Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Ics Isac Overview V0.1pub
1. ICS-ISAC
Private/Public ICS Security
Knowledge Sharing
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
2. ICS-ISAC
Public/Private information sharing and analysis center to capture and
transport ICS security information across sectors. The ISAC structure is
mandated by Homeland Security Presidential Directive 7 (HSPD-7).
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
3. ICS-ISAC
• Cross-ISAC Integration Vehicle
– Capture commonalities and sector-specific attributes
• Vendor-Customer Communications
– Standardized communication format
• Global Integration Center
– Develop global ICS security knowledge
– Aggregate public & private knowledge centers
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
4. Overview
• Leadership
– Chris Blask, Chair
– Brad Blask, Executive Director
– Sean Paul McGurk, Senior Policy Advisor
– Gib Sorebo, Senior Technology Advisor
• Membership
– Vendors
– Services Providers
– Asset Owners
– Knowledge Centers
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
5. Public
Knowledge ICS-ISAC in the Global Knowledge Network
Centers
Private
Knowledge
Centers
Legend
Filtered or Raw
Data
Private/Public
Knowledge Filtered Data
Centers
Knowledge
Aggregation
ICS-ISAC
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
6. Public/Private Information Sharing Matrix: ISACs
ICS-ISAC
IT-ISAC
MS-ISAC
SC-ISAC
NC-ISAC
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
7. Knowledge Flow
ISACs
NCCIC Vendors
ICS-ISAC
Service Private
Providers Knowledge
Sharing
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
8. Real Time Knowledge Sharing
Capgemini
Maritime Yokogawa
ISAC CPNI US
ICS-ISAC
LIGHTS Yokogawa
Japan
JP-CERT
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
10. Value to Vendors
• Single Consistent Communications Channel
– Advisory distribution and experience collection
– Reduced cost and increased effectiveness
• Private-Sector Voice in Public-Sector
– De facto private sector partner to government
– Negotiating center for private/public knowledge sharing standards
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
11. Value to Asset Owners
• Single Consistent Feed
– Threats, Vulnerabilities and Best Practices
– Vendor notifications
– Private/Public, Private & Public Knowledge Centers
• All-Hazards Visibility
– Cross-sector for all critical functions
• i.e. power, water, supply chain, transportation…
• Global knowledge sharing network
– Access to local, national and International resources
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
12. Value to Knowledge Sharing Centers
• Single Interface to Global Knowledge Sharing Network
– Propagate knowledge feed worldwide
– Real-time access to all ICS security knowledge sources
• Collaboration Platform
– Produce joint content with other knowledge centers
• Interoperability Platform
– Private sector forum for negotiation of knowledge interchange standards
• Public Sector Portal
– Stand-off from public knowledge centers
– Private sector voice to negotiate knowledge sharing with public sector
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
13. Global Knowledge Network
ICS Cybersecurity focuses on the enablement of critical infrastructure
knowledge sharing architectures for Municipal, Regional, National and Global
applications.
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
14. Public
Knowledge Knowledge Sharing Model
Centers
Private
Knowledge
Centers
Legend
Filtered or Raw
Data
Public/Private
Knowledge Knowledge
Centers
Aggregation
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
15. International Regional Model
Information
Sharing
Public/Private
Federal Knowledge
District Regional Security Operations Centers
Municipal - tightly monitor critical assets
- coordinate county and municipal
State Province Territory Region
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
16. State Model
Federal Process
CERT ISAC
State
Other Sector
Sharing ISAC
District
Municipality Municipality
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
17. Thank You
Brad Blask
Executive Director
brad@ics-isac.org
Copyright ICS Cybersecurity, Inc. 2012, Confidential, not for distribution
Notes de l'éditeur
Regardless of the detail within the global knowledge sharing network, at the highest level it follows a standard architecture that is reflected in this diagram. The three major components – Facility Capabilities, Aggregation, and Knowledge Centers – arrange in different topologies depending on specific conditions at the smaller scale, but follow the same pattern.Facility Baseline Requirements:===================Facilities must have a basic capability to produce information and/or utilize knowledge to participate in the global knowledge network.Aggregation:======== - One-to-One connectivity between all asset owners and individual knowledge centers is topologically complex and operationally difficult for all parties. - Many facilities do not and will not have the capability to manage security on their cyber infrastructure, and will require outsourced operations. - Aggregation of asset-owner information can be performed by public or private Managed Security Service Provider (MSSP) offerings or other means.The Knowledge Sharing Triad:==================Public Knowledge Centers:--------------------------------- - Public knowledge centers perform diligence for government responsibility for infrastructure security. (i.e. ICS-CERT) - Public centers exist at international, national, state, regional, county and municipal levels in the US governmental model, for example. - Public knowledge centers generally have access to information Private centers may not. - Public knowledge centers generally have legal restrictions regarding dissemination of knowledge Private centers may not.Private Knowledge Centers:---------------------------------- - Private knowledge centers perform diligence for private organizations’ responsibility for infrastructure security. (i.e. WCX) - Private knowledge centers exist as for-profit and non-profit entities. (i.e. NESCO TAC [non-profit], McAfee GTI [for-profit]) - Private knowledge centers can be dedicated operations or a unit within other private entities. (i.e. Red Sky Alliance [dedicated], IBM Xforce [unit])Public/Private knowledge centers:------------------------------------------ - “Public/Private”: public-sector centers where the private sector comes to share knowledge (i.e. ICSJWG). - Public/Private knowledge centers provide forums for public sector to engage in knowledge sharing with the private sector. - “Private/Public”: private-sector centers where the public sector comes to share knowledge (i.e. ICS-ISAC). - Private/Public knowledge centers provide forums for private sector to engage in knowledge sharing with the public sector.
