FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:   || 2 |

«Written Testimony of Mr. Mark G. Clancy, Chief Executive Officer, Soltra Before the Committee on Homeland Security United States House of ...»

-- [ Page 1 ] --

Written Testimony of Mr. Mark G. Clancy, Chief Executive Officer,


Before the Committee on Homeland Security

United States House of Representatives

“Oversight of the Cybersecurity Act of 2015”

June 15, 2016

Chairman Ratcliffe, Ranking Member Richmond and members of the Committee, thank you for

scheduling today’s hearing on industry perspectives on the Cybersecurity Act of 2015 (CISA).

My name is Mark Clancy, and I am the Chief Executive Officer of Soltra. Soltra’s mission is to design and deliver solutions that shorten the time from awareness, to decision to action, in addressing cyber threats.

First, thank you for all of your efforts and dedication to addressing key cybersecurity concerns and for successfully passing cybersecurity information sharing legislation. As our nation continues to confront serious cybersecurity threats to our critical infrastructure, cybersecurity information sharing is one critical way to address these challenges.


Cybersecurity information sharing has been a cornerstone of various aspects of my career, beginning in 2004. At that time, I was running Citigroup’s Global Security Incident Response Team. Twelve years ago, we worked to combat the menace of phishing attacks targeting our customers. We quickly learned that the criminals were using the same approaches to target customers of other financial institutions; and by bi-directional sharing of the technical observations of those attacks with our competitors, we all were better able to minimize the impacts of these incidents. That first generation model of sharing was born out of personal trust between individual practitioners who met face to face frequently.

By 2008, a new sharing model was needed as the Financial Services Information Sharing and Analysis Center (FS-ISAC) started to grow significantly. This second generation trust model had widened to a larger number of institutions and individuals who still met face to face on occasion, but now had moved to using electronic mail lists as the primary method of exchanging information between face-to-face meetings.

By 2010, when I was the Chief Information Security Officer at The Depository Trust and Clearing Corporation (DTCC), we realized the scale of the community and the tonnage of information being shared grew to the point we could not utilize all the information, and that a third generation approach to sharing was required to use standardization and automation. This led to us exploring standards that described a cyber threat in such a way that a human could understand it, but a machine could process it.


Soltra is the financial industry’s answer to the third generation information sharing model. Soltra is a joint venture created by DTCC and the FS-ISAC that leverages the unique expertise of both entities, bringing together the best and brightest of the industry.

DTCC is a participant-owned and governed cooperative that serves as the critical infrastructure for the U.S. capital markets as well as financial markets globally. At its core, it develops and harnesses technology to provide a variety of risk management and data services to the financial services industry. More than 40 years ago the firm was created largely out of the need to leverage technology and automation in order to ensure securities transactions were more efficiently settled, thereby reducing risk of loss in the event of a counterparty default. In this respect, DTCC presently is among the most sophisticated financial technology or “FinTech” companies.

Today, DTCC continues to deploy evolving and improving technology in service to its mission as the primary financial market infrastructure for the securities industry. DTCC simplifies the complexities of clearing, settlement, asset servicing, data management and information services across multiple asset classes. In 2015, DTCC’s subsidiaries processed securities transactions valued at approximately US$1.5 quadrillion.

The FS-ISAC is a 501(c)6 nonprofit organization and is funded entirely by its nearly 7,000 member firms and sponsors. It was formed in 1999 in response to 1998 Presidential Decision Directive 63 (PDD 63), which called for the public and private sectors to work together to address cyber threats to the nation’s critical infrastructures. The FS-ISAC expanded its role to encompass physical threats after the attacks on 9/11, and in response to Homeland Security Presidential Directive (HSPD) 7 (and its 2013 successor, Presidential Policy Directive (PPD) 21) and the Homeland Security Act.

The FS-ISAC has grown rapidly in recent years. In 2004, there were only 68 members which were mostly large financial services firms. Today, FS-ISAC has nearly 7,000 member organizations, including commercial banks and credit unions of all sizes; markets and equities firms; brokerage firms; insurance companies; payments processors; and 40 trade associations representing all of the U.S. financial services sector. Because today’s cyber-criminal activities transcend country borders, the FS-ISAC has expanded globally and has active members in over 37 countries.

