[ISN] Feds set up cyberfighting group

From: InfoSec News (isnat_private)
Date: Tue Sep 16 2003 - 04:25:22 PDT

  • Next message: InfoSec News: "[ISN] Linux Security Week - September 15th 2003"

    By John Borland 
    Staff Writer, CNET News.com
    September 15, 2003
    The U.S. Department of Homeland Security is teaming up with the Net's
    top virus-tracking facility to create an organization to fight
    The federal body said Monday that it was partnering with Carnegie
    Mellon University's CERT Coordination Center to create a new group
    that would work to prevent, monitor and respond to "cyberattacks"  
    across the Internet. The new US-CERT group is expected to focus on
    giving companies, digital security groups, federal agencies and others
    a venue for sharing critical information about security issues.
    "The recent cyberattacks--such as the Blaster worm and the Sobig
    virus--highlight the urgent need for an enhanced computer emergency
    response program that coordinates national efforts to cyberincidents
    and attacks," DHS Secretary Tom Ridge said in a statement.
    The new organization hopes to jump-start communication between
    companies, security researchers, networks and other entities affected
    by digital security problems, many of which have historically been
    loath to share detailed information on break-ins by hackers, software
    vulnerabilities or other security problems.
    A forum that allows those entities to talk directly to each other, as
    opposed to sharing bits of information through a central
    clearinghouse, has been slow to emerge--despite being long-viewed by
    security experts as one of the most critical needs of a computing
    community racing to keep up with virus-writers and mutating computer
    "Today most of the interaction between organizations is informal,
    happening on an ad-hoc basis," said Jeffrey Carpenter, manager of the
    Carnegie Mellon CERT center. "But I think organizations are coming to
    realize that they have to work together on this problem. We're much
    more powerful together than individually."
    Monday's announcement served primarily as notice to the security
    community that the new US-CERT would be soliciting participation from
    critical network-watchers and vulnerability-trackers, ranging from
    government organizations to Internet service providers.
    Carpenter said the new organization will likely spend the next few
    months signing up those partners, both in the United States and
    overseas, that can best provide insight into the current state of
    network vulnerabilities.
    Carnegie Mellon's CERT center, formed after the Morris worm attack in
    1988 as a clearinghouse for ongoing security bulletins and
    vulnerability information, has come closest to this goal to date.  
    Funded by the U.S. Department of Defense, it has played a key role in
    distributing information about virulent digital infections such as the
    recent MSBlast worm and the Sobig viruses.
    CERT has come under criticism from some in the security community for
    providing information about dangerous security issues first to the
    organizations that fund it, before releasing the same information to
    the community at large. Some technology professionals have recently
    said they now rely more heavily on the FBI-backed National
    Infrastructure Protection Center (NIPC).
    CERT itself will continue to operate as a clearinghouse for
    information on viruses, worms and other security issues, while the new
    body will act as a forum for direct discussion and
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Tue Sep 16 2003 - 07:16:32 PDT