Implementing Intrusion (Cyber) Kill Chain -A Plenary Overview

Implementing an Intrusion (Cyber) Kill Chain 

The Intrusion (Cyber) Kill Chain is a phrase popularized by infosec industry professionals and introduced in a Lockheed Martin Corporation paper titled; “ Intelligence Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains”. 

The intrusion kill chain model is derived from a military model describing the phases of an attack. The phases of the military model are: find, fix, track, target, engage, and assess. The analyses of these phases are used to pinpoint gaps in capability and prioritize the development of needed systems. The first phase in this military model is to decide on a target (find). Second, once the target is decided you set about to locate it (fix). Next, you would surveill to gather intelligence (track). Once you have enough information, you decide the best way to realize your objective (target) and then implement your strategy (engage). And finally, you analyze what went wrong and what went right (assess) so that adjustments can be made in future attacks.

Lockheed Martin analysts began by mapping the phases of cyber attacks. The mapping focused on specific types of attacks, Advanced Persistent Threats (APTs) - The adversary/intruder gets into your network and stays for years– sending information, usually encrypted – to collection sites without being detected. Since the intruder spent so much time in the network, analysts were able to gather data about what was happening. Analysts could then sift through the data and begin grouping it into the military attack model phases. Analysts soon realized that while there were predictable phases in cyber attacks, the phases were slightly different from the military model.  The intrusion (cyber) kill chain shown below, describe the phases of a cyber attack.

The chain of events or activities are as follows:

  

Link in the Chain	Description
1.  Reconnaissance	Research, identification and selection of targets- scraping websites for information on companies and their employees in order to select targets.
2.  Weaponization	Most often, a Trojan with an exploit embedded in documents, photos, etc.
3.  Delivery	Transmission of the weapon (document with an embedded exploit) to the targeted environment.  According to Lockheed Martin's Computer Incident Response Team (LM-CIRT), the most prevalent delivery methods are email attachments,websites, and USB removable media.
4.  Exploitation	After the weapon is delivered, the intruder's code is triggered to exploit an operating system or application vulnerability, to make use of an operating system's auto execute feature or exploit the users themselves.
5.  Installation	Along with the exploit the weapon installs a remote access Trojan and/or a backdoor that allows the intruder to maintain presence in the environment
6.  Command and Control	Intruders establish a connection to an outside collection server from compromised systems and gain 'hands on the keyboard' control of the target's compromised network/systems/applications.
7.  Actions on Objective	After progressing through the previous 6 phases, the intruder takes action to achieve their objective.  The most common objectives are:  data extraction, disruption of the network, and/or use of the target's network as a hop point.

Lockheed Martin's analysts also discovered while mapping the intruder's activities, that a break (kill) in any one link in the chain would cause the intrusion to fail in its objective. This is one of the major benefits of the intrusion kill chain framework as security professionals have traditionally taken a defensive approach when it comes to incident response. This means that intrusions can be dealt with offensively too.

Lockheed Martin's case studies reveal that knowledge about previous intrusions and how they were accomplished allow analysts to recognize those previously used tactics and exploits in current attacks.  For example, mapping of three intrusions revealed that all three were delivered via email, all three used  very similar encryption, all three used the same installation program and connected to the same outside collection site. All of the intrusions were stopped before they accomplished their objective.

How did they do this? How can my company utilize this approach?

Monitoring and mapping is the key.

The following list contains some of the necessary components (not in any particular order) needed to do intrusion mapping and setting up the kill.

·         Network Intrusion Detection (NIDS)

·         Network Intrusion Prevention (NIPS)

·         Host Intrusion Detection (HIDS)

·         Firewall access control lists (ACL)

·         Full packet inspection

·         A mature IT asset management system

·         A mature and comprehensive Configuration Management Database (CMDB)

·         Device and system hardening

·         Secure configurations baselines

·         Website inspection

·         Honeypots

·         Anti-virus and anti-malware

·         Verbose logging – network devices, servers, databases, and applications

·         Log correlation

·         Alerting

·         Patching

·         Email and FTP inspection and filtering

·         Network tracing tools

·         Information Security staff trained in tracking and mapping events end-to-end

·         Coordination and partnering with IT, Application Owners, Database Administrators, Business Units and Management both in investigation and communicating the mapped intrusions.

