Presentation is loading. Please wait.

Presentation is loading. Please wait.

A proposed Security Incident Management Process for WMO Member States

Published bySamson Johnston Modified over 6 years ago

Similar presentations

Presentation on theme: "A proposed Security Incident Management Process for WMO Member States"— Presentation transcript:

1 A proposed Security Incident Management Process for WMO Member States
Rémy Giraud

2 ET on Communication Techniques and Systems
As part of our Terms of Reference: (a) Maintain and develop recommended practices and technical guidance material for data communication techniques and procedures for use in the WIS, with a view to ensuring efficient and safe operations of information systems, and inform members of recent developments in standards bodies, in particular W3C, IETF, ITU and ISO; (e) Provide guidance on the technical, operational, security, administrative and contractual aspects of data communications services for WIS implementation at national, regional and global levels, including among others satellite telecommunications, managed data communications network services, cloud services and the Internet and coordinating cooperation with other organizations where appropriate to obtain operational benefits; (l) Raise awareness of Members on the opportunities and risks associated with new infrastructure technologies;

3 The trigger In 2015, a Security Incident affecting one of the GISCs was reported in the press The Security Incident wasn’t, at the time, neither denied nor confirmed by the GISC As a consequence of this incident, another GISC decided the “unplug the wire” with the (potentially) affected GISC Considering how the WIS is operating this could have tremendous consequences in the successful operation of the WIS 3

4 The lack of coordination
So far, in our set of regulations, we have no agreed way to manage such an event Even if this event was one of the first one to be reported at a global level, it is very likely to happen again In an integrated World Information System that we have now, we should have a proper Security Incident management methodology 4

5 The response ICT-ISS had an emergency meeting to discuss the matter. It must be noted that at the time, no one within ICT-ISS knew whether the incident was real or not and what could have been the impact ICT-ISS tasked ET-CTS to draft a proposal for a coordinate response in case of security related event ET-CTS presented the proposal mid-2016 and this is know part of the decision papers presented at CBS the way the metadata records are structured is having an impact on the usability of WIS 5

6 The WIS architecture

7 Background information
The WIS, up to a point, can be seen as one large IT environment, where each member appears as one site of a larger organization Eg: The 24 hour Global Cache is a replicated database between all the GISC A compromise database is one location could compromise all instances WIS is much more integrated compare to the GTS. The GTS is a “loosely coupled” system. The store and forward of bulletin poses less risks 7

8 Is there an applicable model? (1)
The ISO 27xxx is a set of standard practices related to IT Security, we can mention: ISO/IEC 27000 — Information security management systems — Overview and vocabulary[6] ISO/IEC 27001 — Information technology - Security Techniques - Information security management systems — Requirements. The older ISO/IEC 27001:2005standard relied on the Plan-Do-Check-Act cycle; the newer ISO/IEC 27001:2013 does not, but has been updated in other ways to reflect changes in technologies and in how organizations manage information. ISO/IEC 27002 — Code of practice for information security management ISO/IEC — Information security management system implementation guidance 8

9 Is there an applicable model? (2)
In the standard: “Security incidents should be reported through appropriate management channels as quickly as possible. A formal reporting procedure should be established, together with an incident response procedure, setting out the action to be taken on receipt of an incident report.” This is (almost) exactly what we need! We have however some difficulties in applying straight away this model 9 9

10 Can we apply the model? (1)
The domain of applicability of the ISO 27xxx standard is within an organization Typically, in our case, that would be within the NC and (probably) the reporting process will involve the national government What we are trying to achieve here is at a much larger scale and should cover multiple organizations (the GISCs, DCPCs and NCs ) spread over the world 10 10

11 Can we apply the model? (2)
When preparing the proposal within ET-CTS, we had exchange whether the model was applicable or not. We rather quickly hit the issue of disclosure If and when an NC is facing a Security Incident what can and can’t do? There was a consensus that is many cases the national laws would forbid the NC to communicate on the occurrence of the Incident, not to mention the nature of the incident 11 11

12 The proposal The proposal that is presented at CBS-16 is inspired by the ISO standards while at the same time recognizing that WMO and its Members is not a single organization and therefore each Member will be able to decide on a case by case basis what can and can’t be shared We are proposing a method to handle such cases Even if the ISO 27xxx standards are very interesting documents, they are a bit tough to read (!). So we have “translated” the requirements into simple flowcharts 12 12

