Information Sharing within the CNI, and Beyond

1
Information Sharingwithin the CNI, and Beyond
National Infrastructure Security Coordination
Centre
Peter Burnett Head of Information
Sharing peterb_at_niscc.gov.uk

• 8th March 2004

2
Where does Information Sharing fit in NISCC ?
Critical National Infrastructure
Investigating
Promoting
Vulnerabilities
and Assessing
Protection and
INFORMATION SHARING
Exploits
the threat of
eA
Assurance
Responding to
incidents
Research and Development/ Policy/ Mapping
3
What is it ?
Information Sharing

• Sharing Information about Incidents
• With NISCC
• With each other
• Sharing Real incidents and experiences
• Informing Assessment of the Threat
• Raising Awareness
• Warning each other
• Sharing Advice Good Practice
• Cooperation, Collaboration

4
Why is it necessary ?
Information Sharing

• There is a need for all connected users to
  protect their own systems and data, and to avoid
  unwittingly attacking others.
• This requires greater Awareness and Education
  amongst all users.
• Different communities require different types and
  levels of advice using appropriate language.
• Delivering relevant messages to small communities
  is much more effective than large-scale alerting.

5
Why is NISCC doing it ?
Information Sharing

• UK lead on IA for Government CNI
• More Reporting better Warning
• Efficient Trusted channel for issuing Alerts etc
• Better Awareness Protection Generally
• Everyone benefits, including the CNI

6
How to do it
Information Sharing

• ISACs (US)
• CERTs
• Information Exchanges (CNI)
• WARPs (Local Govt, SMEs, citizens etc)

7
CERTs
Information Sharing

• UK CERTs Forum
• EGC
• CWN, FIRST etc.
• Limited in number, scope reach.

8
Information Exchange (IE)
NISCC Information Sharing

• An information sharing mechanism established
  within a sub-sector to contribute to the
  protection of the UKs Critical National
  Infrastructure (CNI)
• Regular Face to face sharing
• Trust confidentiality
• Supplementary communication links
• IE Product

9
THE WARP
NISCC Information Sharing

• Issues Alerts Warnings
• Broker for Advice best practice
• Gathers, sanitises, and shares
  Incident Reports
• Warning, Advice Reporting Point

10
Why WARPs ?
NISCC Information Sharing

• WARPs are small, focused, cheap, semi-technical
• They can provide a filtered warning service
• They can work for citizen SME groups
• They can work at various levels
• They can reproduce to fill the gaps

11
A Shared Solution
WARP
WARP
Incident Reports Good Practice Solutions Skills
e-COMMUNITY
e-COMMUNITY
Experience, Expertise, Solutions
12
WARP for London Boroughs www.lcwarp.org
13
WARPs
NISCC Information Sharing

• London WARP pilot
• National Local Authorities WARP
• Secure Kent (Local Government and business)
• Chamber of Commerce (SMEs)
• Other groups interested
• Some large organisations

14
CERT WARP collaboration
NISCC Information Sharing

• Information Sharing Workshop 2003
• Adopt a WARP proposal
• Twinning between WARPs others
• WARPs as satellites of CERTs
• Extend CERT influence
• Share burdens

15
WARPs The Way Forward
NISCC Information Sharing

• Support several pilots
• Learn from experience
• Produce tools to assist new WARPs
• Link WARPs to each other and to CERTs
• Attract major sponsorship
• Launch WARP Toolbox
• Continual Improvement

16
The WARP TOOLBOX

• Starts with the Business Case
• Based on 3 core services
• Reporting and Trusted Sharing Service
• Good Practice Advice Brokering Service
• Filtered Warning Alerting Service
• Sample security policies templates
• Guidelines and whitepapers
• Application software

17
Seven stages in Building a WARP
Business case
WARP toolbox will provide guidance and tools for
all stages
Service Definition
Service Development
Service Provision
Service Operation
Build - budget, team, infrastructure, management
and administration
Marketing, raise awareness, build and maintain
membership
18
WARP Toolbox -
Stage 1 - Business case

• Background information on building Business cases
  for Information Security
• Choosing the WARP community, and helping identify
  a WARP champion
• Why should I build a WARP should be read by those
  organisations who want to know the benefits of
  setting up and managing a WARP
• Resource/cost template, in setting up a WARP
  against each of the seven stages described in the
  toolbox
• Indicative costings, with stated assumptions on
  the WARP implementation
• Funding models for both set-up and running costs.
• How to attract sponsorship and partners
• Business case headings, and associated comments
  to help potential members build the case for
  information sharing
• WARP services and benefits, to help argue the
  ROI for membership
• Engaging senior management, describes an approach
  which may help potential members engage with
  senior management.

19
(No Transcript)
20
WARPs
The Vision

• WARPs will become endemic across the UK, and
  beyond
• Self-replicating
• Free-standing
• Self-regulating
• Cooperative
• Contributing
• To their members
• To the CNI
• To each other
• To NISCC