Introductions, Agenda, Industry Update
As is customary in Security Forum meetings, members started their meeting by reviewing
the agenda to clarify expectations and adjust the focus of
specific meeting sessions to meet these expectations. They then reviewed the actions from
the previous meeting (April 2006, Washington DC) to establish the status of our current
projects and plan what progress we expect to make on them in this meeting.
Members then shared news and views on conferences and other events and industry
developments which they felt were significant over the past three months (since the previous
conference).
Relationships with Other Forums and Groups
Discussion with the Identity Management Forum and its overlap with the Security Forum's
agenda was extended to consider the relationship between the Security Forum and overlaps
with the Jericho Forum. It was noted that the Jericho Forum membership and objectives are
focused more on requirements, which compares with the Security Forum members' focus more on
considering how best to propose and develop standards and best practices responding to
information security problems. Further discussion concluded that we should consider the
opportunities to leverage the strengths of all these Forums to work together to best
effect, including with our other strategic alliance with the American Bar Association. We
will hold teleconference discussions with the key contacts in these groups to explore
mutually agreeable ways to re-organize to best advantage.
Security Strategy White Paper
The latest draft for our Security Strategy White Paper was presented. Discussion on the
drivers for security in today's business environment identified four areas: audit, legal,
policy, and technology. Representing these diagrammatically as four spokes with "Line
Management & IT Security" at the hub, we have an inner circle. We can then create
at least the start of an outer circle which includes business dependencies on information
technology driving the demand for improved technology, business executives driving the
legal area, and regulators driving the auditors. These spokes each generate their
own security view (perspective) which requires us to balance each view's competing demands
and resolve each view's conflicts.
The technical principles in the strategy are currently the Jericho Forum commandments.
These give rise to significant concerns over apparent naivety and in contradiction in some
instances. Ian presented some Jericho Forum review materials on mapping, to indicate how
members of the Jericho forum are interpreting these commandments. It was agreed that they
do form a starting point for development of security principles in the
Strategy White Paper.
Members received a presentation on the Jericho Forum
positioning papers, which represent potentially valuable contributions to our
Security Strategy White Paper. First versions of released papers are published on the Jericho Forum
public web page. Other papers are in progress and proposed, and will be added to the
released list as soon as they are available. The consumers of these papers are Jericho
Forum followers. They are also aimed at informing the security vendor community
of what
kind of security solutions Jericho Forum followers want to buy for securing their
de-perimeterized IT systems in future, in the hope that these vendors will be encouraged
to develop such solutions. It was noted that if you can't effectively defend your
perimeter then you must defend your data - so this approach aligns well with control of
electronic assets, which is a major theme in our collaboration with the ABA Cyberlaw
section.
From this discussion, members considered the opportunity to stage a
security plenary
meeting in our January 2007 (San Diego) conference, where we could follow on from the Jericho
Forum's Seattle meeting (September 21-22) to stage a series of presentation on how the Security
Forum embraces it. There are significant gaps in understanding between what technologists
and business managers see. A plenary meeting comprising public informational sessions on
security strategies and cross-functional impacts - based on security being the resolver
for the different functional groups and interest areas (including lawyers, auditors,
regulators, enterprise IT managers, legislators, e-Government) - would seem to appeal to a
wide audience. We noted that the main driver for security budgets today is compliance
concerns - not so much audit findings, but fear of being found deficient in compliance with
seemingly ever-tighter audit metrics. If we take this approach too we need to remember the
lessons learned from our Active Loss Prevention efforts several years ago, and generate a
structure dialog which includes statement of work proposals that are architecture-related.
The theme should be "work with us to achieve good things". Members took an
action to explore this opportunity, recognizing the tight timescales we have to work to if
we are to run such an event in January 2007.
An associated activity arising from this Security Strategy White Paper is our next
collaboration with the ABA Cyberlaw section, to develop guidelines on Information/Data
Management. Current trends in legislation indicate alignment with security of data rather
than firewalled, perimeterized IT systems - secure data management. Members recognized
that this discussion is more of a prospectus than what we really need here, which is a
definition of what this would represent as a work item - deliverables, starting premises,
and plan to engage the requisite resources to achieve the goal(s). However, the
White Paper
should include this as one of its outcomes, so our current focus should be to complete the
White Paper.
Trust Models
Actions were agreed aimed at completing handover of this draft document to the Jericho
Forum for integration into their Trust Models development project, which is expected to
result in publication of an overarching Trust positioning paper, with subsidiary
supporting trust models papers which will include the material compiled to date in this
Security Forum draft.