13 The cases covered What process should I follow if I think I have an IT Security incident? What process should I follow if I hear that another WMO member has had a possible IT Security incident? What process should I follow if am contacted by my GISC? What process should the WMO IT Security Contact Point follow? What process should the GISC follow? 13 13

14 What process should I follow if I think I have an IT Security incident?
14 14

15 The document and some background information
The topic is introduced in CBS-16/Doc. 5.5(2) The full text is available at ICTT-WIS review of Draft Security Incidents - The story that triggered this effort as we know it late 2016: 15 15

16 Thank you Merci

Download ppt "A proposed Security Incident Management Process for WMO Member States"

Similar presentations

SEA & ETC Strategic Environmental Assessment and European Territorial Cooperation programmes Annual meeting with the Managing Authorities of the ETC programmes.

SEA & ETC Strategic Environmental Assessment and European Territorial Cooperation programmes Annual meeting with the Managing Authorities of the ETC programmes.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All Recent Standardization Activities on Cloud Computing Kishik Park, Kangchan Lee, Seungyun Lee TTA.
Recent Changes to HDR Policy and Procedures Felicity Roddick Associate Dean Research and Innovation.

Recent Changes to HDR Policy and Procedures Felicity Roddick Associate Dean Research and Innovation.
Frequently Asked Questions (FAQ) prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9.

Frequently Asked Questions (FAQ) prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9.
Www.lrqa.co.uk BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.

BS EN ISO 14001:2004 Madlen King BSc MSc MIEMA EMS Lead Assessor Lloyd’s Register Quality Assurance Ltd BS EN ISO 14001:2004.
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.

INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
Developing a result-oriented Operational Plan Training

Developing a result-oriented Operational Plan Training
ITU Workshop on Future Trust and Knowledge Infrastructure, Phase 1 Geneva, Switzerland, 24 April 2015 The Open and Trustworthy ICT Platform Prof. Dr.

ITU Workshop on "Future Trust and Knowledge Infrastructure", Phase 1 Geneva, Switzerland, 24 April 2015 The Open and Trustworthy ICT Platform Prof. Dr.
© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.

© 2011 Underwriters Laboratories Inc. All rights reserved. This document may not be reproduced or distributed without authorization. ASSET Safety Management.
Environmental Management System Definitions

Environmental Management System Definitions
CGMS-42 EUM-WP-32.ppt, v1A, 19 May 2014 Coordination Group for Meteorological Satellites - CGMS Presented to CGMS-42 Working Group IV, agenda item WGIV/9.1.

CGMS-42 EUM-WP-32.ppt, v1A, 19 May 2014 Coordination Group for Meteorological Satellites - CGMS Presented to CGMS-42 Working Group IV, agenda item WGIV/9.1.
ISO17799 / BS 7799-2 ISO 17799 / BS 7799-2. Introduction Information security has always been a major challenge to most organizations. Computer infections.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.
ENF/ERO ENUM Convergence Workshop Tony Holmes Chairman ETSI SPAN11 NAR BTexact Technologies Numbering Addressing & Routeing 9-10 January 2002 Standards.

ENF/ERO ENUM Convergence Workshop Tony Holmes Chairman ETSI SPAN11 NAR BTexact Technologies Numbering Addressing & Routeing 9-10 January 2002 Standards.
WMO Satellite Data Dissemination Strategy CGMS-43-WMO-WP-09 Jérôme Lafeuille, Stephan Bojinski and Mikael Rattenborg World Meteorological Organization.

WMO Satellite Data Dissemination Strategy CGMS-43-WMO-WP-09 Jérôme Lafeuille, Stephan Bojinski and Mikael Rattenborg World Meteorological Organization.
ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.

ITU-T SG17 Q.3 Telecommunication information security management An overview Miho Naganuma Q.3/17 Rapporteur 17 March 2016.
Update on the WIS Monitoring project

Update on the WIS Monitoring project
How to keep WIS performance healthy

How to keep WIS performance healthy
IAEA C2G Working Group 1 (Import / Export Controls, Repatriation, and National inventories / Registries) Outcome / Recommendation Summary Paul Gray & Dariusz.

IAEA C2G Working Group 1 (Import / Export Controls, Repatriation, and National inventories / Registries) Outcome / Recommendation Summary Paul Gray & Dariusz.

Similar presentations

Ads by Google