GSA fleshes out intrusion net plan

[William Knowles <wk () C4I ORG>]

http://www.fcw.com/fcw/articles/2000/0612/news-fidnet-06-12-00.asp

BY Diane Frank
06/12/2000

The General Services Administration is moving forward with its plans
to build a governmentwide system to monitor agency networks for
cyberattacks, but it is taking a slightly different tack than
originally announced.

GSA last week released the draft request for proposals for the Federal
Intrusion Detection Network (FIDNet) but said the document, while
bringing it one big step closer to an acquisition, has plenty of room
for change.

"Were trying to make sure that anything we structure makes business
sense," said Darwyn Banks, FIDNet program manager at GSA.

FIDNet is intended to gather and correlate information about suspected
attacks from intrusion-detection system sensors already in place at
civilian agencies. When announcing the project last summer, GSA said
it hoped to work with security vendors to develop a solution based on
emerging technology because existing tools would not meet the agencys
requirements.

GSA still wants vendors to develop that technology, but the agency
said it hopes to take advantage of a new commercial security offering
known as managed security services.

Central to FIDNet is the ability to notice an attack against multiple
agencies while it is happening, making it possible to defend against
the attack. Most agencies simply do not have enough expertise in-house
to manage a response strategy, and FIDNet is designed to automate that
function.

The multisystem concept behind FIDNet will still require vendors to
take their technology beyond its current capabilities.
Intrusion-detection systems can read the output only from their own
sensors, and the FIDNet system will need to read reports from the many
sensors that agencies have installed across their networks.

GSA is still looking for a system to collect and correlate that
information, but the agency also wants to hire one or more vendors to
monitor the system and feed it to the FIDNet program office. The
vendor may work off-site or within the FIDNet office. "Were no longer
looking at a government-only solution. This is the same thing thats
happening in the dot-com world," Banks said. "Its certainly reflective
of where the industry is going, [which is toward] managed security
services rather than going out and hiring lots of bodies," said Cal
Shintani, vice president of business development at Trident Data
Systems Inc. "And the FIDNet concept has really changed. Now it really
is just an intrusion-detection alert system and most of the action
happens at the agencies."

With the new approach, the FIDNet program office will rely on the
vendors to monitor and report on the information gleaned from
intrusion-detection systems already in place at civilian agencies.
Using the reports that agencies decide to send on to the FIDNet
system, the program office, housed at GSAs Federal Computer Incident
Response Capability (FedCIRC), will then be able to diagnose in real
time whether a concerted, governmentwide attack is occurring.

FedCIRC, working with the National Infrastructure Protection Centers
Analysis and Warnings Unit, will help any agencies under attack and
issue alerts. FedCIRC also will forward information collected by
FIDNet to the FBI if necessary.

But the almost $12 million request for FIDNet, like many of the other
security programs proposed by the president in his National Plan for
Information Systems Protection, is having problems making it through
appropriations committees in Congress.

So although the original plan was to offer the basic level of service
to agencies free of charge, the draft RFP is written in such a way
that it will be easy to make the program a fee-for-service offering,
with a small fee to enable operations of the FIDNet program office,
Banks said.

GSA plans to have all comments back by June 23 and start developing
the final RFP for release early next fiscal year, Banks said.

Industry is the primary intended audience, but GSA has also notified
agencies, Congress and privacy organizations of the drafts release
because all of those groups have been following the program closely,
he said.

"Were expecting to get comments from a variety of sources," Banks
said. "All CIOs were notified, the privacy groups, congressional
staffers everyone who has an interest."

FIDNet first caught the attention of the non-vendor community last
July when a newspaper erroneously reported that the program would
monitor both federal and private-sector networks. Since then, privacy
groups and members of Congress have been paying close attention and
speaking out for and against FIDNet at hearings.at your service

GSA envisions FIDNet offering agencies three levels of security
services: Standard: Monitor intrusion-detection sensor output, provide
analysis and response.

Plus: Monitor intrusion-detection sensor output, provide analysis and
response and provide reports.

Full: Monitor intrusion-detection sensor output, provide reports and
manage security devices for the customer.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".