WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure...
Transcript of WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure...
![Page 1: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/1.jpg)
WARPs & WARPs & CERTs/CSIRTs CERTs/CSIRTs Share to Protect
Peter Burnett, Peter Burnett, Head of Information Sharing,Head of Information Sharing,
& International Strategy& International StrategyNISCCNISCC
![Page 2: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/2.jpg)
UK CERT sceneUK CERT scene
• Uniras – UK Government CERTUniras – UK Government CERT– Central Government Central Government – Critical National Infrastructure companiesCritical National Infrastructure companies
• TF-CSIRT, FIRST, EGCTF-CSIRT, FIRST, EGC• UK CERTs ForumUK CERTs Forum
– Academic, Corporate, Govt, PrivateAcademic, Corporate, Govt, Private• UK has good coverage, but …… UK has good coverage, but …… • What about the Gaps ?What about the Gaps ?
![Page 3: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/3.jpg)
WARPsWARPs
![Page 4: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/4.jpg)
The WARP ModelThe WARP Model• Rather like a CERT, but without a technical Rather like a CERT, but without a technical
response capabilityresponse capability• Small, usually 1 operator (may be part-time)Small, usually 1 operator (may be part-time)• Serves its own close communityServes its own close community• Low-cost (usually subscription-based)Low-cost (usually subscription-based)• Close links with other WARPs, (&CERTs ?)Close links with other WARPs, (&CERTs ?)• Gets advisories from open sources, CERTs, WARPs Gets advisories from open sources, CERTs, WARPs • Adds value to advisories (language, priority, etc)Adds value to advisories (language, priority, etc)• Focus on sharing advice & best practiceFocus on sharing advice & best practice• Stimulates local incident reportingStimulates local incident reporting
![Page 5: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/5.jpg)
How WARPs work : 3-phase processHow WARPs work : 3-phase process
1.1. Add valueAdd value, , save resources, improve save resources, improve effectivenesseffectiveness of of
advisories & warningsadvisories & warnings2.2. Develop community, Develop community,
build cooperation and TRUST, through build cooperation and TRUST, through sharing best practice & advicesharing best practice & advice
3.3. Encourage Encourage SharingSharing of (anonymised) incident reports, of (anonymised) incident reports,
problems, fixesproblems, fixes
![Page 6: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/6.jpg)
LondonConnectsWARP
London Borough A London Borough C etc.London Borough B
Future ‘LA’ WARPs
CERTsBugtraq
UNIRAS
33 London Boroughs
NISCC
CSIRTsSansOther
Secure systemwith fallbackcontingency
Authorised usersin each Borough
Secure links
Secure link
Supported by SOCITM, OeE & NISCC
Secure links
1 TechnicalFTE
1 Admin.FTE
WARP for London Boroughs www.lcwarp.org
![Page 7: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/7.jpg)
![Page 8: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/8.jpg)
![Page 9: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/9.jpg)
NEGWARP
![Page 10: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/10.jpg)
![Page 11: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/11.jpg)
![Page 12: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/12.jpg)
NLAWARP ProjectNLAWARP Project
Funding from Central GovtFor new Local GovtWARPs in 9 English Regions
![Page 13: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/13.jpg)
•Nov 05
•Registered 9
•Operational - 7
•Pending - 2
•Newly funded 7
•Under discussion 5
•Projected 2006 20+
The WARP Registerwww.warp.gov.uk/register
![Page 14: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/14.jpg)
![Page 15: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/15.jpg)
Setting up a WARP - the essentialsSetting up a WARP - the essentials
• The WARP Toolbox – www.warp.gov.ukThe WARP Toolbox – www.warp.gov.uk• A communityA community• A ‘champion’ A ‘champion’ • Minimal funding/resourcesMinimal funding/resources• The right ethosThe right ethos• RegistrationRegistration• [Filtered Warning Software][Filtered Warning Software]
![Page 16: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/16.jpg)
The WARP TOOLBOXThe WARP TOOLBOX
![Page 17: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/17.jpg)
Filtered Warnings ApplicationFiltered Warnings Application
![Page 18: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/18.jpg)
FWA CategoriesFWA Categories
![Page 19: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/19.jpg)
Why do WARPs & CERTs need each other ?Why do WARPs & CERTs need each other ? • What do WARPs need from CERTs ?What do WARPs need from CERTs ?
– Occasional technical advice Occasional technical advice – Recognition of role, valueRecognition of role, value– Sources of Advisories & WarningsSources of Advisories & Warnings– CooperationCooperation
• What do CERTs get out of it ?What do CERTs get out of it ?– The WARP ToolboxThe WARP Toolbox– Filtered Warnings SoftwareFiltered Warnings Software– Increased ReachIncreased Reach– More effective delivery of warnings etcMore effective delivery of warnings etc– Increased Incident ReportingIncreased Incident Reporting– More CERTs ?More CERTs ?
![Page 20: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/20.jpg)
WARPs & CERTsWARPs & CERTs
![Page 21: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/21.jpg)
The futureThe future
• WARPs will become endemic across the UK, WARPs will become endemic across the UK, and beyond– Self-replicatingSelf-replicating– Free-standingFree-standing– Co-operatingCo-operating– Improving the security ofImproving the security of
• their memberstheir members• the CNIthe CNI• EverybodyEverybody
![Page 22: WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure system with fallback contingency Authorised users in each Borough Secure links Secure](https://reader033.fdocuments.us/reader033/viewer/2022042916/5f56ef3083aeb852387beea5/html5/thumbnails/22.jpg)
WARPs & CERTsWARPs & CERTs
• Filling the Gaps• Reaching new places•