Improving Cyber Ecosystems Health by Metrics, … CyberGreen Yuri...Future work: Metrics v.3 •...
Transcript of Improving Cyber Ecosystems Health by Metrics, … CyberGreen Yuri...Future work: Metrics v.3 •...
ImprovingCyberEcosystemsHealthbyMetrics,MeasurementandMitigationSupport
BorderlessCyberAsia2016,atKeioUniversity,TokyoYurieIto
ExecutiveDirector,CyberGreen
2Copyright©CyberGreen2016AllRightsReserved.
3Copyright©CyberGreen2016AllRightsReserved.
CyberGreen:Whatwedo
CyberHealthMeasurementWemeasureRisk-to-others.
ProvideaclearingHouseforRiskMiFgaFonBCPs.
SourcingRiskcondiFonsData
Advocacy
CapacityBuildingNeedsanalysisandImpactmeasurement
4Copyright©CyberGreen2016AllRightsReserved.
CyberGreen:Whoweare–collaborationforGlobalCommonGood
CyberGreenMetricsExperts
Group
SpecialAdvisers
CyberGreenBoard
Directors
TechnicalPartners
MiFgaFonsCSIRTs
GlobalDatasources
Sponsors
Dr.PaulTwomeyFormerICANNCEO)
Dr.RichardSoleyIndustrialInternetConsorFum
Dr.DanGeerSpecialAdviseronMetrics
Dr.JunMuraiDean,KeioUniversity
Dr.PaulVixieFarsightTechnology(SpecialAdviser)
5Copyright©CyberGreen2016AllRightsReserved.
TheCybersecurityLandscape
ThreatResponse
NaFonalsecurity
Publicsafety
Intelligence
LawEnforcement
Military
EcosystemHealthImprovement
Networkoperators
CSIRTs
ProductVendors
Media
Users CorporaFons
Policymakers
6Copyright©CyberGreen2016AllRightsReserved.
LackofmaintenanceisriskstoOTHERS
MisconfiguraFon
VulnerabiliFes
InfecFon
Riskfactorsofthehealthyinternet
7Copyright©2016,CyberGreen Sept2016
Abuse-ablesystemicconditionsposingriskstoothers*includingtoyourself*
OpenrecursiveDNSservers
OpenNTPservers
OpenSSDPservers
OpenSNMPservers
Copyright©CyberGreen2016AllRightsReserved.
CyberGreenv2.0Metrics:Premise
• CGwilltaketheperspecFveofrisk-to-
others.
• On-the-groundrealityisthatDDoSisthedamagingformofa_ackcurrentlymostextensivelyseeninquanFty.
8
9Copyright©CyberGreen2016AllRightsReserved.
v.2Metricsmethod
CyberGreenMetrics
10Copyright©CyberGreen2016AllRightsReserved.
• Risktoothers• Don'tmeasurework/effort,measurerisk
reducFon.• Transparency• Reproducibility/Repeatability• Accuracy
Principles
12Copyright©CyberGreen2016AllRightsReserved.
ETLprocess
13Copyright©CyberGreen2016AllRightsReserved.
14Copyright©CyberGreen2016AllRightsReserved.
CyberGreenPlatformTechnical
Objectives
15Copyright©CyberGreen2016AllRightsReserved.
16Copyright©CyberGreen2016AllRightsReserved.
17Copyright©CyberGreen2016AllRightsReserved.
18Copyright©CyberGreen2016AllRightsReserved.
19Copyright©CyberGreen2016AllRightsReserved.
20Copyright©CyberGreen2016AllRightsReserved.
21Copyright©CyberGreen2016AllRightsReserved.
MoreEfficientandGreaterImpactofMitigationforGlobalCommonGood
Ecosystemownersandstakeholdersmusttakecareofecosystemhealthandclean-upinfecFonssuchaseffortstoeliminateproxya_ackinfrastructure.EliminaFngtherisksposingtotherestoftheworldwouldbuild;o NaFonallevelàConfidenceo Businessàsocialresponsibility,brandingpowero UsersàIndicaFonofmaturityofcybersociety,educaFonalandawarenesslevel
22Copyright©CyberGreen2016AllRightsReserved.
