[ISN] Consortium demos secure network

From: InfoSec News (isnat_private)
Date: Fri Nov 15 2002 - 03:20:19 PST

  • Next message: InfoSec News: "[ISN] Security 'impossible' for Win9x, buy XP now, says MS exec"

    By Dibya Sarkar 
    Nov. 14, 2002
    A public/private consortium in Oregon is developing a secure
    information network that was created as a direct result of homeland
    security concerns.
    The consortium responsible for developing the Oregon Trial of
    Emergency and Security Technology (O-TEST) demonstrated the model in
    Washington, D.C., Nov. 13.
    "It is a protocol of communication that is IP-based and lives on top
    of a public network that provides a secure point-to-point data
    interchange," said Wyatt Starnes, president and chief executive
    officer of Tripwire Inc. and a member of the board of directors of
    RAINS - the Oregon Regional Alliance for Information and Network
    The consortium was formed as a direct result of the Sept. 11, 2001,
    attacks, Starnes said, to improve the cybersecurity of government
    systems and critical infrastructures, such as banking and finance,
    transportation, electricity, water and communication systems. It is
    made up of more than 40 Oregon-based cybersecurity and technology
    companies and the Oregon University System, supported by several state
    and Portland government agencies.
    The federal government's call for private partnership in solving such
    problems also spurred formation of the group.
    Charles Jennings, RAINS board chairman and the CEO of Swan Island
    Networks Inc., said that before Sept. 11, the public and private
    sectors focused on technology performance, proficiency and mass
    penetration. "Security at best was a very poor stepchild," he said.  
    Now people realize cybersecurity is important, but there's still a lot
    of work to do.
    RAINS officials believe O-TEST is a step in the right direction.
    Charlie Kawasaki, a board member and CEO of RuleSpace Inc., said
    O-TEST is not intended to be the technological answer, but it should
    be regarded as an ongoing test environment that is constantly
    evolving. "The ultimate goal is to build a blueprint of best
    practices," he said.
    O-TEST is not a peer-to-peer system, but does facilitate secure and
    encrypted information sharing using rich media and other technologies.  
    Officials called O-TEST a work in progress that can be deployed on any
    platform, upgraded with new technologies, or can act as a complement
    to the existing systems of an organization.
    It is aimed at first responders, critical infrastructure owners and
    operators, and to all levels of the public sector.
    The demonstration Nov. 13 showed a suspicious vessel heading up the
    Columbia River toward Portland. Immediately the city's emergency
    operations center  which would likely be in charge of such an
    incident  was notified and, in turn, sent notifications to
    appropriate agencies, whether 911 centers, police and fire
    departments, and other city agencies.
    A user would get the notification on his terminal and then use an
    authentication tool - such as a digital watermark embedded in the
    user's identification card - to log on to the secure network. The user
    could then get a description of the incident as well as a photograph
    of the vessel, audio files of individuals in the field, satellite
    imagery and other pertinent geographic images.
    If the vessel began discharging toxic gas or liquid, system users
    could see which ports have been secured, or download information about
    how to contain the gas or spill. Other news and information could be
    accessed as well.
    Jennings said a key design principle of O-TEST is survivability.  
    Information wouldn't be stored in one central database, but locally.  
    So if one system goes down, other O-TEST nodes would have information
    and still be linked.
    By early next year, the nonprofit organization hopes to have the
    system deployed for testing in the Portland area. That would be
    followed by a second phase where more regions or states would be set
    up with the system.
    Jennings said the group also is talking with officials in Pennsylvania
    and Virginia. The National Governors Association has asked for a
    demonstration as well as the Defense Department's Advanced Concept
    Technology Demonstration, a program designed to fund the rapid
    fielding of new technology.
    The group has also gotten support from Oregon Sen. Ron Wyden, the
    National Science Foundation, National Institute of Standards and
    Technology, and the Critical Infrastructure Protection Board.
    Starnes said that although the group - which was given seed money by
    the Oregon Economic Development Department - has spent less than
    $100,000, the next two phases are projected to cost about $6.5
    He said that the recently passed Cyber Security Research and
    Development Act (S. 2182), which would provide more than $900 million
    over five years for cybersecurity research and development, may be a
    funding option.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Nov 15 2002 - 05:57:10 PST