In short, in order to implement intrusion kill chain activity a company needs to have a mature inter-operating and information security program. Additionally, they need trained staff that can investigate, map and advise 'kill' activities, keep a compendium of mapped intrusions, analyze and compare old and new intruder activity, code use, and delivery methods to thwart current and future intrusions.

The intrusion (cyber) kill chain is not an endeavor that can be successfully implemented in place of a comprehensive Information Security Program, it’s another tool to be used to protect the company's data assets.

The good news is if your company doesn't have a mature information security program there is a lot you can do while making plans to introduce an intrusion kill chains in your department's arsenal.

·         Educate your employees to watch for suspicious emails. For instance, emails that seem to be off – such as, someone in accounting receiving an invitation to attend a marketing conference. Let them know that they shouldn't open attachments included in email like this.

·         Make sure you have anti-virus and anti-malware software installed and up to date.

·         Start an inventory of your computing devices, laptops, desktops, tablets, smartphones, network devices and security devices.

·         You have an advantage over intruders. You know your network and what is normal and usual, they don't.  Notice user behavior that is not usual and look into it.  For example, a login at 2am for someone who works 9 to 5. Or an application process that normally runs overnight that is kicking off during the day.

·         Keep your security patches up to date.

·         Create and monitor baseline configurations.

·         Write, publish and communicate information security policies and company standards.

·         Turn on logging and start collecting and keeping logs. Start with network devices and firewalls and then add servers and databases.  Set up alerts for things such as repeated attempts at access.

·         Spend some time using search engines from outside your network to see how much information can be learned about your company from the Internet.  You'd be surprised how much you can find including sensitive documents.

All of these practices and activities give you more information about your computing environment and what is normal and usual. The more you know about your environment, the more likely it is that you will spot the intruder before any damage is done.

Disclaimer:- Before conclusion, on behalf of Team VOGH, I would like to personally thank Mr. Adrian Stolarski for sharing this remarkable article with our readers. I would also like to thank Ryan Fahey  of Infosec Institute for his spontaneous effort. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Implementing Intrusion (Cyber) Kill Chain -A Plenary Overview "https://www.voiceofgreyhat.com/2014/02/implementing-intrusion-cyber-kill-chain.html?m=0</a>

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:

• Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
• Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
• Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.

GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit"https://www.voiceofgreyhat.com/2013/05/GFI-LanGuard-2012-released-for-download.html?m=0</a>

Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime

Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime

The rising amount of cyber crime has already put the world of security under a serious threat. Since last five years we have seen many devastating cyber attack which have broken almost every security measure. In short, today the entire cyber space is posing a serious risk. To get rid of this situation many developed countries have already started taking required counter measure. Cyber awareness program, campaigns are going in almost every part of the world. Such steps and countermeasures were mainly limited to government and corporate, but now as we are sitting at the edge of cyber threat, so the security system should be more enhanced. While looking at the current status OXFORD University have came forward, and they are going to open a cyber hub to tackle these ongoing cyber challenges. Acceding to the official website of Oxford Mail - OXFORD University will get £1 million of investment in the next two years to fund a center to tackle cyber crime. Funding for the Government’s Global Center for Cyber Security Capacity Building has been announced by Foreign Secretary William Hague, who pledged £500,000 a year for at least the next two years. It will be based at the home of the Oxford Martin School, with the aim of combating activists and terrorists who are posing a growing threat to our national security and economy.