Futurework:Metricsv.3
• ImproveAssetOwnerMetrics,CreateNewVendorMetrics
• AnalyzewhohasgreaterabilityformiFgaFonimpact• V.2isassetownerfocused• V.3:howcanweadd“vendorrisktoothers”
CyberGreenislookingfortheSponsorforthisresearchanddevelopmentofMetricsv.3PleasecontactushowtoSupport.
G7ICTMinisterscommitment
h_p://www.soumu.go.jp/main_content/000416960.pdf
RegionalhubHighlight:ASEAN
MinisterYaacob’sopeningstatement-13CyberGreenisoneglobaliniFaFvethatwillaidusinsecuringourcommoncyberspace.TheCyberGreenprojectaimstogivecountriesawarenessofthestateofcyberhealthandpotenFalvulnerabiliFeswithinourborders.WiththissituaFonalawareness,countriescanthentakeprevenFveacFontodealwithpotenFalcyberrisksandvulnerabiliFes.Thebe_eracountry’scyberhealth,the“greener”itwillbe.OverFme,CyberGreenwilldeveloprobustcyberhealthmetrics.ThesewillallowpracFFonersandpolicy-makerslikeourselvestoassesshowourcountries,andASEANasawhole,areprogressingonthecybersecurityfront.Cyberincidentresponderscanalsobe_eridenFfyandremediatedifferentclassesofthreats,basedonacFonablethreatinformaFonprovidedbyCyberGreen.14SingaporeisexcitedtobeasponsorofthisglobaliniFaFve.WehavesignedontoCyberGreen,aswerecognisethatASEANMemberStatesincludingourselvescanbenefitfromCyberGreen.Asastart,becauseofoursponsorship,allASEANMemberStateswillbeabletoaccessCyberGreenthroughSingaporeforfree,andgetafirstcutreportonthestateoftheirowncountry’scyberhealthstatus.IwouldliketoinvitefellowASEANMemberStatestocomeonboard,andjoinSingaporeinCyberGreen.Throughthisplaporm,ourcountriescanworktogethertoimproveourcybersituaFonalawareness,sharpenincidentresponse,andthereforesecureASEAN’scommoncyberspace.
25Copyright©CyberGreen2016AllRightsReserved.
PresidentBarackObamaonwhatAIMeansforNationalSecurity–WIRED
OBAMA:TradiFonally,whenwethinkaboutsecurityandprotecFngourselves,wethinkintermsofarmororwalls.Increasingly,Ifindmyselflookingtomedicineandthinkingaboutviruses,anFbodies.PartofthereasonwhycybersecurityconEnuestobesohardisbecausethethreatisnotabunchoftanksrollingatyoubutawholebunchofsystemsthatmaybevulnerabletoawormgeFnginthere.Itmeansthatwe’vegottothinkdifferentlyaboutoursecurity,makedifferentinvestmentsthatmaynotbeassexybutmayactuallyendupbeingasimportantasanything.
h_ps://www.wired.com/2016/10/president-obama-mit-joi-ito-interview/
WhatIspendalotofFmeworryingaboutarethingslikepandemics.Youcan’tbuildwallsinordertopreventthenextairbornelethalflufromlandingonourshores.Instead,whatweneedtobeabletodoissetupsystemstocreatepublichealthsystemsinallpartsoftheworld,Clicktriggersthattelluswhenweseesomethingemerging,andmakesurewe’vegotquickProtocolsandsystemsthatallowustomakevaccinesalotsmarter.SoifyoutakeapublichealthModel,andyouthinkabouthowwecandealwith,youknow,theproblemsofcybersecurity,alotmayendupbeingreallyhelpfulinthinkingabouttheAIthreats.
HelpusfostertheCyberGreenapproach.
Contact:[email protected]