SOLTRA Soltra advances cybersecurity capabilities and increases resilience of critical infrastructure organizations by collecting and distilling cybersecurity threat intelligence from a myriad of sources to help safeguard against cyber attacks and deliver automated services at “computer speed,” cutting down the hundreds of human hours that are currently needed to distill cyber threat information.

Soltra began as a true cross-industry initiative that included a live prototype involving over 125 security practitioners that included FS-ISAC members, private sector representatives from other critical sectors, and government entities to refine the requirements, architecture and design of Soltra’s automation software, which is known as Soltra Edge.TM Soltra Edge provides for a free platform that users can access, and after less than a year and a half, Soltra Edge has been downloaded by over 2,600 organizations in 75 countries spanning 25 industries to consume, utilize, and share cyber threat intelligence using open standards.

The Soltra Edge platform sends, receives, and stores messages of Cyber Threat Intelligence (CTI) in a standardized way. It hides the complexity of the underlying technical specification so that end users can setup and start receiving threat information in under 15 minutes in most cases, changing the paradigm where it could take months or millions of dollars to change internal systems if companies wanted to do it on its own. The information that is received can be used to push instructions to other security tools to perform detection and mitigation of those threats. To support the widest possible adoption, we also made a highly functional version of the platform available at no cost to end user organizations to defend themselves. We also offer a low-cost or no-cost solution to ISAC and ISAO community organizations to act as the community hub for machine to machine threat sharing if they lack an existing operational capability. For organizations with additional needs, we also offer a paid membership which includes system integrations for platforms that have not adopted standards, enterprise grade operational features, and technical support.




Soltra has built a threat sharing ecosystem using three open standards first developed by DHS and MITRE called the Structured Threat Information eXpression (STIX) and the Trusted Automated eXchange of Indicator Information (TAXII), and the Cyber Observable eXpression (CybOX). STIX, TAXII, and CybOX have been transitioned into an international standards body, OASIS. These open standards are foundational for the interoperability and machine processing that are key to addressing complexity, and acting on information quickly. The OASIS CTI Technical Committee, which maintain these standards, has the largest amount of corporate and individual members of any technical committee in the standards body.

Soltra utilizes these open standards and has the unique ability to be the “glue” between different sectors and to provide connectivity for those who do not have the time or infrastructure to manage the transition to STIX/TAXII. This common standard also allows a defender of networks to use CTI from community sources like ISACs and ISAOs; government sources such as the U.S. Departments of Homeland Security (DHS) and Treasury, along with the Federal Bureau of Investigation (FBI); and utilize that information in a variety of commercial and open source security tools. It also addresses the problems companies currently have when using multiple vendors whose bundling of CTIs may only work with that same vendor’s tools. Soltra fixes this problem and allows for the use and scalability of information from multiple sources to be utilized in multiple tools that detect or defend the network.

Soltra also helps break down barriers between and amongst key sectors of the economy, providing the bridge from financial services to key sectors like health, energy, retail, as well as state, local, tribal and territorial (SLTT) governments. Historically, sectors only shared information within that sector. While important and effective to do, it also stovepipes the fact that the attackers are using the same Tactics, Techniques and Procedures (TTPs) against all sectors and allows them to effectively use the same tool to attack all sectors. Soltra breaks down the barriers to sharing by ultimately providing the “utility platform” and enabling interchange of information already in the STIX/TAXII format. We see this today with firms that are members of multiple ISAC/ISAO organizations and with ISACs that have sharing relationships with each other. Both of these act as cross sector bridges since it is simple to share information. Friction is greatly reduced when using Soltra to connect organizations – the same standard format, communications method, and access controls are used to respond to the data-handling instructions driven from the Traffic Light Protocol markings of content.


Sharing information about threats remains essential as Mandiant reports1 that for 2015 the median number of days from compromise to discovery was 146 days. This improved from a median of 229 days from the 2014 Mandiant report2, but is still an extensive window. The 47% of firms that detected a breach themselves took 56 days to discover the breach, but the 53% of firms notified by an external party had a median of 320 days from compromise to detection.

This is directly relevant to information sharing in two ways. First, the delta between the time of an internal and external notification are likely a symptom of poor access to information about threats or ability to act on that information. Second, information shared about threats may represent intrusion sets recently identified that had been in situ for a long time. We need to both increase the percentage of internally discovered breaches and shorten the time to detect them.