The school’s director, Ian Goldin, Oxford University Professor of Globalisation and Development, said: “The whole purpose is to address critical challenges of the future. The international scale of the challenge requires new research and connections with the business world, which is part of the school’s mandate.” The centre will be based at the Old Indian Institute, a former university library building, on the corner of Broad Street and Catte Street, which is currently being refurbished. Prof Goldin, whose new book Divided Nations explores the risks brought about by rapid globalization and technological leaps like the internet, said keeping up with criminals will be far from easy. He said: “We are in a race, or struggle, between people who want to keep systems safe and secure and those who – for whatever reasons that may be commercial, nationalist or anarchical – want to undermine the system. That won’t end. 

According to some legitimate sources it has been confirmed that the new center will be a beacon of expertise and put the UK at the forefront of cyber policy development. It will operate from Broad Street from September. The two-year funding will help pay for an additional 12 specialists. Sadie Creese will head the new center as professor of cyber security.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Oxford University Will Get £1 Million of Investment in Next 2 Year to Tackle Cyber Crime"https://www.voiceofgreyhat.com/2013/05/OxfordUniversity-Will-Get-1M-to-Tackle-Cybercrime.html?m=0</a>

NATO Prepared Tallinn Manual -International Law Applicable to Cyber Warfare

NATO Prepared Tallinn Manual -International Law Applicable to Cyber Warfare

NATO finally published the final version of a document expected to shape cyber warfare policies among Western nations was published last week, clarifying when and how countries can legally conduct online aggression against one another. The International law of Cyber Warfare have been  published by the Cooperative Cyber Defence Centre of Excellence (CCDCOE) set up in Estonia, in 2008, the Tallinn Manual on the International Law Applicable to Cyber Warfare. Spanning 215 pages, the Tallinn Manual makes it clear that a full-scale war can be triggered by network-borne attacks on computer systems and that civilian activists that participate in those are considered legitimate targets. However, the manual specifically rules out state-sponsored attacks on critical civilian infrastructure. Nuclear power plants, hospitals, dams and similar are all out of bounds for cyber war, the manual states.

The Tallinn Manual:-

The Tallinn Manual on the International Law Applicable to Cyber Warfare, written at the invitation of the Centre by an independent ‘International Group of Experts’, is the result of a three-year effort to examine how extant international law norms apply to this ‘new’ form of warfare. The Tallinn Manual pays particular attention to the jus ad bellum, the international law governing the resort to force by States as an instrument of their national policy, and the jus in bello, the international law regulating the conduct of armed conflict (also labelled the law of war, the law of armed conflict, or international humanitarian law).  Related bodies of international law, such as the law of State responsibility and the law of the sea, are dealt within the context of these topics.

The Tallinn Manual is not an official document, but instead an expression of opinions of a group of independent experts acting solely in their personal capacity.  It does not represent the views of the Centre, our Sponsoring Nations, or NATO.  It is also not meant to reflect NATO doctrine.  Nor does it reflect the position of any organization or State represented by observers. 

The Tallinn Manual is available in both paper and electronic copies from Cambridge University Press

-Source (IT News & CCDCOE)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NATO Prepared Tallinn Manual -International Law Applicable to Cyber Warfare"https://www.voiceofgreyhat.com/2013/03/Tallinn-Manual-International-CyberWarfare-Law-By-NATO.html?m=0</a>

President Obama & Congress Will Issue Long Awaited Executive Cyber Security Order

President Obama & Congress Will Issue Long Awaited Executive Cyber Security Order 

Last week we reported that Pentagon has declared that they are moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. Just one week after this declaration another crucial movement came from the U.S. government.  A secret legal review on the use of America’s growing arsenal of cyber weapons has concluded that President Obama has the broad power to order a pre-emptive strike if the United States detects credible evidence of a major digital attack looming from abroad. According to sources President Barack Obama will issue a long-awaited cyber security executive order this week. Two former White House officials told the publication that the order is expected to be released after Tuesday night's State of the Union address. 

