Coordinating incident response at Internet scale as a concept sounds fabulous, but can we achieve it? What will it take?
For those working in incident response and information sharing efforts, we know there is much to be done. While there is a lot of good work progressing this area of information security, there are still very few resources skilled in forensics and mitigating threats. The CARIS workshop will bring together diverse sets of experts to collaborate and better scale their efforts.
Last year, I wrote a blog series on the problems in the space which offered ideas on how to progress in a way that helps not only the large organizations with resources to participate, but also smaller organizations with no resources. The smaller organizations are still part of the supply chain, hence the motivation to assist them. You can find more information within my blog series: Driving Towards More Effective Sharing Models.
One of the key takeaways, is the need for coordination among those driving efforts to progress this space. This includes those running attack type mitigation efforts (APWG, ACDC, etc.), operators at service providers, regional CSIRTs, security professionals at large organizations, researchers and vendors. Coordination requires getting these folks into the same room to see how we might collectively advance this space and have a greater impact with the few resources dedicated to these activities. The Internet Architecture Board (IAB) and the Internet Society (ISOC) CARIS workshop is set to take place on June 19th, the last day of the FIRST conference in Berlin.
CARIS calls for active participation of attendees, with a requirement to submit a research paper or fill in a template on your organizations sharing and mitigation efforts. All research papers accepted will be published on the IAB CARIS site and the template information will be shared out with participants via ISOC. The template will provide information needed for organizations to participate in each other’s efforts, potentially reducing duplication of effort and improve scaling of resources. This increased coordination of threat information may help with automation through the involvement of vendors and to directly address threats where they can be mitigated or stopped by service providers, CSIRTS, or threat specific working groups. One goal of this coordination is to more efficiently address threats for all, rather than limiting activity to sharing by organizations with adequate resources. This requires coordination among those with resources. The database of sharing efforts has the potential to increase collaborative efforts by involving communities such as the service providers and vendors who may be able to more quickly address such threats. Bringing this diverse crowd into a full day workshop could be a catalyst to enable future collaboration between organizations.
We look forward to your submission and collaboration!
The call for papers is open until April 3, 2015.
The post Coordinating Incident Response at Internet Scale (CARIS) appeared first on Speaking of Security - The RSA Blog and Podcast.