Celene here from the MSRC Ecosystem Strategy Team. BlueHat v9: Through The Looking Glass ended just over a month ago and the success of the con lives on due to the outstanding training and networking between Microsoft employees, external speakers, and guests. I'm happy to say that the speaker video interviews and selected recorded presentations are now live on the BlueHat TechNet Page. As promised, we have posted talks from every track block. The samples available are from the e-crime, cloud, mobile and fuzzing content blocks.
As you probably know by now, BlueHat is primarily about educating our own Microsoft population so we can better understand how to build more secure products. The more we know about the security ecosystem, the more we at Microsoft can truly comprehend and assess our security reality. Our secondary goals are to build bridges and bring transparency to the security community to facilitate positive information exchanges.
One way we measure how well are meeting our goals is through surveying our attendees. Here are some of the survey highlights from BlueHat v9 that I want to share with you.
Survey Results for BlueHat General Sessions:
W00t! Strong numbers like those make it all worth it, I tell you! Big thanks to all our speakers and now new members of the BlueHat network, the BlueHat content review team, and Dana Hehl for making everything look so easy.
Mark your calendars! The next BlueHat is October 14-15, 2010. See you all there.
BlueHat Project Manager
*Postings are provided "AS IS" with no warranties, and confers no rights.*
It was in that capacity that I was privileged recently to attend the GovCERT.NL symposium, hosted by the Dutch Government CERT in the city of Rotterdam. What an event! The Dutch government CERT, GovCERT.NL, put on a truly world-class event. I cannot recall ever having been to an event so well-polished and professionally presented. The program was rich, varied, and robust, with a number of international and domestic speakers. But for me, the highlight was the interaction in the CERT community.
Although the symposium is primarily focused on meeting the needs of GovCERT.NL’s constituents, the attendance from much of the international CERT community makes the event all that much more dynamic. The national CERT community is a thriving and robust effort, allowing teams across national borders to work together and deliver collective results to provide more protection to the ecosystem. If you are in government, law enforcement, or industry and you don’t know your national CERT, you don’t know what you are missing! I was fortunate enough to meet with quite a number of national CERTs during this event from the European region and as far afield as Asia. This was most useful, as the MSRC is looking to engage more strongly with the community of national CERTs. In addition, Mike Reavey, Director of the MSRC, was also able to attend, and not only sat on a panel, but also spent time talking in depth with several CERTs about the issues facing the CERT community as well as how to develop better working relationships. It is this open dialogue and the coalescence of like-minded individuals that tends to be a hallmark of CERT-based events. In addition to formal meetings on the days before and after the symposium, it was clear that the global CERT representatives present were spending quality time sharing techniques, discussing common strategies, and building stronger interpersonal relationships. It is still the case that interpersonal relationships are the life-blood of this community, but there have also been some strong moves towards establishing organizational-level relationships with increasing bilateral and multilateral formal relations. I am keen to watch this grow, and will assist where I can.
I consider these groupings of CERTs to be invaluable. We have all heard that the Internet is a global thing, with no concept of borders or jurisdiction. While this may be the case, this also implies that there is no one responsible for looking after the problems on the Internet. I see the Internet as a global ecosystem, and in any ecosystem you need those who keep order. That is where I see the role for the National CERTs, tackling the problems of the Internet on a nation-by-nation basis. It is something that every country can do, take responsibility for their “own patch"; it is the Internet version of “think globally, act locally”. It is important also to realize that Internet security is not a problem that can be fixed by law enforcement, or any other group, alone. CERTs perform an important role, not only providing advice and guidance, but also assisting with coordination and remediation. A CERT from one country knows that they can reach out to a trusted partner in another country to resolve an issue and that means the CERT only needs to know their own constituents and their fellow CERTs. In the absence of such a network, every CERT would need to be able to communicate with every organization, and potentially every individual, to resolve issues.
For a great practical example of a CERT working locally to assist in protecting the global ecosystem, I would recommend that you look at the work being done by CERT-FI and their Autoreporter service. This service is a great example of a CERT, working with feeds from the globally community, taking responsibility for their constituency and working to remediate the threat within their own borders. This is the sort of work I feel all CERTs globally should be looking to when considering how to be an effective and contributing member in the global security community. This sort of activity has helped the Finnish IP space to become one of the “cleanest” in the world, as called out in the recent Microsoft Security Intelligence Report volume 7. Great work CERT-FI!
I hope to see those national CERTs, who are not already a part of Microsoft Security Cooperation Program for CERTs (SCPcert), look at joining this initiative, as a first step in building a deeper and more substantive operational relationship with Microsoft. It is from the bedrock of this program that I hope to find new and innovative ways to assist the CERT community in the shared responsibility of protecting the ecosystem.
In conclusion, the GovCERT.NL event was great to attend. It gave me a quick refresher on just how much potential there is within the CERT community globally to work together, and with industry, to increase the level of ecosystem-wide security. I am looking forward to my part in working with and helping foster this important community
-Karl Hanmore, Senior Security Strategist