Consortium demos secure network

[InfoSec News <isn () c4i org>]

http://www.fcw.com/geb/articles/2002/1111/web-oregon-11-14-02.asp

By Dibya Sarkar 
Nov. 14, 2002

A public/private consortium in Oregon is developing a secure
information network that was created as a direct result of homeland
security concerns.

The consortium responsible for developing the Oregon Trial of
Emergency and Security Technology (O-TEST) demonstrated the model in
Washington, D.C., Nov. 13.

"It is a protocol of communication that is IP-based and lives on top
of a public network that provides a secure point-to-point data
interchange," said Wyatt Starnes, president and chief executive
officer of Tripwire Inc. and a member of the board of directors of
RAINS - the Oregon Regional Alliance for Information and Network
Security.

The consortium was formed as a direct result of the Sept. 11, 2001,
attacks, Starnes said, to improve the cybersecurity of government
systems and critical infrastructures, such as banking and finance,
transportation, electricity, water and communication systems. It is
made up of more than 40 Oregon-based cybersecurity and technology
companies and the Oregon University System, supported by several state
and Portland government agencies.

The federal government's call for private partnership in solving such
problems also spurred formation of the group.

Charles Jennings, RAINS board chairman and the CEO of Swan Island
Networks Inc., said that before Sept. 11, the public and private
sectors focused on technology performance, proficiency and mass
penetration. "Security at best was a very poor stepchild," he said.  
Now people realize cybersecurity is important, but there's still a lot
of work to do.

RAINS officials believe O-TEST is a step in the right direction.

Charlie Kawasaki, a board member and CEO of RuleSpace Inc., said
O-TEST is not intended to be the technological answer, but it should
be regarded as an ongoing test environment that is constantly
evolving. "The ultimate goal is to build a blueprint of best
practices," he said.

O-TEST is not a peer-to-peer system, but does facilitate secure and
encrypted information sharing using rich media and other technologies.  
Officials called O-TEST a work in progress that can be deployed on any
platform, upgraded with new technologies, or can act as a complement
to the existing systems of an organization.

It is aimed at first responders, critical infrastructure owners and
operators, and to all levels of the public sector.

The demonstration Nov. 13 showed a suspicious vessel heading up the
Columbia River toward Portland. Immediately the city's emergency
operations center — which would likely be in charge of such an
incident — was notified and, in turn, sent notifications to
appropriate agencies, whether 911 centers, police and fire
departments, and other city agencies.

A user would get the notification on his terminal and then use an
authentication tool - such as a digital watermark embedded in the
user's identification card - to log on to the secure network. The user
could then get a description of the incident as well as a photograph
of the vessel, audio files of individuals in the field, satellite
imagery and other pertinent geographic images.

If the vessel began discharging toxic gas or liquid, system users
could see which ports have been secured, or download information about
how to contain the gas or spill. Other news and information could be
accessed as well.

Jennings said a key design principle of O-TEST is survivability.  
Information wouldn't be stored in one central database, but locally.  
So if one system goes down, other O-TEST nodes would have information
and still be linked.

By early next year, the nonprofit organization hopes to have the
system deployed for testing in the Portland area. That would be
followed by a second phase where more regions or states would be set
up with the system.

Jennings said the group also is talking with officials in Pennsylvania
and Virginia. The National Governors Association has asked for a
demonstration as well as the Defense Department's Advanced Concept
Technology Demonstration, a program designed to fund the rapid
fielding of new technology.

The group has also gotten support from Oregon Sen. Ron Wyden, the
National Science Foundation, National Institute of Standards and
Technology, and the Critical Infrastructure Protection Board.

Starnes said that although the group - which was given seed money by
the Oregon Economic Development Department - has spent less than
$100,000, the next two phases are projected to cost about $6.5
million.

He said that the recently passed Cyber Security Research and
Development Act (S. 2182), which would provide more than $900 million
over five years for cybersecurity research and development, may be a
funding option.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.