Given his status as commander-in-chief, Obama seems to be the clear choice, but since cyber warfare is such a new and unknown thing, the government hasn't actually figured out the rules of engagement yet. In the past couple of decades, the power to use America's cyber weapons has been shared between the Pentagon and the various intelligence agencies. With the exception of a series of strikes on the computer systems that run Iran's nuclear enrichment facilities an attack that Obama ordered himself the U.S. hasn't launched any major cyber attacks in recent memory, however. This probably won't be the case in the future. So the government is working on new rules of engagement, as it realizes that the capabilities of cyber weapons are evolving at a startling rate. The rules will be not unlike the set that governs how drone attacks are ordered and who orders them. Cyber warfare certainly stands to affect the average American more, though.  On Capitol Hill this week, Rep. Dutch Ruppersberger (D-Md.) and Rep. Mike Rodgers (R-Mich.) are set to reintroduce the Cyber Intelligence Sharing and Protection Act (CISPA) during a speech at the Center for Strategic and International Studies.

According to an exclusive report the bill would allow the government to share classified cyber threats with the private sector so that those companies can then protect their systems from cyber attacks. The bill was killed last year due to privacy concerns. Civil-liberty groups argued that the bill allows companies to exchange too much personal information back and forth without regulation. 

-Source (Bloomberg, NY Times & Atlantic Wire)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">President Obama & Congress Will Issue Long Awaited Executive Cyber Security Order"https://www.voiceofgreyhat.com/2013/02/Obama-Congress-Will-Issue-Executive-Cyber-Security-Order.html?m=0</a>

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks

Cyber security has become one of the most sophisticated area of National security and defense, and in order to implement that Pentagon has increased their estimated expense on cyber security. And this deceleration has been made while publishing the budget late in last year. Now that implementation is getting executed as the Pentagon is moving toward a major expansion of its cyber security force to counter increasing attacks on the nation’s computer networks, as well as to expand offensive computer operations on foreign adversaries. This confirmation has came from defense officials. The expansion would increase the Defense Department’s Cyber Command by more than 4,000 people, up from the current 900, an American official said. Defense officials acknowledged that a formidable challenge in the growth of the command would be finding, training and holding onto such a large number of qualified people. The Pentagon “is constantly looking to recruit, train and retain world class cyberpersonnel,” a defense official said Sunday.

As part of the expansion, officials said the Pentagon was planning three different forces under Cyber Command: “national mission forces” to protect computer systems that support the nation’s power grid and critical infrastructure; “combat mission forces” to plan and execute attacks on adversaries; and “cyber protection forces” to secure the Pentagon’s computer systems. Cyber Command’s connections to the NSA are also leading some officials to ask how much of the expansion will be focused domestically, especially considering the opening of the NSA’s new, $2 billion Utah Data Center, scheduled to go live later this year. An unnamed "senior defense official" said that the agency’s efforts would remain focused outside US networks, unless it were asked to assist "another agency with domestic authority, such as the FBI." There is significant overlap between Cyber Command and the NSA — until recently, some employees of the former had nsa.gov email addresses, for instance — and there is some doubt that the nascent offshoot of US Strategic Command will be able to achieve true independence under NSA Director Alexander.

-Source (NY Times, Washington Post)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Pentagon Assigning More Experts to Boost Cyber Security & Protect U.S. Computer Networks"https://www.voiceofgreyhat.com/2013/02/Pentagon-to-Boost-up-Cyber-Security.html?m=0</a>

NSA Refused to Disclose Obama's Secret Cyber Security Directive

NSA Refused to Disclose Obama's Secret Cyber Security Directive

The cyber security directive of United States President Barack Obama has been twisted a little as the National Security Agency (NSA) has refused to release details of a secret presidential directive document that would establish a broader set of standards that would guide federal agencies in confronting Cyber threats. Several experts are presuming that the cyber security directive could allow the military and intelligence agencies to operate on the networks of private companies, such as Google and Facebook. According to the last week report by Washington Post, cited several U.S. officials saying that Obama signed off on the secret cyber security order, believed to widely expand NSA’s spying authorities, in mid-October. “The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyber war and cyber terrorism,” the report states.  

