Cyber Partnership Blueprint: An Outline

Similar documents
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

ISAO SO Product Outline

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Bradford J. Willke. 19 September 2007

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

The CIS Security Metrics & Benchmarking Service. Clint Kreitner The Center for Internet Security

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

2014 Sector-Specific Plan Guidance. Guide for Developing a Sector-Specific Plan under NIPP 2013 August 2014

Summary of Consultation with Key Stakeholders

Achieving & Measuring the Value of Cyber Threat Information Sharing. Lindsley Boiney, Clem Skorupka (presenting)

Determining Best Fit for ITIL Implementation

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

Security Metrics Establishing unambiguous and logically defensible security metrics. Steven Piliero CSO The Center for Internet Security

PIPELINE SECURITY An Overview of TSA Programs

California State Updates. Presenter: David A. Minch, President & COO, HealthShare Bay Area

Health Information Exchange - A Critical Assessment: How Does it Work in the US and What Has Been Achieved?

Which Side Are You On?

Implementing Executive Order and Presidential Policy Directive 21

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

National Policy and Guiding Principles

Business Model for Global Platform for Big Data for Official Statistics in support of the 2030 Agenda for Sustainable Development

Department of Homeland Security Updates

Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda

General Framework for Secure IoT Systems

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

Integrated Cyber Defense Working Group (ICD WG) Introduction

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The Africa Utilities Telecom Council Johannesburg CC, South Africa 1 st December, 2015

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

University of Texas Arlington Data Governance Program Charter

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Conducting a Self-Assessment of a Long-Term Archive for Interdisciplinary Scientific Data as a Trustworthy Digital Repository

Private Sector Clearance Program (PSCP) Webinar

Critical Infrastructure Protection Committee Strategic Plan

Implementing ITIL v3 Service Lifecycle

The NIST Cybersecurity Framework

MEDICAL DEVICE CYBERSECURITY: FDA APPROACH

MDISS Webinar. Medical Device Vulnerability Intelligence Program for Evaluation and Response (MD-VIPER)

State of South Carolina Interim Security Assessment

(60 min) California State Updates

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Why you should adopt the NIST Cybersecurity Framework

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

HPH SCC CYBERSECURITY WORKING GROUP

Memorandum of Understanding between the Central LHIN and the Toronto Central LHIN to establish a Joint ehealth Program

Medical Device Cybersecurity: FDA Perspective

DHS Cybersecurity: Services for State and Local Officials. February 2017

Awareness as a Cyber Security Vulnerability. Jack Whitsitt Team Lead, Cyber Security Awareness and Outreach TSA Office of Information Technology

The Office of Infrastructure Protection

Enabling Collaboration for Digital Preservation

Incident Response Services

2018 MANAGED SECURITY SERVICE PROVIDER (MSSP): BENCHMARK SURVEY Insights That Inform Decision-Making for Retail Industry Outsourcing

Track 1 // Collaboration & Partnerships

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

DoD Software Assurance Initiative. Mitchell Komaroff, OASD (NII)/DCIO Kristen Baldwin, OUSD(AT&L)/DS

DLA Energy Panel: Energy Resiliency and Assurance

SECURITY INCIDENT MANAGEMENT. Solution Primer. Jenn Black. Senior Research AnalystSolutions Research and Development Office of the CISO, Optiv

Update from HIMSS National Privacy & Security. Lisa Gallagher, VP Technology Solutions November 14, 2013

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cybersecurity: Incident Response Short

Cyber Secure Dashboard Cyber Insurance Portfolio Analysis of Risk (CIPAR) Cyber insurance Legal Analytics Database (CLAD)

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Public Power Forward Challenges & Opportunities

G7 Bar Associations and Councils

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

EMVO FMD Workshop Brussels 13. December 2016

South Dakota Utah Wyoming Needs and Challenges Funding assistance Training Federal program enhancements Exercises

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

European Union Agency for Network and Information Security

Network and Information Security Directive

Information Technology Information Sharing and Analysis Center. First Symposium Barcelona, Spain Feb. 2, 2011

The National Medical Device Information Sharing & Analysis Organization (MD-ISAO) Initiative Session 2, February 19, 2017 Moderator: Suzanne

National Cyber Security Strategy (NCS) Toolkit

Regional Resilience: Prerequisite for Defense Industry Base Resilience

DoD Software Assurance (SwA) Update

WRI BUILDING EFFICIENCY INITIATIVE BUILDING EFFICIENCY INITIATIVE, WRI ROSS CENTER FOR SUSTAINABLE CITIES

Preparatory process of the second High-level United Nations Conference on South-South Cooperation

POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS

Mitigation Framework Leadership Group (MitFLG) Charter DRAFT

Mr. Games, Thank you. Kent Landfield McAfee, LLC. [Attachment Copied Below]

IT Modernization In Brief

POSITION DESCRIPTION

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Office of Acquisition Program Management (OAPM)

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Creating a Corporate Taxonomy. Internet Librarian November 2001 Betsy Farr Cogliano

April 17, Ronald Layne Manager, Data Quality and Data Governance

Legal and Regulatory Developments for Privacy and Security

Chapter X Security Performance Metrics

Transcription:

Approved for Public Release; Distribution Unlimited. 13-3851 The MITRE Corporation Cyber Partnership Blueprint: An Outline October 26, 2013 Copyright 1997-2013, The MITRE Corporation. All rights reserved.

i Blueprint Outline: Cyber Exchange (Version 0.85) Contents Scope... 1 Blueprint Overview... 1 Lessons Learned & Challenges... 1 Business View... 1 Overview... 1 Understanding the Landscape... 1 Understanding the Potential Players... 1 Determining Industry Mix and Identifying Potential Participants... 1 Identifying Potential Organizing and Operating Entities... 2 Understanding Other Cybersecurity Players... 2 Articulating Differentiators and Value Proposition... 2 Developing an Approach for Reaching Out to Key Players... 2 Developing an Initial Charter for the Cyber Partnership... 2 Conducting the Pilot... 2 Recruiting Charter Members... 2 Developing and Executing Initial Participation Agreement... 2 Establishing Platforms for Sharing... 2 Start Sharing... 3 Transitioning to Operations... 3 Developing a Business Plan... 3 Partnership Overview... 3 Market Analysis... 3 Sharing Activities and Tools... 3 Operations... 3 Organization... 3 Finance... 3 Think Ahead... 3 Establish Timeline and Milestones... 3 List of References... 3 Operational View... 3 Overview... 3

ii Blueprint Outline: Cyber Exchange (Version 0.85) Establishing a Membership Model... 3 Types and Roles... 3 Eligibility... 4 Charter Members... 4 Establishing a Trust Framework... 4 Developing Non-Disclosure Agreement... 4 Finding Trusted Intermediaries... 4 Developing Member Trust... 4 Establishing a Sharing Model... 4 Developing a Sharing Incentive Framework... 4 Developing Rules of Behavior... 4 Defining Organizational Interactions... 4 Face-to-Face... 4 Virtual... 4 Technical Exchanges... 5 Executive Sessions... 5 Developing a Communications and Outreach Plan... 5 Defining Metrics... 5 Establishing a Timeline and Milestones... 5 Thinking Ahead... 5 List of References... 5 Infrastructure View... 5 Overview... 5 Establishing a Model for Sharing Cyber Threat Information... 5 Hub-and-Spoke... 5 Post-to-All... 5 Federated... 5 Hybrid... 5 Defining What You Are Sharing... 5 Developing Requirements for Sharing Tools... 5 Portal... 6 Collaboration... 6

Threat Repository... 6 Establishing Norms for Representing Threat Information... 6 Providing Secure Architecture for Sharing... 6 Thinking Ahead... 6 Establishing a Timeline and Milestones... 6 List of References... 6 iii

Scope The Cyber Partnership Blueprint ( Blueprint ) is a building plan for how an entity (public or private) can establish and operate a consortium (cyber partnership) for sharing unclassified cyber threat information. This outline will guide a series of online posts on Blueprint for Cyber Threat Sharing that will constitute the Blueprint. Brief notes appear under the various sections that describe the content that will be fleshed out in the Blueprint series. Those online posts will be periodically compiled into a single standalone Blueprint document. Blueprint Overview The major elements in the Blueprint are: Lessons Learned & Challenges: Do s and Don ts that make or break a cyber partnership. Business View: The foundation for getting a partnership up and running. Operational View: The foundation for sustaining effective operations. Infrastructure View: Establishing an enabling IT infrastructure. The Blueprint is augmented by examples of typical products (e.g., trust frameworks, non-disclosure agreements) that are needed to help form and sustain a cyber partnership. Lessons Learned & Challenges Lessons learned and challenges represent the Do s and Don ts and potential pitfalls that will help guide a cyber partnership s successful development and operations. These pointers, and the rest of the Blueprint, are shaped by MITRE s experiences over the years as a member of several sharing consortia. The lessons learned and challenges will be articulated in one of the posts in the Blueprint for Cyber Threat Sharing series. Business View Overview The business view explains why a business point of view is necessary; outlines a high-level perspective; and provides options for establishing and operating a cyber partnership. Understanding the Landscape This section outlines how each cyber security partnership should be set up to meet the specific needs of the region(s) or group it serves. Understanding the Potential Players Determining Industry Mix and Identifying Potential Participants 1

