Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBEX - The Cybersecurity Information Exchange Framework

Published byColeen Parsons Modified over 9 years ago

Similar presentations

Presentation on theme: "CYBEX - The Cybersecurity Information Exchange Framework"— Presentation transcript:

1 CYBEX - The Cybersecurity Information Exchange Framework
2.1 CYBEX - The Cybersecurity Information Exchange Framework Tony Rutkowski, Rapporteur, ITU-T Cybersecurity Rapporteur Group EVP, Yaana Technologies Senior Fellow, Georgia Tech, Sam Nunn School, Center for International Strategy, Technology, and Policy (CISTP)

2 What is the Cybersecurity Information Exchange Framework (CYBEX) ?
A global initiative to identify a set of platform specifications to facilitate the trusted exchange of information among responsible parties worldwide supporting cybersecurity for Infrastructure protection Incident analysis and response Law enforcement and judicial forensics Enhance the availability, interoperability, and usefulness of these platforms Extensible use of best-of-breed open cyber security information exchange platforms Facilitated by the Cybersecurity Rapporteur Group of ITU-T (Q.4/17) ITU-T Recommendations during , with continuing evolution to current user community versions and needs

3 What is cybersecurity? = information exchange for analysis
Contractual service agreements and federations Intergovernmental agreements and cooperation Encryption/ VPNs esp. for signalling 1. Measures for protection Tort & indemnification 4. Legal Remedies Legal remedies may also institute protective measures Real-time data availability Data retention and auditing Identity Management Network/ application state & integrity Resilient infrastructure Routing & resource constraints Regulatory/ administrative law Criminal law 2. Measures for threat detection Forensics & heuristics analysis Provide data for analysis Provide basis for actions Deny resources Investigation & measure initiation Reputation sanctions Blacklists & whitelists Patch development Vulnerability notices Provide awareness of vulnerabilities and remedies 3. Measures for thwarting and other remedies = information exchange for analysis = information exchange for actions

4 The CYBEX Initiative: basic model for information exchange
CYBEX Focus Structure information Identify & discover cyber security information and organizations requesting & responding with cybersecurity information Trusted exchange of cyber security information Cybersecurity Information acquisition (out of scope) Cybersecurity Organization Cybersecurity Information use (out of scope) Cybersecurity Organization

5 Structured Information
Vulnerability/State Exchange Cluster Event/Incident/Heuristics Exchange Cluster CWE Common Weakness Enumeration CCE Common Configuration Enumeration ARF Assessment Results Format CVE Common Vulnerabilities and Exposures CVSS Common Vulnerability Scoring System SCAP SP Security Content Automation Protocol CWSS Common Weakness Scoring System XCCDF eXtensible Configuration Checklist Description Format OVAL Open Vulnerability and Assessment Language CPE Common Platform Enumeration CEE Common Event Expression Specific Events X.gridf SmartGrid Incident Exchange Format MAEC Malware Attribution Enumeration and Characterization Black/Whitelist Exchange Format PFOC Phishing, Fraud, and Other Non-Network Layer Reports CAPEC Common Attack Pattern Enumeration and Classification IODEF RFC5070 Incident Object Description Exchange Format Exchange Terms and Conditions LEA/Evidence Exchange Cluster = imported = new = referenced TS Handover Interface and Service-Specific Details (SSD) for IP delivery TS Handover interface for the request and delivery of retained data RFC3924 Architecture for Lawful Intercept in IP Networks TS Handover for Location Services X.dexf Digital Evidence Exchange File Format ERDM Electronic Discovery Reference Model X.cybex-tc Cyber information terms and condition exchange format

6 Discovery and Trusted Exchange
Discovery Cluster = imported = new = referenced X.cybex.1 An OID arc for cybersecurity information exchange X. cybex-disc OID-based discovery mechanisms in the exchange of cybersecurity information X. cybex.2 XML namespace in the Exchange of Cybersecurity Information X. chirp Cybersecurity Heuristics and Information Request Protocol Identity Trust Cluster Exchange Cluster X.cybex-beep BEEP Profile for Cybersecurity Information Exchange Framework X.cybex-tp Transport protocols supporting cybersecurity information exchange LEA/Evidence Exchange TS Handover Interface and Service-Specific Details (SSD) for IP delivery X.evcert Extended Validation Certificate TS102042 V Policy requirements for certification authorities issuing public key certificates X.eaa Entity authentication assurance