Common Criteria Version 3
The Common Criteria Version 3 make significantly greater demands on vendors, and there
is concern that these additional demands are disproportionate to the intent and need. The
members heard a presentation that described what the presenter feels needs to change, and
the opportunities for the Security Forum to make representations in support of these
changes. Open standards are our core business, so we will evaluate the issues with a view
to considering running an open meeting in the January 2007 San Diego meeting, to which we will
invite people with interest in developing proposals for modifying the Common Criteria
Version 3 so that they better reflect what the Common Criteria approach was originally
intended to achieve, while reducing the currently excessive cost and resources that
Version 3 requires to satisfy them. It is felt that The Open Group's neutral environment
is a good place to conduct this evaluation and deliver high-quality recommendations.
Identity Management
The identity management projects are jointly addressed by members of the Security Forum
with the Identity Management Forum. The whole Wednesday of the Security Forum meeting was
devoted to participation in the Identity Management Forum agenda. See separate
report.
Collaboration with the Jericho Forum
(A Jericho Forum member joined the meeting by teleconference for this
item.)
Ian confirmed feedback from the
Jericho Forum Board of Management that they are interested in collaborating with the
Security Forum in three main areas:
- Application of "Security in
Data" components to the Jericho Forum security problem
- Application of design patterns
to the Jericho Forum security problem
- Security Strategy
White Paper
& Jericho Forum Commandments
Additionally, the Jericho Forum's positioning papers provide interesting material for
evaluation as contributions to the Security Forum's Strategy White Paper, while the
Security Forum's Trust Models draft document is a significant contribution to the Jericho
Forum's work on Trust Models.
Security in Data
The Security in Data slide
presentation explains that the old
model (security integrated into systems and applications) has failed, because systems and
applications are too big and fragile, and security policy (and composition) has become
intractable. What we should do instead is take security out of systems and applications,
and put it into tiny, highly-assured appliances (call them Moates) in an environment where
all traffic is routed through a single point (call this Wye), and invent a new set of
system-design patterns which combine these appliances with security-free, general-purpose
systems in new, secure ways. The presentation defined the characteristics and security
assumptions of a High Assurance Security Appliance (HASA) and put it into context with a
"protected system". It then considered the Multiple Independent Levels of
Security (MILS) market, with its enterprise customer need for information assurance, and
how we should expect that market to grow significantly over the next
two-three years. We then
considered key issues and implications of surrounding the integration of the MILS
configuration with a HASA, then how this impacts the real-time Supervisory Control and
Data Acquisition (SCADA) market, and finally how the SCADA environment fits with
HASAs. It
was agreed that a project along these lines is likely to be of interest to the Jericho
Forum members:
- It reduces the attack surface significantly.
- Some major Jericho members operate very much in the SCADA environment.
- The closer you get to the control point, the better is the security.
It was agreed we should include on the Jericho Forum Seattle meeting agenda an item to
introduce this approach as a significant Jericho Forum area of interest.
Design Patterns
It was noted that our Security Design Patterns Catalog is deeply conservative in the
traditional information security mould - if you use it you will arrive at something
aligned with the old Orange/Red books. It assumes a design space that is tight compared
with what secured devices demand in today's environment, and is tunnel-type - not aligned
with the concept of using inherently secure protocols. It does not describe any patterns
along the lines of security in data. Discussion on other books available on design
patterns noted that Schumacher's later book shows less rigor than we demanded in our
catalog, but we are content that the attention to detail in our catalog is crucial to the
quality of the resulting pattern definitions. Even so, the consensus in the current
patterns community is that less rigor is acceptable. If the Jericho Forum is to make a
real impact on the security design community then we really need to express its principles
(commandments) in a form that is concrete enough for design purposes, so we believe the
Jericho Forum should be interested in developing re-usable design patterns.
Extending this argument - it is a logical extension of having working principles to
articulate them in a formal definition process, and preferably one that is re-usable as a
building block. It was agreed we should include on the Jericho Forum Seattle meeting
agenda an item to introduce this approach as a significant Jericho Forum area of interest.
Security Strategy
For convenience and coherence of reporting, this is covered in the Security Strategy
section at the beginning of this Report.
In consideration of the Security Forum's vision for developing a mutually beneficial
working relationship with members of the Jericho Forum, then depending on the Jericho
Forum's response to these proposals, we will explore opportunities to co-locate
Security & Jericho Forums members meetings in future.
