internet service provider information sharing analysis center n.
Skip this Video
Loading SlideShow in 5 Seconds..
Internet Service Provider Information Sharing & Analysis Center PowerPoint Presentation
Download Presentation
Internet Service Provider Information Sharing & Analysis Center

Loading in 2 Seconds...

play fullscreen
1 / 25

Internet Service Provider Information Sharing & Analysis Center - PowerPoint PPT Presentation

  • Uploaded on

Internet Service Provider Information Sharing & Analysis Center. (ISP-ISAC) Looking For Feedback and Participation. ISACs: Background.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Internet Service Provider Information Sharing & Analysis Center

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
internet service provider information sharing analysis center

Internet Service Provider Information Sharing & Analysis Center


Looking For Feedback and Participation

isacs background
ISACs: Background

An Information Sharing and Analysis Center (ISAC) is loosely defined in President Clinton’s 1998 Presidential Decision Directive 63 (PDD-63) as a “mechanism for gathering, analyzing, appropriately sanitizing and disseminating private sector information … for sharing important information about vulnerabilities, threats, intrusions and anomalies”

isacs background continued
ISACs: Background continued…
  • ISACs were suggested by the President’s Committee on Critical Infrastructure Protection (PCCIP) in their October 1997 report CRITICAL FOUNDATIONS: Thinking Differently
  • The basic idea is to share, correlate, and analyze information in order to protect critical infrastructure
  • ISACs currently exist or are planned for financial services, telecommunications, transportation, and the power utilities
isp isac proposal
ISP-ISAC: Proposal
  • IOPS, together with a few other ISPs and service providers, thought it would be good for the industry to create an ISP-ISAC to solve problems that cross the boundaries of economics and competition; the design would allow for participation by a wide range of service providers
  • The proposed goal for this ISAC is: to help coordinate the resolution of Internet problems and to help protect the Internet
isp isac proposal continued
ISP-ISAC: Proposal continued…

This goal will be achieved through:

(a) Communication – by creating and using a framework in which information about incidents can be shared by ISPs in real-time, in order to mitigate the impact and duration of these incidents

isp isac proposal continued1
ISP-ISAC: Proposal continued…

(b) Analysis – by creating and using ISP-ISAC databases of both active events and informational reports of vulnerabilities, configuration issues, etc. in order to establish best practices, identify common hardware & software problems, and otherwise forewarn against possible future problems

isp isac operating plan
ISP-ISAC: Operating Plan
  • The ISAC collects data through reports about outages, incidents, concerns, and advisories submitted by members or collected from other sources
  • The ISAC manages tickets for active issues (opening, notification, resolution, closure)
  • Members are alerted to both current incidents and other significant data
isp isac operating plan cont
ISP-ISAC: Operating Plan cont…
  • The ISAC maintains databases of past issues and important network-related information
  • Analysis and correlation are performed to determine severity and possible relation to other data & reports
isp isac organization plan
ISP-ISAC: Organization Plan
  • The ISAC will be a Limited Liability Company or a Not-For-Profit
  • A support contractor will be hired who will operate and maintain a 7x24 system that meets the requirements and who will handle the day-to-day details
  • Budgetary estimate of annual membership fee (to cover costs): $5000-$7000
isp isac lessons learned from previous attempts
ISP-ISAC: Lessons Learned from Previous Attempts
  • Nothing is perfect
  • Nothing will work for everyone
  • Getting Operators to do this manually is both difficult and cruel; automation is key
  • No one wants to give up any information without getting something first
  • No one trusts anyone, so a non-ISP 3rd party vendor is crucial
  • This function MUST be someone’s job(or it won’t get done)
isp isac proposed requirements
ISP-ISAC: Proposed Requirements
  • Possible multiple databases (Active Issues, Historical Issues, Informational database)
  • Multiple input types (web, formatted email) for initiating reports
  • Multiple notification methods (pager, cell, email, etc.) for notification, set by each ISP
  • Adjustable priorities with appropriate, adjustable notification methods (i.e. High priority = pager vs. Informational = email only)
isp isac requirements cont
ISP-ISAC: Requirements cont…
  • Active issues & historical databases containing (at a minimum) unique tracking code; date; time/time zone; geographical area; equipment type; software version; type of incident; brief description of incident; subsequent updates attached to incident; priority; reporting ISP; affected ISP(s); reports able to be anonymized
  • Informational database with security information such as threats, vulnerabilities, config issues, outside reports, etc.
isp isac requirements cont1
ISP-ISAC: Requirements cont…
  • 99.98% vendor system availability for databases
  • Multi-homed NOCs
  • Disaster recovery capability
  • Enough personnel & computing power for 7 simultaneous incidents & over 2000 simultaneous recipients of notification (initially; scaling required)
  • Searchable historical data
  • Automation and ease of use
isp isac benefits
ISP-ISAC: Benefits

What makes the ISP-ISAC useful?

