2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan

7/31/2019 2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan

1/25

Larry ClintonOperations Officer

Internet Security [email protected]

202-236-0001


2/25

The Internet Security Alliance

The Internet Security Alliance is a collaborative effort between

Carnegie Mellon UniversitysSoftware Engineering Institute (SEI)

and its CERT Coordination Center (CERT/CC) and the Electronic

Industries Alliance (EIA), a federation of trade associations with

over 2,500 members.


3/25

ISAlliance Mission

OPERATE A PUBLIC-PRIVATE PARTNERSHIPLEADING TO WORLD WIDE CYBER SECURITY

THROUGH:

Thought leadership Information Sharing Cooperative projects Market incentives


4/25

ISAlliance Distinctions

International in membership and leadership

Inter-sectoral---like the Internet

Organized on business, not nation state, lines ISAlliance IS a Public Private Partnership


5/25

Sponsors of ISAlliance


6/25

ISAlliance Leadership

Chairman of the Board, Dr. Bill Hancock, Cableand Wireless

Executive Director, Mr. Dave McCurdy Director of CERT/cc Rich Pethia


7/25

ISAlliance Services

Access to CERT/cc knowledgebase including over100 Special and Executive Communications each

year

Regular conference calls with CERT/cc experts andother ISAlliance members to discuss trends in threatand vulnerabilities

Access to development of ISA/CERT products e.g.Threat Metric and Wireless vulnerability library


8/25

ISAlliance Services

Emergency calls with CERT and Sponsors if highdegree of serious threats

Best Practices and Standards development Risk Management Committee Government Affairs/Policy Committee Public Relations Committee Membership Development and Ethics Committee


9/25

ISAlliance Services

Discounts of up to 15% off cyber insurance (foradopting ISA Best practices)

Discounts of up to 20% off CERT/cc Training,Education and conferences

International programs with business developmentpotential

Featured spots on forums and conferences Sponsorship opportunities Regular updates


10/25

ISA Services in

Development Return on Investment research and publicity Greater coordination with international CERTs and

other organizations

Making information more analytical, in addition tofactual

Quarterly cyber security research summaries Expanded Executive Education Expanded definition of Internet threats


11/25

Adopt and Implement

ISAlliance Best Practices

Cited in US National DraftStrategy to Protect Cyber

Space (September 2002)

Endorsed by TechNet for CEOSecurity Initiative (April 2003)

Endorsed US India BusinessCouncil (April 2003)


12/25

ISAlliance/CERT/cc Special

Communications


13/25

Benefits of Information Sharing

Organizations

May lesson the likelihood of attackOrganizations that share information about computer break ins are less

attractive targets for malicious attackers. NYT 2003

Participants in information sharing have theability to better prepare for attacks(Harvard study 2003)


14/25

Examples of Successful

ISAlliance Information Sharing I

SNMP vulnerability

October 2001 CERT notified ISAlliance members of SNMPvulnerability. CERT provides protection advise to membership while

waiting for patch development.

CERT provides ISAlliance members with updates in November,January 4, January 16, Feb. 7. ISAlliance conference calls discuss

remediation, press relations and use of vendor patches. SNMP Publicly disclosed Feb. 12, 2002. No ISAlliance members are affected by SNMP


15/25


Information Sharing II

SLAMMER WORM 2002-2003 May 2002, CERT Notifies ISAlliance members of

slammer vulnerability. Provides advise forprotection while awaiting patch

July 2002 Microsoft provides patch January 2003 Slammer Worm attacks, fastest

infection rate to date.


16/25


Information Sharing III July 2003 CISCO IOS Interface July 16, acting on information from Cisco, CERT

informs ISAlliance members of vulnerability advises

applying Cisco patch and steps that can be takenuntil the patch is applied.

July 17 ISAlliance Exec Communication &conference call

July 18 ISAlliance Exec Communication & call


17/25

Why ISAlliance Info

Sharing Succeeds CERT/cc leadership and credibility

History (2 years) and regularity build trust

Inter-sectoral/International membership notinhibited by competitive concerns

Success breeds success


18/25

ISAlliance Cyber-Insurance

Program

Coverage for members

Market incentive for increased security practices

10% discount off best prices from AIG Additional 5% discount for implementing ISAlliance

Best Practices (July 2002)

Discounts more than offset sponsorship dues


19/25

US Policy Initiatives

New Dept. Homeland Security (DHS) Creation of separate Cyber Security Division in

DHS

Congressional Committee on Homeland Security Creation of Congressional Cyber Security

Committee

Bilateral/Multi lateral outreach


20/25

ISAlliance Board Meeting

Meetings with White House Meetings with DHS Meetings with Congressional leadership in Cyber

Security

---Chairman Thornberry

---Chairman Putnam

---Chairman Boehlert

---Vice Chairmen and Ranking Members


21/25

Emerging Policy Issues

R&D funding Information Sharing legislation International Coordination Regulation Proposals ---Govt. Security Standards ---Private Sector Audits and SEC reporting on

Cyber security

---Expand Govt. standards to Private Sector


22/25

International Outreach---

India Confederation of Indian Industries/US-India

Business Council/ISAlliance

6 Teleconferences discussing cyber security issuesand needs (summer 2003)

US tour for Indian companies seeking partnershipsin America (fall 2003

ISAlliance trip to India including ISA/CERT Training(winter 2003/4) implementing a gold standard ofcyber security


23/25

International Cooperation/

OAS Region

OAS invites ISAlliance and CERT to join firstregional conference. (July 28-29, 2003)

OAS asks ISA to build on India model

Invitations to visit Caribbean, Canada and E.Europe


24/25

International

Cooperation---Japan 2002 ISAlliance publishes best Practices in Japanese.

Creates Japanese Micro site on web (first foreign language

2002 Dave McCurdy visits Japan meets with JapaneseMinistry of JEDA and CIAJ

2003 ISAlliance joined by three Japanese basedcompanies, Sony, NEC, Mitsubishi

Partnership?


25/25

Larry ClintonOperations Officer

Internet Security Alliance

[email protected]

202-236-0001

Documents

2003 07 30 Larry Clinton ISA Overview and International Outreach to Japan