Intrusion Attack Exercise - Report
This meeting was attended by 10 members and 3 Open Goup staff.
Bob Blakley and Jane Hill are the creators and producers/directors of this workshop.
They have named it (for the present time at least) "Saving Private Data".
The workshop will be delivered as part of the plenary at The Open Group conference in San
Francisco Airport Area on 3-7 February 2003.
It will be in 2 Acts. Act1 will be put on on the Monday afternoon and in several scenes
it will cover the discovery of the intrusion and the immediate responses by the attacked
organization. This will be followed with a panel session which discusses the immediate
responses, their effectiveness, and the immediately perceived consequences.
There will be the usual networking reception on the Monday evening where we hope the
audience will discuss it all and so come to the Tuesday morning plenary with their own
views on what has been enacted.
Act 2 on the Tuesday morning will play out scenes that illustrate the consequences of
the intrusion attack and the effect and consequences of the actions taken by the
organization in response. This will be followed by a further panel session and perhaps a
closing keynote.
The Open Group's scheduling plan for the San Francisco conference must include a
private workshop rehearsal on Sunday morning (2 Feb) for Bob and Jane to rehearse the
actors in the 2 workshop sessions. Also, we should plan for a workshop cast party on the
Tuesday evening.
Bob and Jane have identified the acting parts in both Act 1 and Act 2, and have blocked
the scenes. They will have completed scripting all the scenes by the end of October. Jane
explained that rather than give the actors a verbatim script, they will run it like a
murder mystery game where the actors have a brief to reveal and perform a minimum set of
things by certain points in each scene. Bob and Jane will moderate and provide continuity
commentary throughout both Acts.
We expect that the workshop performances - and possibly the panel discussions that
follow - will be recorded on video, and maybe Webcast.
The ALPI and Security Forum members are strongly supportive of this workshop and invited
Jane and Bob to call on members for any assistance they need. As a start, several members
volunteered to review and comment on the script when the 1st draft is completed (by the
end of October).
Bob and Jane are in the process of identifying the props they will need for Acts 1 &
2. Ian confirmed that he will coordinate with The Open Group's conference management to
provide these. Bob and Jane listed the following currently known props they will need:
- something that looks like a server class computer hardware system, vertical cabinet
form, preferably with impressive dials, switches, maybe a bit of movement (e.g. a magnetic
tape transport).
Maybe there is a local company who might supply something and be credited as a sponsor
- a pair of working handcuffs, complete with keys
- a total of 9 mobile microphones for all the actors
- house lights that can be controlled up & down
- at least one narrow spotlight and one broad spotlight
- a table with 7 chairs
- 2 phones that ring
- a small table with 1 chair
- some supporting theatrical make-up for the actors
US Govt Critical Infrastructure Report on Security
The US Government White House Report on "National Strategy to Secure
Cyberspace" is now available from www.whitehouse.gov/pcipb. The covering letter on
the Report (from Richard Clarks and Howard Schmidt) invites comments, with closing date of
18 November 2002.
Howard Schmidt is our proposed keynote speaker in the next (San Francisco) conference
plenary. It was suggested we could use that opportunity for an interactive discussion with
him on this National Critical Infrastructure Protection Report. As a result of further
discussion on this, it was agreed that having Howard Schmidt with us in San Francisco does
represent a good opportunity, but that this opportunity has to be put into the correct
context with The Open Group's conference management, bearing in mind the special keynote
speaker status. Our understanding is that Howard's acceptance to be our keynote speaker is
conditional on The Open Group arranging for other consortia relevant to delivering
against the National Critical Infrastructure Protection proposals also being presenters in
our plenary.
Discussion then centered around whether we feel it appropriate and practical to prepare
and submit a response from The Open Group's Security Forum and ALPI, bearing in mind the
18 November deadline. It was agreed that any response would be submitted from the
"security and risk management experts in The Open Group", with no member
identified personally or by organization. In a round-the-table input of concluding
comments, no-one objected, and it was noted that the great benefit of submitting comments
by the 18 November deadline is that we would be able to point to that response in any
follow up discussion with Howard Schmidt in the February San Francisco meeting.
Additionally, this White House Report is a landmark document from the US Government on our
specific area of expertise - information security - so we should not ignore it. As one
member said: "if not us then who? - and if not now then when?" The Open Group
can claim a special position to submit comments from an international consortium
perspective.
In discussion on the content of the Report, it was noted that this review version is much
less prescriptive than was originally proposed, so comments suggesting that voluntary
compliance and support is unlikely to work will probably be received well because they
will strengthen the case for legislation to introduce new regulations enforceable in law.
Much of the report is good advice to educate the public - it recommends lots of things
that are inherently good. However, many of them are impractical to
implement in information security technology so will have no real effect on protecting the
national infrastructure, and in this regard the Report fails in many ways as a proposal
for how to protect the national critical infrastructure. Some felt the greatest failing is
that the US Government has authority to do things about the problem yet it is asking
individuals and businesses to do it voluntarily an absorb all the costs involved.
Further comments were that the Report does not help understanding of the issues.
because its presentation mixes different issues in a way that does not flow well at all.
Also, from the information security technology viewpoint, much of what it proposes is
unimplementable in technology form - we should advise assessors of responses to beware of
anyone claiming otherwise.
An opportunity we might take is to suggest there should be some kind of rating scheme
for acceptable information security procedures and practices in all sectors of
personal/private and business and government activity. We could also mention the
desirability of enforcing accountability
on product suppliers and creating the right economic & liability incentives to
encourage voluntary adoption of the Report's recommendations.
We also noted critical comments on the Report, from Markus Ranum and Bruce Schneier on the
Counterpane Web site.
On the Intrusion Attack Workshop, we have 1st week in November as the next milestone
(for review of the draft script), and ongoing actions to support Bob Blakley and Jane Hill
in their emerging requirements on staging the event in the plenary at the San Francisco
conference.
On the US Government White House Report on "National Strategy to Secure
Cyberspace":
Based on this discussion, we will share a short paper summarizing the points we have
discussed and suggesting what our response should say. Ian Dobson will then coordinate
discussion on this short paper, to agree our formal response from The Open Group.This
section will indicate what was produced during the meeting.This section will indicate what
is going to happen next.