The Electronic Privacy and Information Center (EPIC), filed a Freedom of Information Act (FOIA) request to make the document public because it said the measure could expand NSA’s Cyber security authority. “Transparency is crucial to the public’s ability to monitor the government’s national security efforts and ensure that federal agencies respect privacy rights and comply with their obligations under the Privacy Act,” said EPIC’s request.
EPIC said that NSA denied the request on Nov. 21 arguing that it doesn’t have to release the document because it is a confidential presidential communication and contains information that is classified “Secret” and “Top Secret” by the agency. NSA said disclosure of the order could “reasonably be expected to cause exceptionally grave damage to the national security.” The agency said EPIC could file an appeal with the NSA/Central Security Service denial and EPIC said it plans to do so. The privacy group said it is litigating similar FOIA requests with NSA, including the release of NSPD 54, a 2008 presidential directive setting out the NSA’s cyber security authority. The group called NSA a “black hole for public information about cyber security” in an official statement to Congress earlier this year. National Security Agency whistle blower William Binney said in Mid July that the U.S. government is secretly gathering information “about virtually every U.S. citizen in the country”, in “a very dangerous process” that violates Americans’ privacy.
Former President George W. Bush signed a presidential order in 2002 allowing the National Security Agency (NSA) to monitor without a warrant the international (and sometimes domestic) telephone calls and e-mail messages of hundreds or thousands of citizens and legal residents inside the United States. The program eventually came to include some purely internal controls -- but no requirement that warrants be obtained from the Foreign Intelligence Surveillance Court as the 4th Amendment to the Constitution and the foreign intelligence surveillance laws require.

-Source (GSN Magazine & Press TV)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">NSA Refused to Disclose Obama's Secret Cyber Security Directive"https://www.voiceofgreyhat.com/2012/11/NSA-Refused-to-Disclose-Obamas-Cybersecurity-Directive.html?m=0</a>

Interpol, ITU & IMPACT Jointly Singed a Hostorical Agreement in Cybersecurity

Interpol, ITU & IMPACT Jointly Singed an Agreement to Exchange Information, Expertise & Enhance Cybersecurity

During the 81st INTERPOL General Assembly taking place in Rome, Italy a historical and very vital cooperation agreement has been singed. In an effort to further enhance cybersecurity around the world, International Multilateral Partnership Against Cyber Threats (IMPACT), the cybersecurity executing arm of United Nations’ specialised agency – the International Telecommunication Union (ITU) and the General Secretariat of the International Criminal Police Organisation – (INTERPOL), reached a historic milestone with the signing of a landmark ‘Cooperation Agreement’ between both international organisations. Through this Agreement, it allows both IMPACT and INTERPOL to exchange information, expertise as well as to enhance both organisations’ knowledge base in the field of cybersecurity. The Agreement will also see the cross promotion of capacity building activities aimed at the public and private sector and the civil society, with an objective to curb cyber crimes by protecting the cyber space and orchestrating a safer global community. 

The Cooperation Agreement paves the way for INTERPOL and ITU-IMPACT to effectively cooperate within the scope of their respective mandates and resources in the field of cybersecurity. This Agreement is also designed to provide a broad framework for such cooperation to take place and to establish a collaborative association, with a view to promoting cybersecurity capacity-building and addressing cyber threats on a global scale. Datuk Mohd Noor Amin, Chairman of IMPACT and Mr Ronald K. Noble, Secretary General of INTERPOL signed the Cooperation Agreement today, witnessed by ITU Secretary-General, Dr. Hamadoun I. Touré. With 144 countries now, part of the ITU-IMPACT coalition, IMPACT is entrusted with the task of providing cybersecurity support and services to ITU’s Member States and other organisations within the UN system. ITU-IMPACT’s global partnership now embraces over 200 industry, academia and international organizations. 

“This kind of cross-agency collaboration is essential to combating the increasingly serious problem of international cybercrime,” said ITU Secretary-General Dr. Hamadoun I. Touré. “For too long, cyber criminals have hidden behind national borders, hoping to escape detection or eluding the jurisdiction of national law enforcement authorities. This new partnership with INTERPOL represents a major step forward in our efforts to bring such criminals to book.”

