EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI D4.4 and the EGI review Dr Linda Cornwall 19 th Sept 2011 D4.41
EGI-InSPIRE RI Contents D4.4 description in DoW EGI review comments Draft TOC D4.4 including how D4.4 can address review comments Plans for a Security Threat Risk Assessment Invitation to participate 19 th Sept 2011 D4.4 and the review2
EGI-InSPIRE RI D4.4 EGI Security Risk Assessment EGI D4.4 is described in the DoW in the following way "A comprehensive review will be undertaken of the current EGI Production Infrastructure to assess its security vulnerabilities and associated risks. This review will cover the current technologies but also indicate vulnerabilities that will need to be mitigated in new candidate technologies that will be integrated into the infrastructure.” 19 th Sept 2011 D4.4 and the review3
EGI-InSPIRE RI Review Recommendation 7 Consider a ground up security review for grid infrastructures in general and EGI in particular. Start from the question: “what does it mean to be secure (trusted, private, controlled, etc.) in the grid? Remember that people are part of a grid. Consider the results from a verification point of view: can the grid infrastructure offer security assurances in the context of systems accreditation to conduct a range of sensitive services that meet both commercial and regulatory requirements? Work is underway in the ISO community to try to resolve these types of problem.
EGI-InSPIRE RI And in SA1 Commnets Security measures are in place beyond the technical FPVA methodology and are reported in the EGI milestones rather than deliverables. There seems to be a tendency to focus almost exclusively on threats to technical vulnerabilities. While it is gratifying, indeed, that security is being taken seriously in EGI, the current focus may well be too tight. It is a mature but very conventional risk-assessment based technical software system security model. Grids present a particularly complex threat surface and (non-technical) system vulnerabilities may well go completely unobserved, unless a comprehensive approach is taken. Has the question: “ What does it mean to be secure in a grid ” been asked? Given sufficient resources and time, a grid infrastructure could be rendered secure in the fullest sense, this is very likely not possible in other more highly virtualised environments and represents one of the key grid differentiators. The delivery of D4.4 in M19 offers the opportunity to initiate this investigation and discussion.
EGI-InSPIRE RI What should D4.4 do? D4.4 should be more than just a review of the technology, as described in the DoW, but a more comprehensive review of Security in the EGI environment This can address the various reviewers comments 19 th Sept 2011 D4.4 and the review6
EGI-InSPIRE RI Draft D4.4 TOC Security Groups and Functions in EGI Scope and aims of EGI Security Practices and Standards Plans for a Security Threat Risk Assessment Threats – (at least examples and categories) 19 th Sept 2011 D4.4 and the review7
EGI-InSPIRE RI Security Groups/activities in EGI It would appear that the reviewers were not fully aware of all the security groups and activities E.g. SPG activities, SSCs, …. so D4.4 can include a short section “security groups and functions in EGI” describing what is currently done and pointing to further information This will probably include a diagram 19 th Sept 2011 D4.4 and the review8
EGI-InSPIRE RI Scope and aims of EGI security This can answer “What does it mean to be secure in the Grid” This could include The obvious – sites protected from attack Allow people the benefits to which people are entitled users need to be confident their data cannot be deleted, modified, accessed by unauthz persons Risks from threats suitably mitigated 19 th Sept 2011 D4.4 and the review9
EGI-InSPIRE RI Scope and aims of EGI Security (2) This should clarify “What is EGI’s Role in information Security” Include aims Should define and limit the scope and responsibilities of EGI
EGI-InSPIRE RI Practices and standards Look at the Standards e.g. the ISO series and see which are relevant, and how close we are. E.g. relevant to sites Relevant to whole infrastructure Look at good practices in academic/distributed environment as well as EGI 19 th Sept 2011 D4.4 and the review11
EGI-InSPIRE RI Standards... At least need to address the reviewers comments Look at whether it makes sense to use standards partially or fully at sites No plans for audit for compliance Commercial auditing of all sites probably more than the EGI budget! Experts welcome to help with this
EGI-InSPIRE RI Plans for a Security Threat Risk assessment D4.4 will include a description of a strategy for a general Security Threat Risk Assessment The risk assessment itself will not be part of D4.4, but D4.4 will describe the strategy and some selected threats as examples The actual risk assessment will take place over a few months 19 th Sept 2011 D4.4 and the review13
EGI-InSPIRE RI Establish team Establish a team to carry out the assessment Participation needed/welcome! Important that a team is established who can do the work Not something one person can do on their own 19 th Sept 2011 D4.4 and the review14
EGI-InSPIRE RI Select Threats Threats will be coarse grained e.g. Grid used for on-line attack to external parties Trusted staff attack system Software Vulnerability exploited Not software specific Threats in a spreadsheet 1 st draft has been produced Will be iterated by team carrying out the assessment 19 th Sept 2011 D4.4 and the review15
EGI-InSPIRE RI For PM19 D4.4 As well as document At least the document including carefully defined plan Would be good to establish the team and a first draft of the threat spreadsheet Assessment later 19 th Sept 2011 D4.4 and the review16
EGI-InSPIRE RI Establish situation for each threat Select a ‘Contact’ for each threat This is the person who is job it is to establish the current situation Establish current situation for each threat What mitigation is/isn’t in place, groups handling this Mitigation in place may refer to current security groups or practices 19 th Sept 2011 D4.4 and the review17
EGI-InSPIRE RI Computation of Risk Actuarial computation of risk (e.g. by insurance companies) is based on statistics But for most threats to the Grid there are no statistics to base the computations Based on judgment of impact and likelihood Would be good if the team gets together and done by consensus Or vote Inherent Risk and risk with current mitigation in place each computed 19 th Sept 2011 D4.4 and the review18
EGI-InSPIRE RI Steps contd. Suggest mitigation for threats with higher risk value Recommended mitigation may include recommendations to follow standards, that an established group does something more Complete and present to management 19 th Sept 2011 D4.4 and the review19
EGI-InSPIRE RI Would you like to join in? A team will need to be established to carry out the assessment Establish Threats Find out or confirm current situation and mitigation in place for all threats Carry out assessment both inherent risk, risk with current mitigation in place, and make recommendations Participation welcome! 19 th Sept 2011 D4.4 and the review20
EGI-InSPIRE RI Questions and discussion ?? 19 th Sept 2011 D4.4 and the review21