Fighting Cyber Crime: CASES The BEST Value Proposition http:Security'WebUrb'dkframeEWISdocCASES'html

1
Fighting Cyber CrimeCASES The BEST Value
Proposition http//Security.WebUrb.dk/frame/EWIS
doc/CASES.html
2
What are the Challenges for Civil Society

• home users going online
• broadband
• always online (e.g., with cable)
• wireless
• running an access point at home
• server
• anti-virus
• firewall
• distributed denial-of-service (DDoS) attack

• Yes IPv6
• will parti-
• ally fix the
• problem

Users dont Want to pay!

• This increases users
• risks for virus infections, hacking and DDoS
  attacks
• costs (e.g., anti-virus solution for server
  1,250.00)

3
How Can CASES Help?

• Cyberworld
• Awareness and
• Security
• Enhancement
• Structure

• We need CASES to improve security for society but
  in particular for
• home/private user or public, and
• small and medium-sized enterprises (SMEs)

4
What is CASES? http//Security.WebUrb.dk/frame/EW
ISdoc/CASES.html

• Trans-national effort for data and information
  sharing
• focuses on
• coordinating efforts regarding critical
  infastructure protection of data and information
• Internet
• electricity grids
• health,
• telecommunication networks
• e-government
• e-commerce and
• others (e.g., industry and regional networks)

5
What is CASES? http//Security.WebUrb.dk/frame/EW
ISdoc/CASES.html

• pan-European interest by several countries
  including but not limited to
• Belgium promoter (contact martine.ducobu_at_ibpt.b
  e)
• Italy
• Luxembourg
• UK
• Finland, France, Netherlands, Spain, and others
• Candidate Member States
• Slovenia and others
• Affiliates
• Switzerland
• Norway
• and others

6
What will CASES do?

• Preparation and distribution of best practices
  material for target groups/markets
• educational materials
• awareness
• Verification and distribution
• warnings alerts
• collection of information from sources
• Warning, Advisory Reporting Point(s) (WARPs)

7
How Does CASES Support and Leverage Efforts Made
by the European Network and Information Security
Agency?

• CASES
• is hierarchically under the European Network and
  Information Security Agency (ENISA)
• ENISAs steering committee is suggested to be
  made up of 6 people nominated by the Council and
  6 by the Commission
• CASES will link to the ENISAs advisory council
  of 9 experts that is charged to interface with
  Member States activities

8
CASES Structure
CASES enables countries to share information,
leverage expertise and improve cybersecurity
9
How Does CASES Differ from European Cybersecurity
Agency?

• CASES is not limited to EU focuses on
• developing/measuring benchmark figures supporting
  eEurope Action Plan - 2005
• statistics (what incident, where, how damage
  caused - RISK management)
• Improving awareness and defense mechanisms
• developing educational tools
• communicating information to
• managers and decision-makers
• system experts
• users
• through partners (e.g., CERTs media)

• European Network and Information Security Agency
  is an EU organization that does such tasks as
• strategy
• policy, and
• regulation
• while incorporating information provided by CASES
  amongst others to further facilitate its
  important work

10
How Does CASES differ from CERTs?

• A CERT may
• offer services for a subscription fee
• private versus public CERTs
• have a very narrow defined constituency, such as
• government agencies (e.g., dept. of defense)
• firms that subscribe and pay for particular
  services (e.g., alerts)
• firm provides CERT type of services to external
  clients
• large firms CERT for internal clients and
  divisions
• provide on site help fire services
• technical help

This can limit information sharing and creating
of synergies amongst different CERTs
11
How Can CASES Help Governments Society?

• CASES national nodes provide
• threat assessments,
• statistical data,
• identify trends and
• warn about new vulnerabilities
• to all constituencies (organizations and private
  citizens)

Improve information sharing and creating of
synergies across agencies, CERTs, vendors and
the public
12
What Resources are Needed to Run a a CASES
National Node?

