WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure...
Transcript of WARPs & CERTs/CSIRTs · CERTs Bugtraq UNIRAS 33 London Boroughs NISCC CSIRTs Sans Other Secure...
WARPs & WARPs & CERTs/CSIRTs CERTs/CSIRTs Share to Protect
Peter Burnett, Peter Burnett, Head of Information Sharing,Head of Information Sharing,
& International Strategy& International StrategyNISCCNISCC
UK CERT sceneUK CERT scene
• Uniras – UK Government CERTUniras – UK Government CERT– Central Government Central Government – Critical National Infrastructure companiesCritical National Infrastructure companies
• TF-CSIRT, FIRST, EGCTF-CSIRT, FIRST, EGC• UK CERTs ForumUK CERTs Forum
– Academic, Corporate, Govt, PrivateAcademic, Corporate, Govt, Private• UK has good coverage, but …… UK has good coverage, but …… • What about the Gaps ?What about the Gaps ?
WARPsWARPs
The WARP ModelThe WARP Model• Rather like a CERT, but without a technical Rather like a CERT, but without a technical
response capabilityresponse capability• Small, usually 1 operator (may be part-time)Small, usually 1 operator (may be part-time)• Serves its own close communityServes its own close community• Low-cost (usually subscription-based)Low-cost (usually subscription-based)• Close links with other WARPs, (&CERTs ?)Close links with other WARPs, (&CERTs ?)• Gets advisories from open sources, CERTs, WARPs Gets advisories from open sources, CERTs, WARPs • Adds value to advisories (language, priority, etc)Adds value to advisories (language, priority, etc)• Focus on sharing advice & best practiceFocus on sharing advice & best practice• Stimulates local incident reportingStimulates local incident reporting
How WARPs work : 3-phase processHow WARPs work : 3-phase process
1.1. Add valueAdd value, , save resources, improve save resources, improve effectivenesseffectiveness of of
advisories & warningsadvisories & warnings2.2. Develop community, Develop community,
build cooperation and TRUST, through build cooperation and TRUST, through sharing best practice & advicesharing best practice & advice
3.3. Encourage Encourage SharingSharing of (anonymised) incident reports, of (anonymised) incident reports,
problems, fixesproblems, fixes
LondonConnectsWARP
London Borough A London Borough C etc.London Borough B
Future ‘LA’ WARPs
CERTsBugtraq
UNIRAS
33 London Boroughs
NISCC
CSIRTsSansOther
Secure systemwith fallbackcontingency
Authorised usersin each Borough
Secure links
Secure link
Supported by SOCITM, OeE & NISCC
Secure links
1 TechnicalFTE
1 Admin.FTE
WARP for London Boroughs www.lcwarp.org
NEGWARP
NLAWARP ProjectNLAWARP Project
Funding from Central GovtFor new Local GovtWARPs in 9 English Regions
•Nov 05
•Registered 9
•Operational - 7
•Pending - 2
•Newly funded 7
•Under discussion 5
•Projected 2006 20+
The WARP Registerwww.warp.gov.uk/register
Setting up a WARP - the essentialsSetting up a WARP - the essentials
• The WARP Toolbox – www.warp.gov.ukThe WARP Toolbox – www.warp.gov.uk• A communityA community• A ‘champion’ A ‘champion’ • Minimal funding/resourcesMinimal funding/resources• The right ethosThe right ethos• RegistrationRegistration• [Filtered Warning Software][Filtered Warning Software]
The WARP TOOLBOXThe WARP TOOLBOX
Filtered Warnings ApplicationFiltered Warnings Application
FWA CategoriesFWA Categories
Why do WARPs & CERTs need each other ?Why do WARPs & CERTs need each other ? • What do WARPs need from CERTs ?What do WARPs need from CERTs ?
– Occasional technical advice Occasional technical advice – Recognition of role, valueRecognition of role, value– Sources of Advisories & WarningsSources of Advisories & Warnings– CooperationCooperation
• What do CERTs get out of it ?What do CERTs get out of it ?– The WARP ToolboxThe WARP Toolbox– Filtered Warnings SoftwareFiltered Warnings Software– Increased ReachIncreased Reach– More effective delivery of warnings etcMore effective delivery of warnings etc– Increased Incident ReportingIncreased Incident Reporting– More CERTs ?More CERTs ?
WARPs & CERTsWARPs & CERTs
The futureThe future
• WARPs will become endemic across the UK, WARPs will become endemic across the UK, and beyond– Self-replicatingSelf-replicating– Free-standingFree-standing– Co-operatingCo-operating– Improving the security ofImproving the security of
• their memberstheir members• the CNIthe CNI• EverybodyEverybody
WARPs & CERTsWARPs & CERTs
• Filling the Gaps• Reaching new places•
Questions ?(contact : [email protected])
www.warp.gov.uk