nsf cybersecuity summit may 2008. ren-isac goal the goal of the ren-isac is to aid and promote cyber...
TRANSCRIPT
![Page 1: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/1.jpg)
NSF Cybersecuity SummitMay 2008
![Page 2: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/2.jpg)
REN-ISAC Goal
The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher education and research (R&E) communities, through :•the exchange of sensitive actionable information within a private trust community,•the provision of direct security services, and•serving as the R&E trusted partner within the formal ISAC community.
![Page 3: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/3.jpg)
Benefits of Membership• Participate, share information in the private trust
community
• Receive actionable protection and response information, e.g. Daily Watch Report, Alerts, Advisories, and other
• Establish relationships with known and trusted peers
• Benefit from information sharing relationships constructed in the broad security community
• Benefit from vendor relationships (e.g. Microsoft SCP)
• Participate in technical security webinars
• Participate in REN-ISAC meetings, workshops, & training
• Have access to the 24x7 REN-ISAC Watch Desk
• Have access to active threat and other sensitive data feeds, e.g. for local IP and DNS block lists, sensor signatures, etc.
![Page 4: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/4.jpg)
Membership
• Membership is open to:– institutions of higher education, – teaching hospitals, – research and education network providers, and – government-funded research organizations;– international, although focused on U.S.
• Currently, membership guidelines are roughly:– must have organization-wide responsibilities for cyber
security protection and response,– must be permanent staff, and– must be vouched-for (personal trust) by 2 existing
members– http://www.ren-isac.net/membership.html
![Page 5: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/5.jpg)
Membership
People
Orgs
![Page 6: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/6.jpg)
REN-ISAC is a Cooperative Effort• Member participation is a cornerstone of REN-ISAC• Advisory Groups
– Executive Advisory Group: IU, LSU, Oakland U, Reed College, U Mass, UMBC, U Montana, Internet2, and EDUCAUSE
– Technical Advisory Group: Cornell, IU, Neustar, MOREnet, Team Cymru, UC Berkeley, U Mass, U Minn, U Oregon, and WPI
• Analysis Teams– Microsoft Analysis Team: Colorado, IU, NYU, UIUC, U
Washington
• Service development teams– Numerous
• Dedicated resource contributors: IU, LSU, Internet2• Other major, e.g. systems , tools, coordination , etc:
– LSU, Buffalo, Brandeis, WPI, and MOREnet
![Page 7: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/7.jpg)
Information Sharing
• REN-ISAC is a private trust community for sharing
sensitive information. • The private and trusted character
– provides a safe zone for the sharing of organizational incident experience,
– protects information about our methods and sources, and
– protects information which if publicly disclosed would abet our adversaries.
![Page 8: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/8.jpg)
Information Products• Daily Watch Report provides situational awareness.
• Alerts provide critical and timely information concerning new or increasing threat.
• Notifications identify specific sources and targets of active threator incident involving R&E. Sent directly to contacts at involved sites.
• Feeds provide specific identifying information regarding known active sources of threat; useful for IP and DNS block lists, sensor signatures, etc.
• Advisories inform regarding specific practices or approaches that can improve security posture.
• TechBurst webcasts provide instruction on technical topics relevant to security protection and response.
• Monitoring views provide summary views from sensor systems, useful for situational awareness.
![Page 9: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/9.jpg)
Notifications Sent
![Page 10: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/10.jpg)
Information Products: Notifications:
REN-ISAC EDU Storm Worm Daily Notifications
Beginning Feb 21 REN-ISAC source of ongoing intelligence regarding compromised systems operating in the Storm
Worm botnet.
REN-ISAC sent daily notifications identifying the compromised machines to security contacts at the
machine-owning organizations.
![Page 11: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/11.jpg)
Notifications quickly and dramatically blunted the severity of Storm infections in EDU
Information Products: Notifications:
REN-ISAC EDU Storm Worm Daily Notifications
![Page 12: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/12.jpg)
Throughout July and August, utilizing the Internet2 Arbor Networks Peakflow system, REN-ISAC detected and responded to ~dozen Storm Worm DDoS attacks transiting the Internet2 network. On Sept 9 R-I issued
an Alert to the R&E community,“Storm Worm DDoS Threat to the EDU Sector”
Information Products: Notifications:
REN-ISAC EDU Storm Worm Daily Notifications
![Page 13: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/13.jpg)
The Microsoft MSRT (Malicious Software Removal Tool) is updated for Storm on
9/11
Information Products: Notifications:
REN-ISAC EDU Storm Worm Daily Notifications
![Page 14: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/14.jpg)
Priorities for the Coming Year
Not in priority order:• Membership growth• Implement the two-tiered membership model• Implement the sustainability & growth business plan• Facilitate various forms of member involvement and
contribution• Development of additional information sharing
relationships, and care and feeding of existing relationships
• Assessment of current services and member needs• Scanning Services project• Cyber Security Registry• Various tool and service projects
![Page 15: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/15.jpg)
How to Join
• http://www.ren-isac.net/membership.html• Paraphrased:
– must have organization-wide responsibilities for cyber security protection and response,
– at an institution of higher education, teaching hospital, research and education network provider, or government-funded research organization,
– must be permanent staff, and– must be vouched-for (personal trust) by 2 existing
members.
![Page 16: NSF Cybersecuity Summit May 2008. REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher](https://reader036.vdocuments.us/reader036/viewer/2022083005/56649f275503460f94c3f2da/html5/thumbnails/16.jpg)
Contacts
http://www.ren-isac.net 24x7 Watch Desk:
[email protected] +1(317)278-6630
Doug Pearson, Technical [email protected]
Mark Bruhn, Executive [email protected]
Gabriel Iovino, Principal Security [email protected]