Sharing CTI data is one such way these discoveries are made and timely sharing leads to timely discovery. Soltra is working to solve this problem by widening the access to CTI data and shortening the time to act on it over manual methods. It is hard to know with certainty why the industry improved the lag in compromise to discovery, but it is highly likely information sharing tipping defenders on what to look for was a part of the improvement.

1 https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf 2 http://dl.mandiant.com/EE/library/WP_M-Trends2014_140409.pdf Third, there are some important lessons learned about the benefits of sharing information that, quite simply, will vary based upon the maturity of the institution participating in the program.

However, a few things are universal:

First, initially when a company receives CTI data, it is purely a consumer of that information. It might find that it has limited technical or operational capabilities to utilize some or all of the information in an effective way. For example, it may receive indicator information about malware on endpoint, but not have a capability to scan end points for such files. At that juncture, the company will begin to realize that it needs to better understand what is in the data to actually be able to utilize it. For example, understanding how to use information when the temporal context is of an intrusion 300 days ago is important. If it then looks for that activity from the moment the CTI is received, it could miss the event that precipitated the intrusion several hundred days earlier. If it was just recently reported, the original victim may have just identified it and that data, even if it is a year old, might be the clue needed to ascertain if the same incident had occurred in your infrastructure. As a company moves up the maturity curve, it also moves from primarily utilizing the telemetry which is represented by the CTIs and starts to utilize insights and contextual information to anticipate hazards down the road. Even in mature sectors the bulk of the activity is around the telemetry CTI data.

As a company matures into using CTI data that was shared, it starts to realize that some data lacks sufficient context and may appear to be a false positive. This comes about between the very natural tension between sharing quickly when information is fresh, but could still be incomplete.

This also occurs by the very nature of the investigative process that produces information and observations of activity that may have occurred during an attack but could be unrelated to the attacker’s actions and are an artifact of normal IT system behavior. In order to address this, a company will want to have a method to ask the producing source to confirm details, or perhaps after its own research it will understand the context was lost or the CTI data is, in fact, inaccurate. A company will need to have a mechanism to share these results back to the producing source so they can adjust the content and send out a revision to the community.

Pages:   || 2 |

Similar works:

«St Mary’s University, Twickenham Board of Governors Minutes of a meeting of the Board of Governors held on Thursday 26th November 2015 in the Shannon suite, St Mary’s University, Twickenham.Present: Rt Rev Richard Moth (Chair) Sir Anthony Bailey Mr Francis Campbell (Vice-Chancellor) Mr John Dixon Fr Richard Finn Mr Mike Foster (to M10 only) Dr Maureen Glackin Mrs Sue Handley-Jones Mr David Hartnett Mrs Maureen John Mr Stuart Kemp Mr Zander Lavall (President of SMSU) Dr David Livesey Mr...»

«Sharon Dickinson sharon.dickinson@lacity.org Wildlife Corridor Motion-STOP THE DESTRUCTION Thomas Tardio ttardio7@hotmaH.com Mon, Apr 18, 2016 at 7:43 AM To: Sharon.Dickinson@LACity.org Sharon.Dickinson@lacity.org We support ALL efforts to eliminate the ongoing destruction of our wildlife corridors in the City of LA. We appreciate your support and consideration of legislation to stop construction of 4 story Harvard Westlake Garage on Coldwater Blvd/south of Ventura Blvd, specifically in that...»

«Working Paper Series Giuseppe Cappelletti, The stock market effects of a Giovanni Guazzarotti securities transaction tax: quasiand Pietro Tommasino experimental evidence from Italy No 1949 / August 2016 Note: This Working Paper should not be reported as representing the views of the European Central Bank (ECB). The views expressed are those of the authors and do not necessarily reflect those of the ECB Abstract We study the e¤ects on the stock market of a securities transaction tax (STT). In...»

«MILLENNIUM Journal of International Studies Forum Article Millennium: Journal of Living Critically and ‘Living International Studies 39(2) 505–524 Faithfully’ in a Global Age: © The Author(s) 2010 Reprints and permissions: sagepub.co. uk/journalsPermissions.nav Justice, Emancipation and DOI: 10.1177/0305829810385053 mil.sagepub.com the Political Theology of International Relations Scott M.Thomas Bath University Abstract This article asks is there a place for religion and spirituality in...»

