize the sale of US financial information like credit cards and bank account numbers overseas.
• Update the Racketeering Influenced and Corrupt Organizations Act so that it clearly applies to cyber crimes, and clarifies penalties
• Clarifies Computer Fraud and Abuse Act so that “insignificant” conduct does not fall within the scope of the statute, while making it clear it can be used to prosecute insiders.
White House Legislative Announcements• National Data Breach Reporting• Standardize that patchwork quilt of
breach laws in place among 46 states into one Federal statute, and establish a single clear and timely notice requirement to ensure companies notify their employees and customers about security breaches
White House Legislative Announcements• White House Summit on Cyber Security and Consumer Protection• Summit was held on February 13 at
Stanford• Convene government and private
sector leaders• Topics include: information sharing,
creating and improving cybersecurity practices and technologies, and improving the adoption of more secure payment technologies
© Cloud Security Alliance, 2015.
How is addressing the issue
of information sharing?
© Cloud Security Alliance, 2015
The Problem
• Attacks are becoming incredibly sophisticated. Knowing what happened is one thing. Knowing what to look for to see if it is happening to you – is key.• ISAC’s have had limited success• ISAC model is segmented by vertical (Financial Services, Energy, etc.). • View across the sectors is critical to
protecting companies today.• ISACs do not allow for a Cloud
Segment
© Cloud Security Alliance, 2015
The Problem
• ISAC Model requires sending sensitive data to a trusted third party. • Company identity is known.• Snowden incident has made sharing with
trusted third parties undesirable today.
• Need is clear – a trusted method of sharing is required. • Company identity is not known – so not
subject to subpoena’s, etc.• Incident data submission is quick and
simple. • Rapid analysis of data including
correlation with other reports and open source data
• Alerts sent in minutes, not days/weeks• Ability to anonymously discuss attacks
with others and share solutions.
© Cloud Security Alliance, 2015
The Solution – Cloud CISC
CSA Cloud Cyber Incident Sharing Center
Cloud adoption is progressing at an accelerating pace. We are concerned that the lack of a robust, automated incident sharing function will inhibit the timely resolution of security incidents, hamper our ability to minimize the damage caused by incidents, and could ultimately have a serious negative impact on the industry. The CSA Cloud CISC will:
• Provide a truly anonymous, global cyber security incident sharing platform for enterprises;
• Educate the public and private community on Cloud Security
• Develop vendor neutral best practices and technical standards
• Develop policies aligning Cloud CISC to industry and governmental standards on an international basis.
© Cloud Security Alliance, 2015
How to get Involved
•Work Group Co-chair• Currently seeking leadership for
this initiative• 2-3 Co-chairs (1appointed by
CSA)• Co-chair Requirements
• Appointed Co-chair must be an employee of a CSA Member Company
• Additional Co-chairs are decided by vote
• Time commitment required
• Contact [email protected] for additional details and questions
© Cloud Security Alliance, 2015
How to get Involved
•Work Group Participant• Currently seeking Volunteers for
the following areas:• Sub Group to focus on Researching,
Developing & Promoting Vendor Neutral Best Practices
• Sub Group to define technical standards for information sharing
• Sub Group focused on Information Sharing Policy development and outreach
• Sub Group that will liaise with the standard development communities (SDOs)
• Contact [email protected] if you are interested in getting involved
© Cloud Security Alliance, 2015
How to get Involved
•We need support from our CSA Provider Community to participate in Cloud CISC Pilot• CALL TO ACTION: Submit Incident Report Data• Data Types
• Title • Date• Region• Type of Attack• Known Remediation
• Contact [email protected] if you are interested in getting involved with the pilot
© Cloud Security Alliance, 2015
How to get Involved
• CISC Pilot Participant•We need support from our CSA Provider Community to participate in Cloud CISC Pilot• CALL TO ACTION: Submit Incident Report Data• Examples:
• Title • Date• Region• Type of Attack• Known Remediation
© Cloud Security Alliance, 2015
How the Cloud CISC Pilot Works• Anonymous Authentication• When users transmit
sanitized reports, we execute a public anonymous authentication protocol that:
• Confirms the user is a member of the community, without disclosing the identity of the user, and
• Delivers a mathematic proof that the user has connected with Cloud CISC and that Cloud CISC does not know identity of the user.
The Cloud CISC methodology allows for easy
sharing while preserving complete anonymity.
Share Unattributable
ReportsProtects company
identity
2
Correlate & Analyze
Immediately correlates report with open source and
other submitted reports
3
Alerts & ReviewAlerts members to new report for review along
with correlated, actionable information
4
Rate & CollaborateReports are rated to
increase relevance and members collaborate
with Cloud CISC Coordinator.
5 ScrubIncident Reports
of Identifying Information
Protects customer PII and corporate IP – mitigating
discovery concerns.
1
Powered by
© Cloud Security Alliance, 2015.
CISC Pilot Demo
© Cloud Security Alliance, 2015
Cloud CISC Next Steps
• Kick-Off Call & Develop a 6 month Information Sharing Pilot Starting in May/June 2015• Develop and deliver educational
programs on Cloud Security and the need for information sharing for both the public and private sector – ongoing based on results• Identify areas of potential CSA
research based on Pilot results Q1 2016• Identify best practices and need for
technical standards Nov 2015 - May 2016• Identify need for policies and
alignment across industries and governments. Nov 2015 – May 2016
??? ?© Cloud Security Alliance, 2015