Datuk Mohd Noor Amin, Chairman of IMPACT added; “The signing of this agreement is truly a landmark event for all of us. For the first time, we are effectively pooling together and merging the resources from INTERPOL’s community of police forces worldwide with ITU-IMPACT’s existing stakeholders from governments, telecommunications regulators, CERTs, ISPs, ICT industry and academia. ITU’s recent MOU with the United Nations Office of Drug and Crime (UNODC) further strengthens the partnership by potentially adding in judicial officers and prosecutors under the ITU-IMPACT umbrella. This coming together of various different, but important, stakeholders is vital if we are going to succeed against the cyber criminals and enhance international cybersecurity.”

-Source (PRWeb)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Interpol, ITU & IMPACT Jointly Singed a Hostorical Agreement in Cybersecurity"https://www.voiceofgreyhat.com/2012/11/Interpol-ITU-IMPACT-Jointly-Singed-Cybersecurity-Agreement.html?m=0</a>

India & Britain Enhancing Cooperation in Cyber Security to Reduce Cybercrime

India & Britain Enhancing Cooperation in Cyber Security to Reduce Cybercrime

Just a week ago on the sidelines of 3rd Worldwide Cybersecurity Summit, Telecom and IT Minister of India, Kapil Sibal said the Indian Government will invest $200 million in coming 4 years, in order to strengthen their cyber security infrastructure. Now another move has been taken by Indian Govt where India and the United Kingdom have decided to enhance cooperation for reduction of the risk of threats from cyberspace to international security and strengthen bilateral cooperation to tackle cyber crime. At a joint press conference with External Affairs Minister Salman Khurshid, British Foreign Secretary William Hague supported India’s bid for membership in four export control regimes. Britain, Mr. Hague said, also looked “forward to the time when India will have a permanent seat in the UN Security Council.” The two nations also finalized strategies on collaborating on building skills and capacities to tackle threats from cyberspace and to use ICT (information and communication technologies) for the objective of economic and social development. They also held discussions on using existing cooperation between universities and business communities to develop synergy in research and development on cyber issues.

Besides the cyber issues, both sides discussed bilateral, regional and international issues of mutual interest.

Henceforth, India and the UK would conduct their Cyber Dialogue on a bi-annual basis to achieve these objectives, said an official release issued by Indian External Affairs Ministry. 

While talking about India-Bratain cooperation in Cyber Security, we would also like to remind you that in 2011, a Cyber Shield deal Between India & US was made. Also in this year India and Israel have agreed to launch a long-term joint program worth USD 10 million annually to facilitate research on Cyber-Security.

-Source (The Hindu)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">India & Britain Enhancing Cooperation in Cyber Security to Reduce Cybercrime"https://www.voiceofgreyhat.com/2012/11/India-Britain-Enhancing-Cooperation-in-CyberSecurity.html?m=0</a>

DHS & Public Safety Canada Started Joint Cybersecurity Action Plan

DHS & Public Safety Canada Started Joint Cybersecurity Action Plan

A joint venture Cyber Security plan has been announced by US Department of Homeland Security and Canada. According to the official website of Public Safety Canada - PS Canada along with the Department of Homeland Security (DHS) are pursuing a coordinated approach to enhance the resiliency of our cyber infrastructure. The Cybersecurity Action Plan (the Action Plan) between PS and DHS seeks to enhance the cybersecurity of our nations through increased integration of PS' and DHS' respective national cybersecurity activities and improved collaboration with the private sector. This Action Plan represents just one of many important efforts between Canada and the United States to deepen our already strong bilateral cybersecurity cooperation.

As the Internet knows no borders, all countries have a responsibility to prevent, respond to, and recover from cyber disruptions and to make cyberspace safer for all citizens across the globe. Due to a shared physical border, Canada and the United States have an additional mutual interest in partnering to protect our shared infrastructure. This Action Plan aims to articulate a shared approach to fulfill PS' and DHS' vision of working together to defend and protect our use of cyberspace and to strengthen the resiliency of our nations. These efforts, combined, advance the objectives articulated by President Obama and Prime Minister Harper in the February 2011 declaration, Beyond the Border: A Vision for Perimeter Security and Economic Competitiveness.

