You are on page 1of 7

Anti-Bot Working Group

Charter
July 2013

CLOUD SECURITY ALLIANCE Anti-Bot Working Group, July 2013

2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print, and link to the Cloud Security Alliance Anti-Bot Working Group Charter at http://www.cloudsecurityalliance.org, subject to the following: (a) the Charter may be used solely for your personal, informational, non-commercial use; (b) the Charter may not be modified or altered in any way; (c) the Charter may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote portions of the Charter as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to the Cloud Security Alliance Anti-Bot Working Group Charter (2013).

2013 Cloud Security Alliance - All Rights Reserved.

CLOUD SECURITY ALLIANCE Anti-Bot Working Group, July 2013

Contents
Working Group Executive Overview.......................................................................................................................... 4 Work Group Membership ......................................................................................................................................... 4 Infrastructure & Resource Requirements ................................................................................................................. 4 Work Group Responsibilities and Structure .............................................................................................................. 4 Work Group Conference Calls and In-person Meetings ............................................................................................ 5 Communications Methods ........................................................................................................................................ 5 Sub-Work Groups ...................................................................................................................................................... 5 Decision-Making Procedure ...................................................................................................................................... 5 Peer Review, Related CSA Stakeholders and External Stakeholders ........................................................................ 6 Duration ..................................................................................................................................................................... 7 Schedule and Deliverables ........................................................................................................................................ 7

2013 Cloud Security Alliance - All Rights Reserved.

CLOUD SECURITY ALLIANCE Anti-Bot Working Group, July 2013

Working Group Executive Overview


Mission Statement: To develop and maintain a research portfolio providing capabilities to assist the cloud provider industry in taking a lifecycle approach to botnet prevention.
Botnets have long been a favored attack mechanism of malicious actors. A recent evolution in botnet innovation has been the introduction of server-based Bots as an alternative to single user personal computers. The access to vastly greater upload bandwidths and higher compute performance has attracted the same adversaries who have built and operated earlier botnets. As cloud computing is rapidly becoming the primary option for server-based computing and hosted IT infrastructure, CSA as the industry leader has an obligation to articulate solutions to prevent, respond and mitigate against botnets occurring on cloud infrastructure. The CSA Anti-Bot Working Group is the primary stakeholder for coordinating these activities.

Work Group Membership


The CSA Anti-Bot Working Group will be composed of CSA volunteers who meet at least one of the criteria listed below. Individuals who meet more than one of the criteria will be given preference when adding new working group members. Ideally, working group members: Are highly motivated and willing to contribute to a non-profit work group Have documented experience in the domain either through their current or previous jobs or through conducting academic research of high quality. Can provide references as to their credentials in this area of expertise

The CSA Anti-Bot Working Group is chaired by the appointed co-chairs who will provide updates and seek guidance from the advisory roles. The working group will require typical project management, online workspace and technical writing assistance and may appoint others as necessary to assure the effective execution of the defined work. Other individuals may be invited to attend meetings by the principals as deemed necessary to provide input to topics under discussion.

Infrastructure and Resource Requirements


The working group will be composed of CSA volunteers; it will have a steering committee and co-chairs. Working group will require typical project management, online workspace, database and web maintenance, and technical writing assistance.

Work Group Responsibilities and Structure


The CSA Anti-Bot Working Group will be the primary decision-making body relative to the reference architecture and the defined deliverables. A majority of the members will make decisions.

2013 Cloud Security Alliance - All Rights Reserved.

CLOUD SECURITY ALLIANCE Anti-Bot Working Group, July 2013

Specific responsibilities of the CSA Anti-Bot Working Group include: Development of a baseline set of fundamental practices (e.g. patching) for cloud providers to protect their infrastructure from being exploited by malicious actors seeking to turn their cloud into hosted botnets. Outreach to cloud providers, determine how CSA's broad network can be used to contact and assist affected cloud providers, with a key emphasis on small cloud providers and others without highly mature security programs. Industry partnerships. Create list of partner associations to share information and practices with, and begin outreach. Develop and/or promote free tools. Encourage the CSA corporate members to contribute tools to assess maturity, detect and remove hosted botnets. Working group can possibly develop signatures and provide to the security vendors Government coordination. Manage government relationships, create awareness of CSA Anti-Bot, advocate actions government stakeholders can undertake

The CSA Anti-Bot Working Group will consist of between two and four co-chairs to provide to provide leadership, and will enact Sub-Groups as needed to complete its responsibilities.

