Coordinating incident response at Internet scale as a concept sounds fabulous, but can we achieve it? What will it take?
For those working in incident response and information sharing efforts, we know there is much to be done. While there is lots of good work progressing this area of information security, there are still very few resources skilled in forensics and mitigating threats. The CARIS workshop will bring together the diverse sets of experts to collaborate and better scale their efforts.
Last year, I wrote a blog series on the problems in the space with some ideas on how we might be able to progress in a way that helps not only the large organizations with resources to participate, but also smaller organizations with no resources. The smaller organizations are part of the supply chain, hence the motivation to assist them. You can find more information in the blog series: Driving Towards More Effective Sharing Models.
One of the key takeaways, is the need for coordination among those driving efforts to progress this space including those running attack type mitigation efforts (APWG, ACDC, etc.), operators at service providers, regional CSIRTs, security professionals at large organizations, researchers, and vendors. Coordination requires getting these folks into the same room to see how we might collectively advance this space and have a greater impact with the few resources dedicated to these activities. The Internet Architecture Board (IAB) and the Internet Society (ISOC) CARIS workshop is set to take place on June 19th on the last day of the FIRST conference in Berlin.
CARIS will be run as a workshop to allow for active participation of attendees with a requirement to submit a research paper or fill in a template on your organizations sharing and mitigation efforts. All research papers accepted will be published on the IAB CARIS site and the template information will be shared out with participants via ISOC. The template will provide information needed for organizations to participate in each other’s efforts, potentially reducing duplication of effort and improve scaling of resources. This increased coordination of threat information may help with automation through the involvement of vendors. Additionally, the increased coordination could assist with the ability to directly address threats where they can be mitigated or stopped by service providers, CSIRTS, or threat specific working groups.
One goal of this coordination is to more efficiently address threats for all, rather than limiting activity to sharing by organizations with adequate resources. This requires coordination among those with resources. The database of sharing efforts has the potential to increase collaborative efforts by involving communities such as the service providers and vendors who might be able to more quickly address such threats. Bringing this diverse crowd into a full day workshop could be a catalyst to enable future collaboration between organizations. We look forward to your submission and collaboration! The call for papers is open until April 3, 2015.
First things first, the network for IETF-92 is up and works well! Both the meeting area and hotel room networks are operational. If you experience any problems, be sure to let the NOC team know at tickets.meeting.ietf.org. Note that we have a new arrangement for the network SSIDs. The “ietf” network employs now L2 security.
But I wanted to highlight how much is happening at an IETF meeting behind the scenes. A lot of volunteers as well as some staff and contractors are working to make the meeting a success. Networks are being setup by the NOC team. The secretariat is on site and preparing for the meeting. EDU team volunteers are working on their presentations for Sunday. And so on.
Many of these people come early – the NOC and secretariat teams are on site many days in advance, for instance. By Friday the network is usually already fully functional, but before that many things must happen. I wanted to thank everyone who is doing this – without you the smooth meeting experience that we enjoy would not be possible at all. Thank you!
By the way, I know some of our participants have been impacted by airline strikes in Europe. Hopefully everyone will get to the meeting without too much delay.
I am looking very much forward to seeing you all and the interesting discussions during the week!
There is just 10 days until our next meeting begins, in Dallas, Texas. This is our third visit to Dallas. On our previous visit in 2006 we had a very productive meeting, and a flood surrounding the hotel area. I am hoping for a dry meeting this time. But of course the topics we will be discussing are far from dry, there are many exciting discussions coming up. More on those in a moment.
But first I wanted to thank Google, our host, and Time Warner Cable, our connectivity sponsor. Without you we could not organise these meetings. Thank you. Also, if you have not yet registered, this is a good time to do so! The early bird registration fees are still available until tomorrow (March 13).
For me the most interesting discussion topics at the IETF at this time are:
Code. Running code. It has always been important for the IETF, but this time we are focusing even more on this. A Hackathon on Saturday and Sunday allows participants to work on the technologies that they are interested in. This event is sponsored by Cisco – Thank you!
Another code-related effort, CodeMatch, is in development and aims to create better connections between the IETF and open source communities while providing an easy entry point for students and regionally diverse participants into the IETF. Learn more about this at the Wednesday plenary update and prototype demo, or come help test the UI near the registration desk on Sunday.
The IAB technical plenary will focus on smart objects, the Internet of Things, and what they mean for the Internet architecture. Dave Thaler and Hannes Tschofenig will lead the discussion.
And on the same topic, the Thing-to-Thing Research Group will be meeting on Saturday and Sunday before the IETF.
The industry needs to be able to administer and control network nodes in a centralised, vendor-independent fashion in large networks, and these needs are materialising as an increasing number of YANG data model proposals at the IETF. If you are interested in this, the YANG advise and editing session on Sunday will help you participate this work better.
The LUCID BOF will focus on how we can solve the recently highlighted problems around internationalised domain names and Unicode. The BOF takes place on Wednesday.
Also on Wednesday, the ACME BOF will talk about ways to automate certificate provisioning.
Wednesday seems to be the day of the BOF meetings, as the exciting SPUD BOF will also take place then. The recent IAB workshop on Stack Evolution in a Middlebox Internet (SEMI) discussed the creation of a mechanism for applications at the end as well as boxes along the path to explicitly declare their assumptions and intentions, making it easier to manage traffic flows. The evolution of transport protocols is also discussed at the TSVAREA meeting, which includes short talks on the SEMI workshop, SPUD BOF, and on another SEMI-derived effort called HOPS. This effort asks “How Ossified is the Protocol Stack?” and intends to measure middle boxes to better understand what we’re dealing with.
And of course, our big projects around improving the security and privacy of the Internet, the evolution of the web protocols, real-time communication in the browsers, and many others are actively discussed throughout the week.
We will also have an exciting social event at the Reunion Tower on Tuesday. And on Saturday, a Code Sprint to work on the tools that let the IETF community produce and handle standards. Please contribute with your expertise and interest! The Bits-n-Bites event is on again, after a small break. I want to thank the sponsors of this Thursday-evening event, Huawei, Comcast, Verisign, and A10 Networks.
Also, during the IETF week, students from the Elon University will be asking for your help in their “Imagining the Internet” project. You can help by letting them interview you about the state of the Internet, the most important emerging trends and the best actions to take in future to ensure a bright tomorrow.
The full agenda of the meeting is here. And if you are new to the IETF, do check out the information for newcomers, and in particular the education team’s program on Sunday, online tutorials, and the mentoring program that helps you get better connected with other people at the IETF.
We will once again have a Code Sprint, now in Dallas prior to IETF-92.
Please come and build the feature into the IETF tooling that you always wanted to have 🙂 or help the rest of the tools team in making the updates they want to do.
When: Saturday, March 21, 2015, beginning at 9:30 AM and running until 6 PM.
Where: The IETF meeting hotel (The Fairmont) and the room Brasserie.
What: A bunch of hackers get together to work on code for the IETF data tracker, web site and other tools. Some people may be working on improvements in existing functionality, others may be adding exciting new functionality. All code will become part of the open source IETF tools. Who: Hopefully you can help 🙂
Henrik Levkowetz and Robert Sparks will be coordinating the efforts (thanks!). Please support the tools development effort, join the volunteer team and contribute!