[ISN] Intrusion-detection net revived

From: InfoSec News (isnat_private)
Date: Wed May 29 2002 - 02:48:06 PDT

  • Next message: InfoSec News: "[ISN] Bug hunter reports flaw in Excel"

    Forwarded from: William Knowles <wkat_private>
    By Diane Frank 
    May 27, 2002
    The General Services Administration and Carnegie Mellon University
    this fall will start testing a new technology to analyze and report on
    patterns in the cyber intrusion information gathered across
    government, an idea that was first floated and eventually sunk two
    years ago.
    The data analysis capability (DAC) being developed by the CERT
    Coordination Center for GSA's Federal Computer Incident Response
    Center will analyze data already being collected by intrusion-
    detection systems at many agencies, said Sallie McDonald, assistant
    commissioner for information assurance and critical infrastructure
    protection at GSA.
    Those systems typically report on unusual or unauthorized network
    activity that might indicate that someone is attempting to attack or
    break into agency systems. The DAC will gather data from the sensors
    or from agencies' own analyses at a central point within FedCIRC for
    identification of potential vulnerabilities and attacks.
    That analysis will then be shared with participating agencies, along
    with steps to protect against, react to or recover from any incidents,
    McDonald said. FedCIRC is the overarching source for security incident
    warnings and analysis for all civilian agencies.
    The idea of a governmentwide system for analyzing intrusion-detection
    data first emerged in 1999 as part of the Clinton administration's
    National Plan for Information Systems Protection.
    Privacy concerns raised by advocacy groups and Congress after
    erroneous reports that the analysis would be performed on
    private-sector networks as well as government networks forced GSA and
    the administration to withdraw the proposed Federal Intrusion
    Detection Network in 2000.
    Even as more agencies turn to vendors for intrusion data analysis
    within their own networks, this type of centralized analysis
    capability is a necessary tool for raising the entire government's
    information security posture, said Amit Yoran, a former director of
    the Defense Department CERT's Vulnerability Assessment and Assistance
    And it is technically feasible to analyze the vast amount of
    information that the DAC will have to handle from all of the civilian
    agencies, said Yoran, co-founder of Riptech, a managed security
    services company. Riptech handles approximately 2 terabytes of
    incident information every day from all of its government and industry
    clients, he said.
    As an incentive for agencies, GSA will allow participants in the pilot
    project to use the technology to analyze their own incident
    information in real time, McDonald said. That analysis will then be
    sent to FedCIRC to map the governmentwide incident and vulnerability
    If the pilot project is successful, the DAC is expected to reach full
    operating ability in fiscal 2003, she said.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed May 29 2002 - 06:24:54 PDT