• human resources
• could be from 2-6 people,
• resources already in-house (e.g., government
  CERT),
• being available on a flexible schedule
• securing 27x7x365 coverage with other national
  nodes
• UK is back-up for Luxembourg during Christmas eve
  2003 and vice versa for Pentacoste 2004
• team must have
• good technical, and
• incident handling skills

13
What Resources are Needed to Run a CASES National
Node Effectively?

• Essential is such as
• hardware and software budget,
• Internet browsing capabilities,
• several e-mail accounts with at least 2
• running on different infrastructure providers
  (e.g., telecom, cable and wireless)
• ISPs using different backbone providers and
• different Internet exchange services if at all
  possible
• several telephone lines, fax, mobile phones,
  pagers, laptops,
• encryption/digital signature capabilities,
• trusted communication facilities
• up to date windows OS, plus mail programs,
• backup facilities
• research machine with UNIX/Linux, and
• training and travel budget

14
Where are the Synergies with FP6?
C A S E S

• CAMDIER develops

• categorization and naming schemata needed for
  malicious code / viruses
• database for such code with graphical and other
  interfaces
• thereby helping CASES in its efforts to provide
  an accurate picture about cybersecurity on the
  Internet regarding malicious code and viruses
  (e.g., statistics and benchmarks)

15
Conclusion

• Society needs IT security services that are
• complementing CERTs but not replacing the latter
• low regarding start-up and resource costs (i.e.
  cost-effective),
• versatile and flexible,
• geared to information sharing, while leveraging
  of scarce resources,
• promote security, trust and confidence, and
• support training and awareness efforts

16
Conclusion CASES can Help

• CASES is intended to establish a network of
  national nodes for information sharing across
  borders regarding
• national virus warning alert schemes including
  other CASES National Nodes,
• CASES coordination/management node,
• CERTs and Warning, Advisory and Reporting Points
  (WARPs) in industry (e.g., electricity EoN),
• education awareness initiatives, and
• vendors who provide warning (vulnerability
  alert) material

17
Conclusion CASES TIME Table

• Tenders have been requested
• Proposal for trial operation / incubator will be
  written and submitted to promoter (BE) by May
• Trial starts June 2003
• setting up national nodes
• implementing trusted communication
• implementing system for data collection and
  distribution of information
• developing of best practice, awareness and
  educational material
• statistical analysis and trends

18
Conclusion -- CASES as a Value Proposition

• Fire Marshalls provide information about chemical
  fires accumulated and recorded in a database,
  cases provide the insurance industry with
• risk data permitting the
• setting of insurance rates for offering clients
  the option to insure their assets against
  chemical fires
• CASES provides a comprehensive national
  international picture about computer viruses,
  malicious code, vulnerabilities and hacking
  attacks permitting firms governments to use
  these data to
• obtain risk information for
• deciding about what, how, when and why to invest
  in IT security as a value proposition

19
Conclusion

• Reducing the risk for cybersecurity incidents
  with CASES is far cheaper than extinguishing
  numerous annual brush fires regularly

• Leveraging scarce resources amongst participating
  nations to further protect
• e-government/e-commerce efforts, while
• facilitating Internet access/use for citizens and
  SMEs

20
Resources Dependability and Cyber Security

• Newslwetter-Archive (newsboard)
• http//security.weburb.dk/frame/newsletters/other/
  information_security.html
• Subscribe to weekly IT security newsletter for
  FREE by sending an empty e-mail to
• Security-Subscribe_at_NewsWebUrb.dk
• Comprehensive solutions against viruses, spam
  and hackers for citizens from
• http//www.BullGuard.comFree Trial

21
Resources Dependability and Cyber Security

• CASES temporary home with much info about the
  project can be visited here
• http//Security.WebUrb.dk/frame/EWISdoc/CASES.html
  
• more documents at this link
• http//brief.weburb.dk/frame.php?locview/subjects
  /cases.html
• See you May 10-13, 2003, at the IT security
  conference of the year
• http//Conference.EICAR.org