[ISN] Feds Move to Secure Net

From: InfoSec News (isnat_private)
Date: Tue Mar 11 2003 - 02:47:31 PST

  • Next message: InfoSec News: "[ISN] One printer, one virus, one disabled Iraqi air defence"

    Forwarded from: William Knowles <wkat_private>
    By Dennis Fisher
    March 10, 2003 
    SAN DIEGO -- The White House and the new Department of Homeland
    Security have begun in earnest the process of implementing the plan to
    secure the nation's critical networks - starting with extensive
    changes in the federal security infrastructure.
    The most significant move is the development of a private, 
    compartmentalized network that will be used by federal agencies and 
    private-sector experts to share information during large-scale 
    security events, government officials said at the National Information 
    Assurance Leadership conference here last week.
    The system is part of the newly created Cyber Warning Information 
    Network, a group of organizations including the National 
    Infrastructure Protection Center, the Critical Infrastructure 
    Assurance Office and others that have some responsibility for the 
    security of federal systems. The private-sector Information Sharing 
    and Analysis Centers will also be included.
    The Cyber Warning Information Network, a key part of the Bush 
    administration's National Strategy to Secure Cyberspace, will use a 
    secure, private IP network separate from the public Internet, 
    according to officials. The government currently has seven nodes 
    running, said Marcus Sachs, seen on left, director of communications 
    infrastructure protection at the Office of Cyberspace Security, in 
    Sachs, speaking at the conference here, which was put on by The SANS 
    Institute, pointed to last week's handling of the critical 
    vulnerability in the Sendmail Mail Transfer Agent package as a prime 
    example of how such back-channel communication between vendors, 
    researchers and the government can help protect end users. Researchers 
    at Internet Security Systems Inc., in Atlanta, discovered the 
    vulnerability in mid-February and immediately notified officials at 
    the White House and the Department of Homeland Security.
    The government quietly spread the word among federal agencies and, 
    along with ISS, began contacting the affected vendors. After the 
    vendors developed patches, the fixes were deployed quickly on critical 
    government, military and private-sector machines before the official 
    announcement of the vulnerability.
    However, some in the security community say that until the CWIN is 
    fully operational and proven, they'll continue to use existing 
    "I would not have used CWIN for Sendmail. There are too many questions 
    about something that has not been fully deployed," said Pete Allor, 
    manager of the threat intelligence service at ISS and director of 
    operations at the Information Technology ISAC. "I'd like to know who 
    I'm transmitting information to and the rules for dissemination.
    "My two biggest concerns are having private-sector information on a 
    government network and if Congress withdraws the [Freedom of 
    Information Act] exemption, there won't be any reason for private 
    companies to use [the CWIN]," Allor said. While speculation exists, to 
    date no bill has been introduced to remove the FOIA exemption in the 
    Homeland Security Act.
    As part of the plan to improve security, the CIO of each federal 
    agency is, by statute, now accountable for the security of that 
    agency's network. This is a significant change, considering the lack 
    of responsibility permeating government security efforts.
    "This is the first time this has ever happened," Sachs said. "It used 
    to be that it was their job, but they just said, 'Yeah, I guess we're 
    The internal structure of the government's security apparatus is also 
    undergoing some major changes, officials said. The President's 
    Critical Infrastructure Protection Board, formerly part of the Office 
    of Cyberspace Security, is now part of the Homeland Security Council. 
    But that may not be where it ends up. There are indications that the 
    board may end up as part of the Department of Homeland Security.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 04:58:14 PST