Forwarded from: William Knowles <wk@private> http://www.nwfusion.com/news/2004/083004nastd.html By Tim Greene Network World 08/30/04 PROVIDENCE, R.I. - Looking to gauge the risk of attacks against their networks, state officials this week will vote on new measures that would assess threats and dictate specific actions to take to protect key resources. If adopted, the common alert-level procedures would color-code the threat to state networks and recommend action to take in response to specific threats. The proposed cybersecurity alert system would establish a secure Web site state officials could tap to determine why each state has the security ranking it does and whether they should take action based on what other states experience. Homeland security ranked among the key topics considered last week at the National Association of State Telecommunications Directors (NASTD). The state network executives also shared experiences with VoIP, and concerns about public-safety networks, the threat of worms to state agencies, making more efficient use of existing infrastructure and getting enough staff to carry out their duties. NASTD members were warned that coordinated attacks against their networks could be a tactic terrorists use. "We should regard cyberterrorism as a weapon of mass destruction," said William Pelgrin, chairman of the Multistate Information Sharing and Analysis Center (MS-ISAC), which he coordinates through the New York State Office of Cyber Security & Critical Infrastructure Coordination. The system will be very specific, Pelgrin said. "If we went to yellow, it would tell you why and what you need to do right now. It might be: Block Port 445 until a patch comes out." MS-ISAC has been developing for more than a year and already has helped out member states. During last August's week of worm outbreaks, Arkansas sought and received help to restore its affected network segments, said Claire Bailey, the director of its the state's department of information systems. MS-ISAC is an informal group set up at the request of the Department of Homeland Security (DHS) to gather and share data about critical state government networks with the goal of protecting them from potential cyberattacks that could threaten public health and safety. While Pelgrin said the full cyber-evaluation criteria are secret, he said the appraisal takes into consideration events outside the networks. For instance, New York has been ranked as blue or "guarded" solely because the Republican National Convention is being held this week in New York City, Pelgrin said, not because of network problems. Montana, which shares a 600-mile border with Canada, is seeking grants to upgrade law-enforcement radio networks so local, county, state and federal agencies can talk to each other, said Carl Hotvedt, chief of the network technology services bureau for the state's information services division. "The problem is a lot of different systems that don't talk to each other," he said. Federal agents at a remote border crossing recently needed help from the local police 10 miles away, but their radios used different frequencies. "The border patrol needed backup but couldn't contact the local sheriff," Hotvedt said. Homeland security has given new momentum to a 15-year project to better integrate public safety radio networks, said R.D. Porter, security services manager for the Missouri division of information services. Wyoming, Virginia, Florida and Arizona are among states either planning or revamping their radio networks to interoperate better, he said. While radio network concerns are somewhat far afield from the concerns of corporate IT executives, other worries are the same. In Pennsylvania the state's acting telecom director is concerned about security of desktops and the threat of worms and viruses shutting down networks for extended times. That translates into a pending proposal to beef up authentication of desktops and servers before they are allowed access to the network, said Charles Strubel, acting director of Pennsylvania's telecom services bureau. He said software to make sure these devices have necessary patches installed would protect networks from worms and Trojans. Software or hardware to segregate network segments that get infected would limit the effects of outbreaks and keep services closer to normal levels, he said. Strubel also is looking at building redundant fiber rings to serve schools in the northern part of the state to handle dual purposes. They would deliver needed connectivity for inter-school communication and distance learning. But redundant fiber also would support the schools' role as disaster shelters and command centers by providing high-speed links to emergency agencies. North Dakota already has a statewide ATM-over-SONET network on which it wants to overlay networks for police agencies to connect via encrypted paths, said Glen Rutherford, network architect for the state's IT department. His proposal to the DHS would make use of North Dakota's existing network to carry traffic that was secured at each end by separate firewalls, authentication software and encryption devices. If it is successful, other states could adopt the model and link their networks to share information, he said. North Dakota also is seeking funding to back up its data centers to keep key state agencies operating if a disaster strikes its primary site, said Mike Ressler, deputy to the CIO of the state's IT department. West Virginia has applied for grants to install redundant routers and other network gear to make the state's networks more resilient against attacks, said Deepesh Randeri, manager of state network infrastructure in the department of administration. In some states, homeland security is more basic, such as extending 911 services to all state facilities, as in the case of Oklahoma. A DHS grant paid for upgrades to PBX software so 911 calls would accurately reflect where a caller was located and interoperate with the public 911 emergency call system. Mississippi is looking for more staff to keep up with its network security needs, said Jimmy Webster, data network manager for the department of IT services. He said he only has four staff members who work on security in addition to other duties. While DHS grants are available, Webster said some federal mandates still leave the states short of cash. "There's still a lack of effort to fund some of the things we need to do today," he said. And physical security, such as protecting airports and bridges, seem to take precedence over protecting networks. "If you compete for money, cyber will lose 90% of the time and physical will win," he said. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Aug 31 2004 - 01:55:01 PDT