http://www.fcw.com/geb/articles/2002/1111/web-oregon-11-14-02.asp By Dibya Sarkar Nov. 14, 2002 A public/private consortium in Oregon is developing a secure information network that was created as a direct result of homeland security concerns. The consortium responsible for developing the Oregon Trial of Emergency and Security Technology (O-TEST) demonstrated the model in Washington, D.C., Nov. 13. "It is a protocol of communication that is IP-based and lives on top of a public network that provides a secure point-to-point data interchange," said Wyatt Starnes, president and chief executive officer of Tripwire Inc. and a member of the board of directors of RAINS - the Oregon Regional Alliance for Information and Network Security. The consortium was formed as a direct result of the Sept. 11, 2001, attacks, Starnes said, to improve the cybersecurity of government systems and critical infrastructures, such as banking and finance, transportation, electricity, water and communication systems. It is made up of more than 40 Oregon-based cybersecurity and technology companies and the Oregon University System, supported by several state and Portland government agencies. The federal government's call for private partnership in solving such problems also spurred formation of the group. Charles Jennings, RAINS board chairman and the CEO of Swan Island Networks Inc., said that before Sept. 11, the public and private sectors focused on technology performance, proficiency and mass penetration. "Security at best was a very poor stepchild," he said. Now people realize cybersecurity is important, but there's still a lot of work to do. RAINS officials believe O-TEST is a step in the right direction. Charlie Kawasaki, a board member and CEO of RuleSpace Inc., said O-TEST is not intended to be the technological answer, but it should be regarded as an ongoing test environment that is constantly evolving. "The ultimate goal is to build a blueprint of best practices," he said. O-TEST is not a peer-to-peer system, but does facilitate secure and encrypted information sharing using rich media and other technologies. Officials called O-TEST a work in progress that can be deployed on any platform, upgraded with new technologies, or can act as a complement to the existing systems of an organization. It is aimed at first responders, critical infrastructure owners and operators, and to all levels of the public sector. The demonstration Nov. 13 showed a suspicious vessel heading up the Columbia River toward Portland. Immediately the city's emergency operations center — which would likely be in charge of such an incident — was notified and, in turn, sent notifications to appropriate agencies, whether 911 centers, police and fire departments, and other city agencies. A user would get the notification on his terminal and then use an authentication tool - such as a digital watermark embedded in the user's identification card - to log on to the secure network. The user could then get a description of the incident as well as a photograph of the vessel, audio files of individuals in the field, satellite imagery and other pertinent geographic images. If the vessel began discharging toxic gas or liquid, system users could see which ports have been secured, or download information about how to contain the gas or spill. Other news and information could be accessed as well. Jennings said a key design principle of O-TEST is survivability. Information wouldn't be stored in one central database, but locally. So if one system goes down, other O-TEST nodes would have information and still be linked. By early next year, the nonprofit organization hopes to have the system deployed for testing in the Portland area. That would be followed by a second phase where more regions or states would be set up with the system. Jennings said the group also is talking with officials in Pennsylvania and Virginia. The National Governors Association has asked for a demonstration as well as the Defense Department's Advanced Concept Technology Demonstration, a program designed to fund the rapid fielding of new technology. The group has also gotten support from Oregon Sen. Ron Wyden, the National Science Foundation, National Institute of Standards and Technology, and the Critical Infrastructure Protection Board. Starnes said that although the group - which was given seed money by the Oregon Economic Development Department - has spent less than $100,000, the next two phases are projected to cost about $6.5 million. He said that the recently passed Cyber Security Research and Development Act (S. 2182), which would provide more than $900 million over five years for cybersecurity research and development, may be a funding option. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 05:57:10 PST