  • Participation may help avoid regulation
  • Reports (outages or security) that are specific and timely would greatly assist with rapid trouble-shooting and problem solving
  • Pre-sorted ISP-specific (or network-specific) news reports, exploits, security vulnerabilities, and general information for dissemination to members are more complete than what an individual might find, saving individual sorting & distribution time
isp isac benefits continued
ISP-ISAC: Benefits continued…

MORE on what makes the ISP-ISAC useful…

  • Collected outage data from other sources (peering point vendors for the MAEs, NAPs, etc., mailing lists like NANOG & inet-access, circuit vendors, performance monitoring companies, other ISACs, etc.) & disseminated to the members provides a centralized source of information (and again saves sorting time)
isp isac benefits continued1
ISP-ISAC: Benefits continued…

MORE on what makes the ISP-ISAC useful…

  • Improved communication between ISPs improves repair times and therefore the public’s experience of the Internet
  • Having the capability to reach out to a significant number of ISPs all at once would be helpful during large-scale issues, as would assistance in coordinating the handling of such incidents (creating a central ticket, coordinating information, sponsoring a bridge call, etc.)
isp isac benefits continued2
ISP-ISAC: Benefits continued…

MORE on what makes the ISP-ISAC useful…

  • Forums for secure real-time or near-time communication would increase the speed of diagnosis:
    • Regular conference calls for general discussion
    • Facility for real-time response and discussion (bulletin board, private chat rooms, or voice bridge) by the Operators themselves
  • ISAC vendor-provided language translation skills speed up tracking down attacks/routing mistakes
isp isac benefits continued3
ISP-ISAC: Benefits continued…

MORE on what makes the ISP-ISAC useful…

  • Quick reference utilities like an access-controlled web page with color-coded live issues (culled from vendors, mailing lists, outage reports, and chat rooms/bulletin board) for rapid assessment of issues impacting any ISP
  • Convenience of having one place for locating an accurate, well-maintained & up-to-date phone list of ISP NOCs
isp isac why i am here
ISP-ISAC: Why I Am Here

We need your help

isp isac pending issues
ISP-ISAC: Pending Issues

There are many issues which could use some rough consensus from the community

  • With cost recovery (not profit) in mind, how do we make it affordable to as many ISPs as possible while still being able to pay the vendor? (Should larger ISPs pay more? If so, why?)
  • Membership requirements… Who should participate? (Should there be a cut-off? I.e. if you don’t have a 24x7 NOC, you don’t get to play?)
isp isac pending issues cont
ISP-ISAC: Pending Issues cont…

More issues…

  • What qualifies as an ISP?
  • Should vendors be allowed to participate?
  • What’s an outage? (Meaning, what should be reported to the ISAC?)
  • Should there be minimum participation requirements?
  • How do we establish trust?
isp isac gov t involvement
ISP-ISAC: Gov’t Involvement
  • MOST FAQ – Is the U.S. Government involved? ANSWER: No
  • Currently we are not planning on sending reports to the U.S. government (or any other state or country entity)
  • We may consider it at some point in the future, but the members control the ISAC and make the rules – YOU decide
isp isac current events
ISP-ISAC: Current Events
  • We’re not done yet! We just wanted to firm up the concept before talking to more companies
  • IOPS (and friends) have collected sales quotes from a couple of possible ISAC Operators and we have talked with other ISACs (plus one or two industry experts) on infrastructure protection and problem coordination
  • I’m here to discuss the idea, take feedback, & recruit volunteers - we want more people to assist in the final formation of the ISP-ISAC
isp isac next steps
ISP-ISAC: Next Steps

If you want to participate (please do not join just to be a silent listener) send mail to:

isp isac reaching me
ISP-ISAC: Reaching Me

If you want to pass along feedback, contact me:

Kelly J. Cooper

Security Engineer


3 Van de Graaff Drive

Burlington, MA 01803 or