Information Technology Reference
In-Depth Information
Dinis
: What do you think about a national CERT team to coordinate the work of the
CERT team of each organisation? I think the United States has created a new CERT
team. Do you think this is a good solution?
Uneri
: I believe there must be a CERT team for Portugal, for Turkey, at least for
every nation and a CERT team for NATO should also exist.
Handy
: I ran a CERT team in the US for a good two years and there is a risk that if
the CERT team is geared towards supporting law enforcement agencies and not military
opoerations, incidents become K-sensitive and other vulnerabilities may not necessarily
be shared with the rest of the communities because they are being investigated by law
enforcement. Another portion of the CERT may involve intelligence activities and if it
becomes part of the intelligence world - well, a lot of us are in the intelligence world and
we would like to keep that secret too. So from an operator's perspective there may be a
vulnerability out there and if I am a pilot or a wing commander, I want to know that my
network could be vulnerable to attack but the CERT team may be keeping this under raps
because of law enforcement rules. To mitigate the risk, an operator call is needed, which
is why in the US not only do we have the CERT but we also have the joint task force for
computer network operations, and the first was computer network defence. From that
perspective they work in conjunction with the CERT but the operator in this particular
case, a two-star US general, makes the decision as to whether to keep the network open
or to block certain portions of it because he is considering various orders which have to
be done in an expeditious manner. Given the global situation, this may be far more
important than protecting the network, and it is the operator's call.
Policarpo
: You mentioned security policy. Because all the decisions in NATO have
to be adopted by nineteen nations, if a CERT team was created by NATO, how do you
foresee each country's law enforcement rules and each country's policies in relation to
the media to be implemented in NATO.
Uneri
: There is a CERT team already in NATO, I think in Mons, Belgium. I think
their procedures have been determined. For example, the operating CERT team can only
write the security devices. The CERT can be a very small or a huge task. I really do not
know, in NATO, what a CERT team does exactly or the law enforcement in NATO.
Policarpo:
When writing or defining security policy, what will be the most difficult
aspect? Each nation has its national security policy, but in NATO it will be very hard to
define a security policy from the different national security rules
.
Uneri
: It is a very difficult task to perform a security policy in NATO because of the
nineteen nations.
Handy
: Should the NATO CERT be looking at perhaps, a common lexicon of
terminology? If we have, for example, massive probes on our networks, we ought to
label that as one type of perhaps, a reconnaissance. If we actually have one virus attack
that could be one type of intrusion. If we actually have a user compromise, where there is
user access, that is another type of category. If we have root compromise, then
Search WWH ::
Custom Search