Data Logistics Blog
Many parties exchange event or incident data. If you send me data to re-share that is 'sensitive' or otherwise restricted, how do I tell other people that fact or that they can (or can't) share this data further? This is an attempt to identify a possible relatively simple data marking model. September, 2016 UPDATE: The document was revised to reflect the first implementation try..
The APWG hosted the 2015 "Symposium on Impediments to Data Sharing" on November 5th in Reston, VA. These are the presented slides and discussion notes from the small gathering. Many parties believe robust data sharing needs new laws or regulations, whereas we have found that misperceptions and reluctance are the biggest impediments. The symposium identified those and discussed the means to overcome them. Follow-up actions include a few whitepapers and more emphasis on the APWG e-crime taxonomy effort.
Periodically the APWG gets asked its opinion on various policy matters. Such an opportunity arose in June, 2013 with the Council of Europe. The Secretary of the Cybercrime Convention Committee (T-CY) invited us to a public hearing on transborder access to data organised by the T-CY on 3 June 2013, in Strasbourg, France. Peter and I explained our view of the problem to the committee, imparted some real-world experiences to them, and volunteered to help address the issues in the future.
Many parties exchange event or incident data. If you send me data to re-share that is 'sensitive' or otherwise restricted, how do I tell other people that fact or that they can (or can't) share this data further? This is an attempt to identify a possible relatively simple data marking model. September, 2014 UPDATE: The document was revised to incorporate lessons learned from our early ECX pilot and community discussion (or grumblings).
The past few years, we have seen an explosion of “infected system notification systems.” Some of the more successful ones target the more controlled networks, where determining the actual infected device is relatively easy. Those successes led to a call to notify every user on every network when an “infected system” was found. But networks vary in their ability to identify a specific device. And there is no generally-accepted definition of “infected.” But hope is not lost, or it shouldn’t be, as the APWG operates a notification system and continually wants to improve its effectiveness and usefulness. Maybe we just need better definitions and expectations? We explore some ideas and issues here.
Many parties collect Internet event data such as data such as IP Addresses, originator identification, or communications content to track network congestion, comply with regulatory regimes, or to detect malicious activity. Many times the data collected is not truly ‘public’ data but has handling and distribution restrictions or caveats on it. The APWG shares some data that carries some further sharing restrictions and is currently exploring ways to mark this data. This paper introduces a schema for originator's to mark data to impart resharing guidance to the APWG.