Traffic Light Protocol

The Traffic Light Protocol (TLP) was originally created in the early 2000s by the UK Government's National Infrastructure Security Coordination Centre (NISCC, now Centre for Protection of National Infrastructure - CPNI)[1][2] to encourage[3][4] greater sharing of sensitive information.

The fundamental concept is for the originator to signal how widely they want their information to be circulated beyond the immediate recipient. It is designed to improve the flow of information between individuals, organizations or communities in a controlled and trusted way. It is important that everyone who handles TLP-labeled communications understands and obeys the rules of the protocol. Only then can trust be established and the benefits of information sharing realized. The TLP is based on the concept of the originator labeling information with one of four colors to indicate what further dissemination, if any, can be undertaken by the recipient. The recipient must consult the originator if wider dissemination is required.

A number of current specifications for TLP exist:

  • From ISO/IEC, as part of the Standard on Information security management for inter-sector and inter-organizational communications[5]
  • From US-CERT, which is intended to provide a publicly available simple definition[6]
  • From the Forum of Incident Response and Security Teams (FIRST), which published version 1.0 of its consolidated TLP document on August 31, 2016.[7] arising from a Special Interest Group it created to ensure that interpretations of TLP are consistent, and clear expectations exist across user communities.

Summary of TLP's four colours and their meanings

There are four colors (or traffic lights):[8]

  • RED - personal for named recipients only
In the context of a meeting, for example, RED information is limited to those present at the meeting. The distribution of RED information will generally be via a defined list and in extreme circumstances may only be passed verbally or in person.
  • AMBER - limited distribution
The recipient may share AMBER information with others within their organization, but only on a ‘need-to-know’ basis. The originator may be expected to specify the intended limits of that sharing.
  • GREEN - community wide
Information in this category can be circulated widely within a particular community. However, the information may not be published or posted publicly on the Internet, nor released outside of the community.
  •  WHITE  - unlimited
Subject to standard copyright rules, WHITE information may be distributed freely, without restriction.

Practical Examples

In practice, one will indicate TLP: using a colon, followed by the level, RED, AMBER, GREEN or WHITE, like so:

TLP:RED: This really hurt our organization, do not share this with others, but maybe you can learn from this: we really screwed up with ...

TLP:AMBER : You can share this within your organization but not outside it: our shared platform has this vulnerability, please check your setup: ...

TLP:GREEN : You can share this within your organization and with peers, but not with just anyone: We scored number one on this online test ... but of course, other tests have other number ones ...

TLP:WHITE : You can share the following with just anyone: The following virus scanner is most popular on the internet and all our independent suppliers confirmed it today: ...

gollark: You know, we could automate that.
gollark: Couldn't you just run analytics on the same server as this?
gollark: Sascha: the Potatodatacentre is our array of about 350 potatOS computers in the End.
gollark: How about every time you say TPS, another computer is added to some random place in the world and runs an intensive program?
gollark: o no.

See also

References

  1. Eric Luiijf; Allard Kernkamp (March 2015). "Sharing Cyber Security Information" (PDF). Global Conference on CyberSpace 2015. Toegepast Natuurwetenschappelijk Onderzoek. Retrieved 2016-10-25.
  2. Don Stikvoort (11 November 2009). "ISTLP - Information Sharing Traffic Light Protocol" (PDF). Trusted Introducer. National Infrastructure Security Co-ordination Centre. Retrieved 2016-10-25.
  3. "Development of Policies for Protection of Critical Information Infrastructures" (PDF). Organisation for Economic Co-operation and Development. Retrieved 2015-11-19.
  4. "'Re: OpenSSH security advisory: cbc.adv' - MARC". Mailing list ARChive. Retrieved 2012-11-25. (alt source SecurityFocus archive entry)
  5. "ISO/IEC 27010:2015 [ISO/IEC 27010:2015] | Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications". International Organization for Standardization/International Electrotechnical Commission. November 2015. Retrieved 2019-12-31.
  6. "Traffic Light Protocol (TLP) Definitions and Usage". United States Department of Homeland Security. Retrieved 2019-12-31.
  7. "FIRST announces Traffic Light Protocol (TLP) version 1.0". Forum of Incident Response and Security Teams. Retrieved 2019-12-31.
  8. "Traffic Light Protocol". Centre for Critical Infrastructure Protection. Archived from the original on 2013-02-05. Retrieved 2012-11-25.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.