This Action Plan outlines three goals for improved engagement, collaboration, and information sharing at the operational and strategic levels, with the private sector, and in public awareness activities, for activities conducted by PS and DHS. The Action Plan establishes lines of communication and areas for collaborative work critical to enhancing the cybersecurity preparedness of both nations. The Action Plan's goals and objectives are to be conducted in accordance with the June 2012 Statement of Privacy Principles by the United States and Canada. This Action Plan is intended to remain a living document to be reviewed on a regular basis and updated as needed to support new requirements that align to the Plan's key goals and objectives. It intends to support and inform current and future efforts to advance the goals of Beyond the Border, which ultimately seeks to enhance broad bilateral cooperation on cybersecurity efforts across both governments.

Goals and Objectives:-

1. Enhanced Cyber Incident Management Collaboration between National Cybersecurity Operations Centers

PS' Canadian Cyber Incident Response Centre intends to work jointly with DHS' United States Computer Emergency Readiness Team and Industrial Control Systems Cyber Emergency Response Team towards the following objectives:

• 1.1 Increase real-time collaboration between analysts by improving existing channels for remote communication and arranging in-person visits;
• 1.2 Enhance information sharing at all classification levels and collaborate on training opportunities, while promoting inter-agency coordination, as appropriate, as well as the proper protections for information, as outlined in the Statement of Privacy Principles;
• 1.3 Coordinate on cybersecurity incident response management, relating to defense, mitigation, and remediation activities and products, including with other public and private entities consistent with each country's laws and policies;
• 1.4 Align and standardize cyber incident management processes and escalation procedures; and
• 1.5 Enhance technical and operational information sharing in the area of industrial control systems security.

2. Joint Engagement and Information Sharing with the Private Sector on Cybersecurity

Due to the shared nature of critical infrastructure between Canada and the United States, PS and DHS intend to collaborate on cybersecurity-focused private-sector engagement for cybersecurity activities for which they are responsible through the following objectives:

• 2.1 Share engagement approaches for private sector;
• 2.2 Exchange and collaborate on the development of briefing materials for the private sector;
• 2.3 Jointly conduct private sector briefings;
• 2.4 Review approaches and align processes for private sector engagement through requests for technical assistance and non-disclosure agreements; and
• 2.5 Standardize protocols for sharing information.

3. Continued Cooperation on Ongoing Cybersecurity Public Awareness Efforts

Cybersecurity is a shared responsibility and everyone, including our citizens, has a role to play. With increased media attention devoted to cybersecurity incidents and with the continuing growth of electronic commerce and social media, it is imperative that citizens receive clear and trustworthy information on how to manage cyber threats to themselves and their families. Ensuring that government's cybersecurity awareness messages are consistent across our border helps to deliver that information effectively and consistently. PS Communications, the DHS Office of Public Affairs, and the National Protection and Program Directorate's Office of Cybersecurity and Communications (CS&C) intend to continue to work together as they:

• 3.1 Collaborate on public awareness campaigns (websites, social media activities, education material, etc.);
• 3.2 Collaborate on Cybersecurity Awareness Month (October); and
• 3.3 Share and coordinate messaging on issues of common interest.

Governance of the Joint Action Plan:-

Senior officials within PS and CS&C intend to review and provide additional guidance in order to update this Action Plan on a quarterly basis. This Action Plan is intended to be a part of broader inter-governmental coordination across government agencies in both the United States and Canada.

To Download The Full Cybersecurity Action Plan Between Public Safety Canada and the Department of Homeland Security Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DHS & Public Safety Canada Started Joint Cybersecurity Action Plan"https://www.voiceofgreyhat.com/2012/10/DHS-PSCanada-Started-Joint-Cybersecurity-Plan.html?m=0</a>