«Contents Introduction 2 Fire Awareness for Children (Prep to Grade 2) Fire awareness in the home 4 Personal safety fire awareness 8 Fire awareness in the community 14 Fire Awareness for Children (Grade 3 to Grade 6) Fire awareness in the home 24 Personal safety fire awareness 33 Fire awareness in the community 40 -1Introduction The Fire Awareness for Children resources are part of the Department of Education and Early Childhood Development’s commitment to engaging children in further...»

«JPMorgan Chase Institute A global think tank dedicated to delivering data-rich analyses and expert insights for the public good Past 65 and Still Working: Big Data Insights on Senior Citizens’ Financial Lives Every day, roughly 10,000 baby boomers turn 65.1 Some will “retire” in the traditional sense of the word. Many will keep working, though, and others will rejoin the workforce later Fast Facts on. The share of Americans who work beyond traditional retirement age has increased, raising...»

«Leak Gopher Z-Wave Valve Control Model: LGZW-1 and LGZW-2 Rev: 2.04 Power: 5VDC 250mA Features Electronically Controlled Water Valve ¾” and 1” valves Wireless control using many available Home Automation platforms and security panels Control via Internet or Smart Phone Smart Phone or computer from anywhere Prevent expensive water damage in the world via the Internet. Automation even when you’re not home systems can automatically turn off the Z-Wave Wireless connectivity water if a leak...»

«PREPARING FOR PANDEMIC INFLUENZA SUPPLEMENTARY GUIDANCE FOR LOCAL RESILIENCE FORUM PLANNERS Issued by: Civil Contingencies Secretariat Cabinet Office May 2008 Document Management Version 1 Date: May 2008 Note: A Welsh version of this document is also available at: UK Resilience Crown Copyright The material featured on this site is subject to Crown copyright protection unless otherwise indicated. The Crown copyright protected material (other than the Royal Arms and departmental or agency logos)...»

«Newsletter No. 33: PORNO, TRUCKER TRAVEL, & THE MISBEGOTTEN MIDWEST TOUR Happiness, Joy, Delight, Gladness, Contentmen, Harmony, and Love is OXBOW. There are only two choices for an attitude toward life: positive or negative. OXBOW finds the positive attitude an easy choice to make and enjoys receiving the best that life has to offer. Let OXBOW come into your heart, if oly for a moment, to share a smile with you.-California Clock Co. YOUR INSENSITIVITY IS TRULY EDGELESS, LIMITLESS.-The World's...»

«A GOOD YEAR FOR FIGS Sermon Preached by Jon M. Walton March 11, 2007 Scripture: Psalm 32; Luke 13:1-9 Modern life is punctuated by breathtaking catastrophe. Eight children and an adult die in an overnight fire in the Bronx. A hundred people are killed and wounded in a busy street of booksellers in Baghdad where Shiites and Sunnis have peacefully sold their books next door to one another for years. We live with the bad news of misfortune happening to other people all around us, and hope that it...»

«Consultation questions General 1) Overall, do you think that the draft guidance gives a clear interpretation of the Act to support organisations’ implementation of the duties? Yes No (if responding electronically, please double click on one of the boxes above and select the default value as ‘checked’) Please provide details: There are many areas that seem ambiguous and subject to misinterpretation Part 18, Section 96 Wellbeing 2) Do you think the draft guidance on wellbeing provides...»

«PUENTE ATIRANTADO PUERTA DE LAS ROZAS SOBRE LA A-6, MADRID Miguel Sacristán Mont. Guillermo Capellán Miguel Juan José Arenas de Pablo Pascual Garcia Arias Ingeniero de Caminos Ingeniero de Caminos Dr. Ingeniero de Caminos Ingeniero de Caminos ARENAS & ASOCIADOS ARENAS & ASOCIADOS ARENAS & ASOCIADOS IDOM Coordinador de Proyectos Director Técnico Presidente Director de Obra jjarenas@arenasing.com msacristan@arenasing.com gcapellan@arenasing.com pga@idom.es Resumen Desde el verano de 2007...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.