Multinational Cyber Defence Capability Development: NATO Communications and Information Agency

This session provides an overview of developing cyber capabilities under the Multinational Cyber Defence Capability Development (MN CD2) Initiative, which is one of the NATO Smart Defence initiatives. The two capabilities that will be introduced in details are network enumeration and incident response orchestration.

Dynamic Network Enumeration (DyNE) provides a network scanning solution with the capabilities similar to Internet scanning frameworks, such as Censys or Shodan. DyNE extends the existing open source IVRE scanning framework, by integrating additional tools and information sources, in order to support security administrators in developing precise and up-to-date view of devices and services available in the network and of any related vulnerabilities.

DyNE is specifically customized for deployment on highly compartmentalized IT systems used by governmental and international organizations. The framework supports passive discovery of potentially fragile network nodes, such as SCADA systems, and, in the future, automated identification of address space for IPv6 scanning. An easy to use web-based management console enables a security administrator to schedule network scans. The scan speed, address range and schedule are configurable in order to allow  fine-grained control over scanning tasks and to manage network impact. The collected data is accessible and easily be searched through a web interface. An appropriate set of visualizations is

provided via a web application. The solution is suitable for rapid deployment on static networks as well as on deployable and exercise networks.

Incident response orchestration: The number and complexity of cyberattacks is on the rise. Defenders are overwhelmed and unable to respond to security events effectively. Manual incident response processes are no longer enough; mature incident response teams recognize the need for automation. At the request of several nations, the NATO Communications and Information Agency is performing an assessment of the incident response orchestration market. This session will provide an overview of the market, describe some of the major issues to consider when assessing an incident response orchestration solution, discuss some of the limits of automation, and explore the various directions the market is following.

1)      Introduction to MNCD2 program (15 min)
2)      Introduction to Dynamic Network Enumeration (DyNE) project (15 min)
3)      DyNE demo (15 min)
4)      Introduction to Semi-automatic response (SAR) project (15 min)
5)      Discussion (30 min – can be also split between individual presentations)