USAF learns to live with cyber attackers

[InfoSec News <isn () C4I ORG>]

http://web.lexis-nexis.com/more/cahners-chicago/11407/5907060/3

International Defense Review
SECTION: DEFENSE ELECTRONICS AND COMPUTING; Vol. 33; No. 6
June 1, 2000

The US Air Force Research Laboratory (AFRL) has adopted a new approach
to information assurance with its Data Resiliency in Information
Warfare (DRIW) program, for which a Northrop Grumman team - involving
the company's Electronic Sensors and Systems Sector, together with its
Logicon subsidiary - will deliver a study report and demonstration
system in July. According to Dr Stephen Taylor, the DRIW program
manager at AFRL, efforts in this field over the past decade have
generally focused on a 'Maginot Line' approach involving network
security measures, electronic firewalls and intrusion sensors. Hackers
and malicious insiders, however, can exploit speed, mobility and
deception to maneuver behind firewalls, rendering the concept of
"outside" meaningless. Instead, says Dr Taylor, operators of
computer-based systems must learn to tolerate - and even welcome -
intruders. This has led to the concept of information resiliency
embraced by the DRIW program.

The demonstration system, hosted on a laptop computer running Windows
NT, shows the effects of, and response to, an attempt to corrupt the
air tasking order (ATO) forming part of a command-and- control battle
management system.

Even a simple modification of the data contained in the ATO (such as
changing co-ordinates to instruct aerial tankers to fly to one
location, and direct the fighters they are to refuel to another
position) can have disastrous effects. The software developed by
Northrop Grumman and other team members, including Modus Operandi and
the Center for Secure Information Systems at George Mason University,
counters such an alteration by storing multiple identical copies of
data in different locations within a database.

Any unauthorized change to any of these copies can easily be detected
and reversed, using the stored "good" data to replace those that have
been corrupted. "Adaptive resource-recovery agents" within the
software also have knowledge of what constitutes consistency within
the ATO, and can thus recognize values that are outside normal
parameters.

The objectives of the DRIW program are to develop and demonstrate
techniques that can recover from attacks on and intrusions into combat
computer systems, repair any damage, and verify the integrity of the
reconstituted version; and to dovetail this work with forensic
collection capabilities that provide intelligence to planners. The
effort draws on earlier work conducted by AFRL, such as the Rapid
Information Recovery for Real Time Intruded Systems project that
developed the first concepts of minimal essential datasets and the
half-life of information. The UK Ministry of Defence and the Defence
Evaluation and Research Agency have adopted similar principles for the
work they are conducting in this field, which also involves Northrop
Grumman (see IDR 2/2000, p22).

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".