The ISACs (Information Sharing and Analysis Centers) were initiated by Presidential Decision Direct NSC-63 (PDD-63) in 1998 by President Bill Clinton. In 2003 at the direction of President George H Bush, the Department of Homeland Security issued Homeland Security Presidential Directive 7 (HSPD-7). HSPD-7 expands on the charter of PDD-63 to more clearly define the function of the ISACs as centers of Public/Private information sharing.A matrix of vertical and horizontal ISACs has developed over this period. Vertical ISACs provide sector-specific information sharing and analysis nodes. Horizontal ISACs act to either bring all sectors together for regional or national purposes, or as mechanisms to collect and transport commonalities between sectors. The Multi-State ISAC and National Council of ISACs are examples of horizontal ISACs which bundle sectors, the IT ISAC and Supply Chain ISAC are examples of horizontal ISACs that transport cross-sector knowledge among vertical ISACs and other parties.As all sectors are impacted by security considerations of Information Technology and Supply Chain topics, all are also impacted by Industrial Control System security risks. The ICS-ISAC was established to act as a horizontal information sharing and analysis center focused on: identifying ICS security commonalities between sectors as well as sector-specific ICS security risks; ensuring high-fidelity, low-latency and effectively-targeted ICS security information sharing across sectors; and to support national indications and warnings architectures.
Regardless of the detail within the global knowledge sharing network, at the highest level it follows a standard architecture that is reflected in this diagram. The three major components – Facility Capabilities, Aggregation, and Knowledge Centers – arrange in different topologies depending on specific conditions at the smaller scale, but follow the same pattern.Facility Baseline Requirements:===================Facilities must have a basic capability to produce information and/or utilize knowledge to participate in the global knowledge network.Aggregation:======== - One-to-One connectivity between all asset owners and individual knowledge centers is topologically complex and operationally difficult for all parties. - Many facilities do not and will not have the capability to manage security on their cyber infrastructure, and will require outsourced operations. - Aggregation of asset-owner information can be performed by public or private Managed Security Service Provider (MSSP) offerings or other means.The Knowledge Sharing Triad:==================Public Knowledge Centers:--------------------------------- - Public knowledge centers perform diligence for government responsibility for infrastructure security. (i.e. ICS-CERT) - Public centers exist at international, national, state, regional, county and municipal levels in the US governmental model, for example. - Public knowledge centers generally have access to information Private centers may not. - Public knowledge centers generally have legal restrictions regarding dissemination of knowledge Private centers may not.Private Knowledge Centers:---------------------------------- - Private knowledge centers perform diligence for private organizations’ responsibility for infrastructure security. (i.e. WCX) - Private knowledge centers exist as for-profit and non-profit entities. (i.e. NESCO TAC [non-profit], McAfee GTI [for-profit]) - Private knowledge centers can be dedicated operations or a unit within other private entities. (i.e. Red Sky Alliance [dedicated], IBM Xforce [unit])Public/Private knowledge centers:------------------------------------------ - “Public/Private”: public-sector centers where the private sector comes to share knowledge (i.e. ICSJWG). - Public/Private knowledge centers provide forums for public sector to engage in knowledge sharing with the private sector. - “Private/Public”: private-sector centers where the public sector comes to share knowledge (i.e. ICS-ISAC). - Private/Public knowledge centers provide forums for private sector to engage in knowledge sharing with the public sector.
The ICS-ISAC is architected as a secure cloud environment. Each member is assigned a virtual machine inside the ICS-ISAC cloud within which they are able to control knowledge exchange with other members and knowledge centers.
At the regional level the architecture is as shown here. - A consistent set of capabilities and functions will be instantiated at state Security Operations Centers. - The state SOCs will ensure consistent visibility into and communication with all state assets. - The state SOC will share filtered information and knowledge bi-directionally with other: public/private; private; and state, federal and international public information sharing centers. - Some critical assets will establish relationships directly with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with Municipal and othe sub-regional information sharing centers. - Municipal and other sub-regional public information sharing centers will share filtered information and knowledge bi-directionally with regional centers. - Municipal and other sub-regional public information sharing centers will receive filtered information from and share knowledge with asset owners.
At the state level the architecture is as shown here. - The state SOCs will ensure consistent visibility into and communication with all state assets. - The state SOC will share filtered information and knowledge bi-directionally with other: public/private; private; and state, federal and international public information sharing centers. - Some critical assets will establish relationships directly with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with the state SOC. - County, tribal and other regional public information sharing centers will share filtered information and knowledge bi-directionally with Municipal and othe sub-regional information sharing centers. - Municipal and other sub-regional public information sharing centers will share filtered information and knowledge bi-directionally with regional centers. - Municipal and other sub-regional public information sharing centers will receive filtered information from and share knowledge with asset owners. - Asset owners within the state may communicate with the state information sharing network with a direct connection to the state SOC, through regional or sub-regional public information sharing centers, and/or through other means.