Identifying Potential Organizing and Operating Entities Understanding Other Cybersecurity Players Articulating Differentiators and Value Proposition Developing an Approach for Reaching Out to Key Players Developing an Initial Charter for the Cyber Partnership Establish Missions, Goals, and Objectives Define Principles and Values Develop Concept of Operations Blueprint Outline: Cyber Exchange (Version 0.85) Conducting the Pilot A pilot can be used to jump start cyber threat information sharing with a small group (3-7 organizations) of early adopters while more formal plans and operations are being developed. A pilot represents a proof-of-concept that allows participants to see for themselves the value of sharing information. It provides practical experiences that will inform the cyber partnership s full operational capability. The pilot informs, and is conducted in parallel with, Developing a Business Plan. Recruiting Charter Members Initial Contact Recruiting Meetings Developing and Executing Initial Participation Agreement Key Elements of the Participation Agreement Comments of Achieving Agreement Establishing Platforms for Sharing Annual Event Cyber Technical Exchanges Executive Sessions Establish Portal Security Operations Center Incident Response Vulnerability Assessments Training 2

Research and Development Start Sharing Transitioning to Operations This section describes how to transition from the initial operational capability established during the pilot phase to full and sustained operations. Developing a Business Plan The business plan sets the direction for the cyber partnership going forward and also establishes processes and models that ensure that the partnership can exist as an efficient and financially sound entity. The business plan is developed based on what is learned from understanding the landscape and conducting the pilot. The business plan should be a living document that continues to change as the cyber partnership evolves. Partnership Overview Market Analysis Sharing Activities and Tools Operations Organization Finance Think Ahead This describes the elements to consider for long-term strategic operations. Establish Timeline and Milestones This describes a basic timeline and milestones for establishing an initial operational capability. List of References Operational View Overview The operational view builds on the lessons learned and products from the business view to more formally defining the processes needed to sustain the operation and evolution of a consortium for cyber threat information sharing. Establishing a Membership Model This describes the characteristics, advantages, and challenges of different compositions of members in a consortium. Types and Roles 3

Sector Regional Cross-Domain Government Universities Industry Non-Profit Eligibility Entry Vetting Approval Sanctions Charter Members Establishing a Trust Framework This describes the functional requirements of a framework that facilitates developing trust among members so that sharing valued cyber threat information can occur. Developing Non-Disclosure Agreement Finding Trusted Intermediaries Developing Member Trust Establishing a Sharing Model This describes the functional requirements for a model that facilitates the process of sharing cyber threat information. Developing a Sharing Incentive Framework Developing Rules of Behavior Defining Organizational Interactions This describes the functional requirements for several styles of organizational interactions among a sharing consortium s members and leadership. Interactions with external stakeholders are also addressed. Face-to-Face Virtual 4

Technical Exchanges Executive Sessions Developing a Communications and Outreach Plan This describes the functional requirements for a communications plan to internally engage with consortium members and externally engage with stakeholders. Defining Metrics This describes the functional requirements for success measurements. Establishing a Timeline and Milestones This describes a basic timeline and milestones for maintaining operations. Thinking Ahead This describes the elements to consider for long-term strategic operations. List of References Infrastructure View Overview The infrastructure view leverages lessons learned and products from both the business and operational views to mature the technical products and IT infrastructure needed to sustain a sharing consortium s long-term operation and evolution. Establishing a Model for Sharing Cyber Threat Information This describes different types of models for sharing cyber threat information. Hub-and-Spoke Post-to-All Federated Hybrid Defining What You Are Sharing This describes the different types of threat information that is typically shared and how to represent that information in a structured manner suitable for both automated and cyber analyst ingestion. Developing Requirements for Sharing Tools This provides the functional requirements of a core set of software tools and capabilities that facilitate sharing. 5

Portal Collaboration Threat Repository Establishing Norms for Representing Threat Information This describes the role of cyber standards in sharing cyber threat information. Providing Secure Architecture for Sharing This describes the elements and functional requirements for the secure automated exchange of cyber threat information among the consortium members. Thinking Ahead This describes the elements to consider for long-term strategic operations. Establishing a Timeline and Milestones This describes a basic timeline and milestones for long-term strategic operations. List of References 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback