WARPs & WARPs & CERTs/CSIRTs CERTs/CSIRTs Share to Protect

Peter Burnett, Peter Burnett, Head of Information Sharing,Head of Information Sharing,

& International Strategy& International StrategyNISCCNISCC

(peterb@niscc.gov.uk)(peterb@niscc.gov.uk)

UK CERT sceneUK CERT scene

• Uniras – UK Government CERTUniras – UK Government CERT– Central Government Central Government – Critical National Infrastructure companiesCritical National Infrastructure companies

• TF-CSIRT, FIRST, EGCTF-CSIRT, FIRST, EGC• UK CERTs ForumUK CERTs Forum

– Academic, Corporate, Govt, PrivateAcademic, Corporate, Govt, Private• UK has good coverage, but …… UK has good coverage, but …… • What about the Gaps ?What about the Gaps ?

WARPsWARPs

The WARP ModelThe WARP Model• Rather like a CERT, but without a technical Rather like a CERT, but without a technical

response capabilityresponse capability• Small, usually 1 operator (may be part-time)Small, usually 1 operator (may be part-time)• Serves its own close communityServes its own close community• Low-cost (usually subscription-based)Low-cost (usually subscription-based)• Close links with other WARPs, (&CERTs ?)Close links with other WARPs, (&CERTs ?)• Gets advisories from open sources, CERTs, WARPs Gets advisories from open sources, CERTs, WARPs • Adds value to advisories (language, priority, etc)Adds value to advisories (language, priority, etc)• Focus on sharing advice & best practiceFocus on sharing advice & best practice• Stimulates local incident reportingStimulates local incident reporting

How WARPs work : 3-phase processHow WARPs work : 3-phase process

1.1. Add valueAdd value, , save resources, improve save resources, improve effectivenesseffectiveness of of

advisories & warningsadvisories & warnings2.2. Develop community, Develop community,

build cooperation and TRUST, through build cooperation and TRUST, through sharing best practice & advicesharing best practice & advice

3.3. Encourage Encourage SharingSharing of (anonymised) incident reports, of (anonymised) incident reports,

problems, fixesproblems, fixes

LondonConnectsWARP

London Borough A London Borough C etc.London Borough B

Future ‘LA’ WARPs

CERTsBugtraq

UNIRAS

33 London Boroughs

NISCC

CSIRTsSansOther

Secure systemwith fallbackcontingency

Authorised usersin each Borough

Secure links

Secure link

Supported by SOCITM, OeE & NISCC

Secure links

1 TechnicalFTE

1 Admin.FTE

WARP for London Boroughs www.lcwarp.org

NEGWARP

NLAWARP ProjectNLAWARP Project

Funding from Central GovtFor new Local GovtWARPs in 9 English Regions

•Nov 05

•Registered 9

•Operational - 7

•Pending - 2

•Newly funded 7

•Under discussion 5

•Projected 2006 20+

The WARP Registerwww.warp.gov.uk/register

Setting up a WARP - the essentialsSetting up a WARP - the essentials

• The WARP Toolbox – www.warp.gov.ukThe WARP Toolbox – www.warp.gov.uk• A communityA community• A ‘champion’ A ‘champion’ • Minimal funding/resourcesMinimal funding/resources• The right ethosThe right ethos• RegistrationRegistration• [Filtered Warning Software][Filtered Warning Software]

The WARP TOOLBOXThe WARP TOOLBOX

Filtered Warnings ApplicationFiltered Warnings Application

FWA CategoriesFWA Categories

Why do WARPs & CERTs need each other ?Why do WARPs & CERTs need each other ? • What do WARPs need from CERTs ?What do WARPs need from CERTs ?

– Occasional technical advice Occasional technical advice – Recognition of role, valueRecognition of role, value– Sources of Advisories & WarningsSources of Advisories & Warnings– CooperationCooperation

• What do CERTs get out of it ?What do CERTs get out of it ?– The WARP ToolboxThe WARP Toolbox– Filtered Warnings SoftwareFiltered Warnings Software– Increased ReachIncreased Reach– More effective delivery of warnings etcMore effective delivery of warnings etc– Increased Incident ReportingIncreased Incident Reporting– More CERTs ?More CERTs ?

WARPs & CERTsWARPs & CERTs

The futureThe future

• WARPs will become endemic across the UK, WARPs will become endemic across the UK, and beyond– Self-replicatingSelf-replicating– Free-standingFree-standing– Co-operatingCo-operating– Improving the security ofImproving the security of

• their memberstheir members• the CNIthe CNI• EverybodyEverybody

WARPs & CERTsWARPs & CERTs

• Filling the Gaps• Reaching new places•

Questions ?(contact : peterb@niscc.gov.uk)

www.warp.gov.uk