7 A Cybersecurity Namespace
Trusted global cybersecurity information exchange requires identifiers for The parties and other objects involved in the exchanges The information exchanged The terms and conditions associated with the exchanged information A global cyber security namespace is part of CYBEX and described in draft Rec. ITU-T X.cybex.1 The OID namespace 2.48 has been reserved for this purpose by joint ISO|IEC JTC1 SC6 and ITU SG17 action OID namespaces Are hierarchical and enable autonomous distributed management Were developed for and have been used for these kinds of purposes for the past 30 years Can also be used to meet new ETSI TC LI Dynamic Triggering requirement for a global identifier for warrants and related needs

8 A Global Cybersecurity Namespace
4 ISO ITU-T|ITU-R 1 2 3 Joint ITU-T & ISO [jointly allocated by ITU-T SG17 and ISO|IEC JTC1 SC6] [Allocated by ITU-T SG17] [Allocated by ISO|IEC JTC1 SC6] 48 = cybersecurity . . . 48 Architecture TBD USA 840 4 Afghanistan 756 Suisse 250 . . . France Every country has a numeric identifier automatically reserved in the OID 2.48 cybersecurity namespace nnn FIRST . . . Non-country organizations can also be allocated identifiers 1 [each country , organization, subdivision allocates namespaces and levels as desired]

9 Use of the OID cybersecurity namespace: an example
Ensures coherent ability to know who is involved, specific identification of the information, and expected treatment policies [hypothetical Swiss agency] Cybersecurity Organization [hypothetical French agency] Cybersecurity Organization Incident [local identifier] Terms & conditions [local identifier] Local agency and community identifiers can continue to be used The namespace identifiers need not be publicly exposed – only unique and consistent within the namespace

10 The cybersecurity problems are about to get much worse
Cloud Services and SmartGrids create potential significant new cybersecurity threats with far reaching consequences Public services are being pushed into the marketplace with No regulation No standards Availability of massive network data center resources With little understanding of the cybersecurity dimensions, much less effective solutions No international agreements

11 Will history repeat itself?
Similar kinds of cyber security challenges were faced a hundred years ago Fast-paced new network technology emerged Networks became global in scope Harmful incidents were rapidly scaling Governments did not intervene to avoid harm to innovation Sinking of the Titanic in 1912 finally motivated global action Every new network technology has faced similar challenges The 1980s OSI Internet had public infrastructure security solutions, but lacked innovation The 1990s TCP/IP academic Internet had no public infrastructure security solutions, but was great for innovation Criminals , hackers, terrorists, miscreants are also innovative and have many incentives CYBEX assembles open, extensible, technology-neutral capabilities essential for public network infrastructure/service cybersecurity in different forms over the past hundred years

12 It usually takes a major disaster
SS Cyber Infrastructure How many cyber icebergs do you need before substantial global action occurs?

Download ppt "CYBEX - The Cybersecurity Information Exchange Framework"

Similar presentations

Implementing Telephone Numbers for VoIP Tony Rutkowski Vice-President of Regulatory Affairs Tom Kershaw Vice-President of.

Implementing Telephone Numbers for VoIP Tony Rutkowski Vice-President of Regulatory Affairs Tom Kershaw Vice-President of.
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI 2010. All rights reserved.

Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)

Cyber Defence Data Exchange and Collaboration Infrastructure (CDXI)
Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur

Tony Rutkowski Yaana Technologies Georgia Tech Q.4/17 Rapporteur
Cloud computing security related works in ITU-T SG17

Cloud computing security related works in ITU-T SG17
Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.

Federal Desktop Core Configuration and the Security Content Automation Protocol Peter Mell, National Vulnerability Database National Institute of Standards.
Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.

Managed Incident Lightweight Exchange (MILE) Overview and Participation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office.
Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA www.gilligangroupinc.com March 10, 2009.

Cyber Security: Past and Future John M. Gilligan CERT’s 20 th Anniversary Technical Symposium Pittsburgh, PA March 10, 2009.
Lawful Access/Interception: Global Cooperation and Collaboration Anthony M Rutkowski.

Lawful Access/Interception: Global Cooperation and Collaboration Anthony M Rutkowski.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
DOCUMENT #:GSC15-GTSC-07 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.2 An overview of the Cybersecurity Information.

DOCUMENT #:GSC15-GTSC-07 FOR:Presentation SOURCE:ITU-T AGENDA ITEM:4.2 An overview of the Cybersecurity Information.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Geneva, Switzerland, 15-16 September 2014 ITU-T CYBEX standards for cybersecurity and data protection Youki Kadobayashi, NICT Japan Rapporteur, ITU-T Q.4/17.

Geneva, Switzerland, September 2014 ITU-T CYBEX standards for cybersecurity and data protection Youki Kadobayashi, NICT Japan Rapporteur, ITU-T Q.4/17.
Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00

Automated XML Content Data Exchange and Management draft-waltermire-content-repository-00
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

Similar presentations

Ads by Google