Work Group Conference Calls and In-person Meetings


The CSA Anti-Bot Working Group will conduct conference calls no less than monthly in frequency. Attendance by the principal or alternate is required. The Alternate must have full authority to act on behalf of the principal if the principal is absent. In-person meetings will happen once a year in a location to be determined.

Communications Methods
Bi-weekly phone calls and online collaboration.

Sub-Work Groups
Ad hoc sub-work groups comprised of subject matter experts may be formed to plan or execute any related outreach, awareness or research opportunities. Such sub-working groups shall report directly to the CSA AntiBot Working Group Co-Chairs.

Decision-Making Procedure
Definition of a majority 1) A majority shall consist of more than half of the members present and voting. 2) In computing a majority, members abstaining shall not be taken into account. 3) In case of a tie, a proposal or amendment shall be considered rejected.

2013 Cloud Security Alliance - All Rights Reserved.

CLOUD SECURITY ALLIANCE Anti-Bot Working Group, July 2013

v 4) For the purpose under this charter, a member present and voting shall be a member voting for or against a proposal, including proxy representative. Proxy where authority is delegated through a written statement or non-repudiated email should be declared and inspected for validity by the chair before voting starts. Abstentions of more than fifty percent 1) When the number of abstentions exceeds half the number of votes cast (for, against, abstentions), consideration of the matter under discussion shall be postponed to a later meeting, at which time abstentions shall not be taken into account. Voting procedures 1) The voting procedures are as follows: a) By a show of hands as a general rule unless a secret ballot has been requested; if at least two members, present and entitled to vote, so request before the beginning of the vote and if a secret ballot under b) has not been requested, or if the procedure under a) shows no clear majority b) By a secret ballot, if at least five of the members present and entitled to vote so request before the beginning of the vote (online voting is applicable) 2) The chair(s) shall, before commencing a vote, observe any request as to the manner in which the voting shall be conducted, and then shall formally announce the voting procedure to be applied and the issue to be submitted to the vote. The chair(s) shall then declare the beginning of the vote and, when the vote has been taken, shall announce the results. 3) In the case of a secret ballot, the secretariat shall at once take steps to ensure the secrecy of the vote.

Peer Review, Related CSA Stakeholders and External Stakeholders


Following groups within CSA are related stakeholders. Each will consulted for activities relevant to their own charter, and all will be provided with draft research from the CSA Anti-Bot Working Group for the purpose of peer review. CloudCERT Financial Services Working Group Incident Management & Forensics Working Group Corporate Member Subject Matter Expert Council Telco Working Group GRC Stack

In addition to collaboration with internal working groups, the CSA Anti-Bot Working Group will develop an initial list of third-party partners within the first six weeks of operation.

2013 Cloud Security Alliance - All Rights Reserved.

CLOUD SECURITY ALLIANCE Anti-Bot Working Group, July 2013

Duration
The working group will operate until Q3 2014 for its chartered deliverables, and at that time consider charter renewal.

Schedule and Deliverables


(Tentative dates for September and later.) August 8, 2013. Initial working group kickoff, to be held in-person, Chicago with remote dial-in access. August 23, 2013. Publication of one year work plan. September 15, 2013. Launch CSA Anti-Bot microsite, Partner Directory and Twitter account October 8, 2013. Publication of version 1 of Fundamental Anti-Bot Practices for Cloud Providers. October 8, 2013. Publication of resource contacts and escalation procedures for botnet issues. November 8, 2013. Publication of version 1 of Anti-Bot Toolkit Repository for Cloud Providers.

2013 Cloud Security Alliance - All Rights Reserved.