Information Security News mailing list archives
USAF learns to live with cyber attackers
From: InfoSec News <isn () C4I ORG>
Date: Fri, 2 Jun 2000 10:41:24 -0500
http://web.lexis-nexis.com/more/cahners-chicago/11407/5907060/3 International Defense Review SECTION: DEFENSE ELECTRONICS AND COMPUTING; Vol. 33; No. 6 June 1, 2000 The US Air Force Research Laboratory (AFRL) has adopted a new approach to information assurance with its Data Resiliency in Information Warfare (DRIW) program, for which a Northrop Grumman team - involving the company's Electronic Sensors and Systems Sector, together with its Logicon subsidiary - will deliver a study report and demonstration system in July. According to Dr Stephen Taylor, the DRIW program manager at AFRL, efforts in this field over the past decade have generally focused on a 'Maginot Line' approach involving network security measures, electronic firewalls and intrusion sensors. Hackers and malicious insiders, however, can exploit speed, mobility and deception to maneuver behind firewalls, rendering the concept of "outside" meaningless. Instead, says Dr Taylor, operators of computer-based systems must learn to tolerate - and even welcome - intruders. This has led to the concept of information resiliency embraced by the DRIW program. The demonstration system, hosted on a laptop computer running Windows NT, shows the effects of, and response to, an attempt to corrupt the air tasking order (ATO) forming part of a command-and- control battle management system. Even a simple modification of the data contained in the ATO (such as changing co-ordinates to instruct aerial tankers to fly to one location, and direct the fighters they are to refuel to another position) can have disastrous effects. The software developed by Northrop Grumman and other team members, including Modus Operandi and the Center for Secure Information Systems at George Mason University, counters such an alteration by storing multiple identical copies of data in different locations within a database. Any unauthorized change to any of these copies can easily be detected and reversed, using the stored "good" data to replace those that have been corrupted. "Adaptive resource-recovery agents" within the software also have knowledge of what constitutes consistency within the ATO, and can thus recognize values that are outside normal parameters. The objectives of the DRIW program are to develop and demonstrate techniques that can recover from attacks on and intrusions into combat computer systems, repair any damage, and verify the integrity of the reconstituted version; and to dovetail this work with forensic collection capabilities that provide intelligence to planners. The effort draws on earlier work conducted by AFRL, such as the Rapid Information Recovery for Real Time Intruded Systems project that developed the first concepts of minimal essential datasets and the half-life of information. The UK Ministry of Defence and the Defence Evaluation and Research Agency have adopted similar principles for the work they are conducting in this field, which also involves Northrop Grumman (see IDR 2/2000, p22). ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- USAF learns to live with cyber attackers InfoSec News (Jun 02)