[ISN] Feds plan cybersecurity center

From: InfoSec News (isnat_private)
Date: Tue Sep 03 2002 - 23:52:11 PDT

  • Next message: InfoSec News: "[ISN] Black Alchemy's Fake AP"

    http://www.computerworld.com/governmenttopics/government/policy/story/0,10801,73922,00.html
    
    By DAN VERTON 
    SEPTEMBER 02, 2002
    Washington 
    
    As the White House last week began putting the final touches on its
    long-awaited National Plan for Protecting Cyberspace, administration
    officials took issue with a press report that suggested the plan would
    include provisions to expand the government's data collection and
    surveillance.
    
    The plan, which is scheduled to be released Sept. 18 during a ceremony
    at Stanford University, does include a provision to build a
    cybersecurity network operations center. However, a published report
    suggesting that the NOC would collect and examine e-mail and data
    traffic from major Internet service providers and other private-sector
    companies is misleading and inaccurate, said Tiffany Olson, an
    assistant to Richard Clarke, chairman of the President's Critical
    Infrastructure Protection Board and the principal force behind the
    strategy.
    
    Olson said the published report is necessarily inaccurate because the
    plan hasn't even been finished.
    
    "There were many initial drafts, and many organizations provided
    input," she said. "But we've just started to finalize it this week."
    
    The concept of developing a federal NOC is definitely in the strategy,
    but not with the aim of gathering e-mail data or expanding government
    surveillance, Olson said. Rather, the federal NOC would be modeled
    after the Bethesda, Md.-based SANS Institute's Incidents.org Web site
    and Internet Storm Center, a virtual organization of advanced
    intrusion-detection analysts, forensics experts and incident handlers
    from across the globe.
    
    Howard Schmidt, co-chairman of the Critical Infrastructure Protection
    Board, told Computerworld last week that the plan is to simply ask for
    greater voluntary data sharing on matters such as viruses and worms.  
    He also stressed that establishing a central NOC isn't part of a plan
    to increase the government's surveillance of private data.
    
    Schmidt said the need for a central government NOC stems from the lack
    of a single collection point where government security can be
    analyzed. This central NOC would collect data from other government
    NOCs, such as the FBI's National Infrastructure Protection Center and
    the Pentagon's Joint Task Force for Computer Network Defense.
    
    These NOCs, in turn, would function in a fashion similar to the
    private sector's Information Sharing and Analysis Centers (ISAC) -
    alliances formed within vertical industries to improve information
    sharing about security vulnerabilities and threats.
    
    The SANS Storm Center uses advanced data correlation and visualization
    techniques to analyze data collected from more than 3,000 firewalls
    and intrusion-detection systems in more than 60 countries. "We're
    hoping the [ISACs] one day establish their own independent Storm
    Center network," said Alan Paller, director of the SANS Institute.
    
    And that may be much easier to do now that Redwood City, Calif.-based
    Check Point Software Technologies Ltd., which operates more than 63%
    of all firewalls worldwide, is adding a Storm Center client in every
    one of its 260,000 gateways, said Paller. "That means anyone who wants
    to set up a Storm Center network can just tell their members to turn
    on the client and point it to their network node," he said.
    
    A Work in Progress
    
    Although "sworn to secrecy" about the specific contents of the
    administration's plan, Harris Miller, president of the Arlington,
    Va.-based Information Technology Association of America, said last
    week that the plan remained "in a state of flux" and that any
    information made public to date "may or may not still be in the
    document when it is released."
    
    The Bush administration also plans to release a revision of the
    forthcoming plan as early as January, Schmidt said during a recent
    press briefing at the White House. The revision will include details
    on "definitive programs," he said. In addition, plans call for another
    seven town hall meetings to be held around the country after the Sept.  
    18 release, to gather more feedback from both the private sector and
    the general public, he said.
    
    Officials underscored the voluntary nature of the public/ private
    partnership, noting that the White House isn't legally capable of
    forcing any sort of data-sharing agreements on the private sector.  
    What the government can and plans to do, however, is "create
    government as a model," said Schmidt.
    
    In an interview with Computerworld last month, Clarke said the plan
    may include a governmentwide policy that requires all IT purchases to
    be independently certified for security prior to approval. Such a
    policy, which is currently in effect at the Defense Department, was
    being "looked at carefully," but at that point no decision had been
    made, he said.
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Sep 04 2002 - 02:07:11 PDT