October 31, 2003
Volume 1, Number 6
|
Read What DoD
Information Assurance
Experts Said At
2003
Transforming Information Assurance: DoD's Roadmap for the Future
Robert F. Lentz
Director of Information Assurance
Office of the Assistant Secretary of Defense Networks
and Information Integration/CIO
Click Here To View Presentation
|
|
Submit your press releases,white papers and case studies on innovation and best practices, click here | |
|
FIAC 2003 SPECIAL COVERAGE
|
Expert Views from CERT's Hale
“Live Wire” Puts New Cyber Security Processes to Test
The recently formed National Cyber Security Division of the Homeland Security department is running its Live Wire test this week to determine where “gaps” might be in the ability of the government and critical infrastructure to respond to serious cyber events like the Blaster or Cisco IOS attacks the Internet experienced earlier this year.
Lawrence Hale, acting director of US CERT, said Live Wire is being conducted after a period in which NCSD began building more formal cyber response processes to deal with attacks. US CERT (Computer Emergency Response Team) is the federal government’s cyber event first responder group.
A Busy Summer
“Over the course of the summer we dealt with the CISCO IOS vulnerability, we dealt with Microsoft Blaster, we dealt with So.Big,” he told the Federal Information Assurance Conference (FIAC) last week. “We had a busy summer to keep building on our processes and procedures.”
Both NCSD and the new Terrorist Threat Integration Center also worked the cyber side of the Aug. 14 northeast power blackout, FIAC speakers said.
|
While providing few details, Hale said the Live Wire drill includes several agencies and academic institutions in “another process we will go through to help us baseline our capabilities.” The exercise will amount to a “shakedown to either validate the processes we have or highlight any gaps in the processes.”
|
A New Coordinated Response
Hale said that prior to the formation of NCSD in June, “the way the government coordinated cyber incidents and events…was based entirely on personalities—on who knew whom in what company, and a lot of coordination took place from the Office of Cyber Security, Dick Clarke’s [former] office” in the White House.
But the White House “doesn’t want to perform operational tasks, it wants to focus on policy, and they want the departments to do the implementation and operational stuff,” Hale said. He gave the conference a snapshot of how the new division functions:
“Cisco IOS [and the other events] gave us a chance to work closely with the vendors, the academic community, the CERT CC [at Carnegie-Mellon University], the trade associations, and the government agencies. We had teleconferences with agencies and with 22 trade associations. We got good information in, we processed it, and came up with actionable information to give out to people.
“We worked with the CIO Council, we helped identify the systems in government and identify the steps needed to protect government systems and critical infrastructure systems, of which I’m sure you know 80 to 90 percent in the U.S. are owned and operated by the private sector.”
While providing few details, Hale said the Live Wire drill includes several agencies and academic institutions in “another process we will go through to help us baseline our capabilities.” The exercise will amount to a “shakedown to either validate the processes we have or highlight any gaps in the processes.”
New NCSD Requirements
NCSD is a transitional group that absorbed many of the requirements of last year’s White House national cyber security strategy. It encompasses tasks formerly performed by entities pre-dating DHS now gathered under the new NCSD/US CERT banner.
NCSD’s new director, Amit Yoran, formerly of Symantec Corp., took over the division about a week before the Live Wire drill.
At the FIAC conference, Hale also noted it was only a matter of a few minutes after the northeast power grid failed in August that NCSD was looking for “spikes” or any evidence of “unusual cyber activity.” The lack of such activity might have been reported to the Terrorist Threat Integration Center, where DHS, the CIA, FBI and other anti-terror analysts are co-located.
“I can tell you that within ten minutes of the blackout, TTIC was involved working with components around the government to determine whether or not we thought it was a terrorist act,” said Joseph Augustyn, the CIA’s senior advisor to TTIC.
“We got calls from the White House within ten or fifteen minutes to determine if it was potentially a terrorist event, and we quickly determined it wasn’t,” he said.
The Federal Business Council’s FIAC conference was held in College Park, Md. Oct. 21-23. For more about NCSD, visit www.us-cert.gov.
This article was written by Robert Green, Public Sector Institute senior editor. Green covered FIAC and can be reached at RobertGreen@PubSector.net. |
