CyberGreen is an initiative working diligently to advance the health of the global cyber ecosystem. In an effort to limit the footprint of infected machines and servers on the Internet, CyberGreen has adopted an approach modeled after the success of the public healthcare system. Unfortunately when combatting cybercriminals, success will be difficult to come by until we have hard data to highlight the dire problem that we face. To better highlight my point, we can take a look at a fairly recent example of how the severity of a massive threat was not given the attention it deserved.

For a long time, the public was told that smoking caused cancer, yet it had very little success in reducing the number of smokers and cancer victims. Until recently, many people considered anti-smoking campaigns as an attempt to merely attack the tobacco industry. It was only once we started to measure data relating to lung cancer victims and their links to cigarettes that any cases could be successfully made. Once we had the data, people started to take notice and anti-smoking campaigns gained traction. For too long we have been aware of problems within cyberspace but our attempts to increase awareness and attract the resources to implement action have been largely ignored.

CyberGreen is in the early stages of gaining the Non-Profit status that will allow us to share data and support ongoing remediation efforts around the globe. Our goal is to aggregate data and provide metrics to measure risk conditions globally through collaboration and data sharing partnerships. By providing data, CyberGreen hopes to assist policy makers in identifying areas of the Internet that need additional attention, and the resources necessary to combat their risk conditions. We would like to partner and assist the existing organizations that play a significant role in remediation efforts such as cleanups, botnet take downs and identifying and remediation vulnerable node.

To help us ensure the highest level of accuracy and to deliver the most relevant measurements, we have launched our own metrics expert group. Our group members span across 12 time zones, and include industry-leading experts such as Dan Geer, Barry Greene, Paul Vixie, David Watson, Pat Cain, Professor Manel Medina, Hiroaki Kikuchi, David Watson, and our partner, CSIRT Gadgets Foundation’s Wes Young and Gabriel Iovino.

The working groups’ vision is to help us define the areas in which CyberGreen can be useful in helping to increase sustainability; expanding on existing processes, such as remediation efforts, takedowns, and documentation to name a few. The aim is to simultaneously identify gaps where the project can help to make a larger impact; for example, CSIRT capacity building, training, and boot-strapping. Our working group aims to operationalize the lessons learned from previous efforts such as the Confiker WG, and Operation Ghost Glick on the DNS Changer. The data, statistics, and institutional knowledge from these types of efforts should be more meaningfully captured, normalized and presented.

National CERTs and Network operators are encouraged to sign up and explore CyberGreen’s portal to give us guidance and feedback on what would most help you engage your policy makers.

We welcome your comments, suggestions, and support of our initiative to participate and promote the existing global efforts. We hope that CyberGreen can work with you all to tackle the “metrics” challenge and raise the transparency of risk conditions and mitigate them with variety of ways together.