Meet the Game Changing Cyber Defence Centre Framework

One of the best stories stemming from this year’s Summer Olympics in Tokyo concerned a headline you never saw in worldwide newspapers. There were no cyber security incidents that caused outages—or embarrassment to the host nation of Japan.

No doubt the Olympics were a tempting target for bad actors looking to make a name on a global stage. What’s even more impressive about this outcome is the conditions under which it occurred. First, the Olympics are not a permanent technology installation, and second it could only work with private sector security companies to support as Gold Partners of the Japan Olympic Company (JOC) such as NEC and NTT (as well as Gold Partner for Telecommunication Services).

Representing Symantec, as a division of Broadcom Software, I have had the opportunity to participate, lead and contribute in Standards Defining Organizations such as the International Telecommunications Union (ITU) where we initiated and contributed to the development of the Cyber Defence Centre (CDC) framework with many colleagues, in what is called Question 3 of Study Group 17.

When my co-editors from NTT group joined this work with the key support of NEC representatives, and the rapporteurship leaders of Q3, we were introduced and considered materials from Japanese industry associations such as the  ISOG-J such as: Information Security Operation providers Group Japan, which consists of 56 Japanese security companies. As we began our work, we realized that we could seamlessly merge both initiatives together. No doubt Japan will make good use of this new standard but as well many other countries show interest in using this, including many African nations.

Will the CDC be a game changer for cyber security management? Here’s why I believe it’s worth checking out.

What is the CDC framework?

The Cyber Defence Centre (CDC) is an entity that implements security policies as services. The CDC defines a catalog of services, and gives the conditions to then help ensure that the CDC members are equipped with the right training, services, and technologies.

The framework isn’t just theoretical, it provides a scoring system to help CDCs determine how and by whom security services are implemented, including insourcing, outsourcing, or some combination of the two.

CDC members are responsible for setting policies and resource planning for all security activities, including their own strategic management — the first of nine main CDC service categories include:

1. Strategic management of CDC
2. Real-time analysis
3. Deep analysis
4. Incident response
5. Check and evaluate
6. Collection, analyzing and evaluating threat intelligence
7. Development and maintenance of CDC platforms
8. Supporting internal fraud response
9. Active relationship with external parties
    

Why did we propose this framework?

Cyber security is a shared, global problem that demands a concerted, global response. We were motivated by three things:

1. Each time we asked CISOs their definition of a SOC, we received a vast spectrum of different answers. Every organization is unique, and that’s really one of the industry’s biggest challenges
2. There is no common language to describe the job that each constituency (private and public organizations) have and thus makes it difficult for a country or a region in the world to organize, collaborate and coordinate a defence.
3. Finally there is a blatant lack of professionalisation in cyber security with a massive deficit of resources to do the work. As cyber security is still mostly vocational, codifying the services could help accelerate or align capacity building efforts. The framework establishes a state-of-the-art, multilingual, global governance approach that’s available to everyone.

Do we need to change our SOC?

Most SOCs are organized around incident response and we hope at minimum that they utilize the great work that FIRST delivered.  Yet, even the best ones require continuous development progress to properly manage risks. No SOC can do everything. Many organizations are looking to build their capabilities and a framework providing a guideline for the selection of services to help them meet potential threats in alignment to their business goals.

By adopting the CDC framework:

• You can have the assurance of knowing that you can conduct your own SOC transformation around a common framework.
• You can hire the right people because you can say you have a best-in-class SOC built upon this world-class industry framework with a codification of services to be done.
• You can more quickly achieve agreement, buy-in, and defuse personal preferences. The framework will guide future decision-making and you can achieve success even if there are personal or team conflicts. 

What’s the best way to learn about the CDC framework?

The cyber security world is changing rapidly and fragmented organizational responses aren’t helping to fend off today’s global threat actors.

• Review the framework here and see if it advances your professional and organizational objectives and please give us feedback to help improve the process.
• Review it with your security team and senior management and see if there is a consensus.
• Determine what services you have that map to it and identify what steps to prioritize next to establish your own CDC.

We encourage you to talk to the Symantec experts at Broadcom Software about your plans and how we can support you in developing your CDC journey. Contact us here.