Security for Collaborating Infrastructures (SCI) Draft text - V4 - 15 March 2011 1 Operational Security Operational security in a distributed collaborative environment is governed by the same principles that apply to a local centrally managed system, but complicated by the diversity of sites (both in terms of hardware and software systems and in terms of local policies and practices that apply), and by the lack of a centralized management hierarchy that can "order" certain operations to be performed in specific ways. Governing principles include: - The management of risk; both to mitigate the most likely occuring and dangerous risks, and to take counter measures that are commensurate with the scale of the involved risks; - Containing the impact of a security incident while keeping services operational, but in certain cases this may require identifying and fixing a security vulnerability before re-enabling user access; - Identifying the cause of incidents and understanding what measures must be taken to prevent them from re-occurring. A collaborating infrastructure for operational security in a distributed environment must address the following issues: Risk mitigation: A process that ensures that security patches in operating system and application software are applied in a timely manner, and that patch application is recorded and communicated to all members of the collaboration. Risk mitigation: A documented process to manage vulnerabilities (including reporting and disclosure) in any software distributed within the infrastructure. This document must be publicly available or made available upon request and must be sufficiently dynamic to respond to changing threat environments. Incident prevention: The capability to detect possible intrusions and protect the infrastructure against significant and immediate threats on the infrastructure. Incident prevention: A documented capability to regulate the access of authenticated users. Collaborative cooperation: The capability to identify and contact authenticated users, service providers and resource providers. Collaborative cooperation: The capability to enforce the regulation of security policies, including an escalation procedure and the powers to require actions as deemed necessary to protect resources from or contain the spread of an incident. 1.1 Incident Response It is imperative that every collaborative entity has an organized approach to addressing and managing events that threaten the security of resources, data and overall project integrity. At a minimum a collaborating infrastructure must have the following: A formal Incident Response procedure. This document must be publicly available or made available upon request and address: roles and responsibilities, identification and assessment of an incident, minimizing damage, response & recovery strategies, approved communication tools and procedures. Documented contact information for site security teams and expected response times for critical situations. The capability to collaborate in the handling of a security incident with affected service and resource providers, communities, and infrastructures. Assurance of compliance with information sharing restrictions on incident data obtained during collaborative investigations. If no information sharing guidelines are specified, incident data will only be shared with site-specific security teams on a need to know basis, and will not be redistributed further without prior approval. 1.2 Traceability The aim is to be able to answer the basic questions who, what, where, and when concerning any incident. This requires retaining all relevant information, including timestamps and the digital identity of the user, sufficient to identify, for each service instance, and for every security event including at least the following: connect, authenticate, authorize (including identity changes) and disconnect. A collaborating infrastructure must provide the following: Traceability of service usage, by the production and retention of appropriate logging data, to identify the source of all actions as defined above. A specification of the minimum data retention period, consistent with local and international regulations. 2. Establishing Trust between Collaborating Infrastructures (to be written)