Feds Move to Secure Net

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.eweek.com/article2/0,3959,922570,00.asp

By Dennis Fisher
March 10, 2003 

SAN DIEGO -- The White House and the new Department of Homeland
Security have begun in earnest the process of implementing the plan to
secure the nation's critical networks - starting with extensive
changes in the federal security infrastructure.

The most significant move is the development of a private, 
compartmentalized network that will be used by federal agencies and 
private-sector experts to share information during large-scale 
security events, government officials said at the National Information 
Assurance Leadership conference here last week.

The system is part of the newly created Cyber Warning Information 
Network, a group of organizations including the National 
Infrastructure Protection Center, the Critical Infrastructure 
Assurance Office and others that have some responsibility for the 
security of federal systems. The private-sector Information Sharing 
and Analysis Centers will also be included.

The Cyber Warning Information Network, a key part of the Bush 
administration's National Strategy to Secure Cyberspace, will use a 
secure, private IP network separate from the public Internet, 
according to officials. The government currently has seven nodes 
running, said Marcus Sachs, seen on left, director of communications 
infrastructure protection at the Office of Cyberspace Security, in 
Washington.

Sachs, speaking at the conference here, which was put on by The SANS 
Institute, pointed to last week's handling of the critical 
vulnerability in the Sendmail Mail Transfer Agent package as a prime 
example of how such back-channel communication between vendors, 
researchers and the government can help protect end users. Researchers 
at Internet Security Systems Inc., in Atlanta, discovered the 
vulnerability in mid-February and immediately notified officials at 
the White House and the Department of Homeland Security.

The government quietly spread the word among federal agencies and, 
along with ISS, began contacting the affected vendors. After the 
vendors developed patches, the fixes were deployed quickly on critical 
government, military and private-sector machines before the official 
announcement of the vulnerability.

However, some in the security community say that until the CWIN is 
fully operational and proven, they'll continue to use existing 
methods.

"I would not have used CWIN for Sendmail. There are too many questions 
about something that has not been fully deployed," said Pete Allor, 
manager of the threat intelligence service at ISS and director of 
operations at the Information Technology ISAC. "I'd like to know who 
I'm transmitting information to and the rules for dissemination.

"My two biggest concerns are having private-sector information on a 
government network and if Congress withdraws the [Freedom of 
Information Act] exemption, there won't be any reason for private 
companies to use [the CWIN]," Allor said. While speculation exists, to 
date no bill has been introduced to remove the FOIA exemption in the 
Homeland Security Act.

As part of the plan to improve security, the CIO of each federal 
agency is, by statute, now accountable for the security of that 
agency's network. This is a significant change, considering the lack 
of responsibility permeating government security efforts.

"This is the first time this has ever happened," Sachs said. "It used 
to be that it was their job, but they just said, 'Yeah, I guess we're 
secure.'"

The internal structure of the government's security apparatus is also 
undergoing some major changes, officials said. The President's 
Critical Infrastructure Protection Board, formerly part of the Office 
of Cyberspace Security, is now part of the Homeland Security Council. 
But that may not be where it ends up. There are indications that the 
board may end up as part of the Department of Homeland Security.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.