October 31, 2003
Volume 1, Number 6

Lawrence Hale, US CERT
“Live Wire” Puts New Cyber Security Processes to Test

The recently formed National Cyber Security Division of the Homeland Security department is running its Live Wire test this week to determine where “gaps” might be in the ability of the government and critical infrastructure to respond to serious cyber events like the Blaster or Cisco IOS attacks the Internet experienced earlier this year.

Lawrence Hale, acting director of US CERT, said Live Wire is being conducted after a period in which NCSD began building more formal cyber response processes to deal with  attacks. US CERT (Computer Emergency Response Team) is the federal government’s cyber event first responder group.

“Over the course of the summer we dealt with the CISCO IOS vulnerability, we dealt with Microsoft Blaster, we dealt with So.Big,” he told the Federal Information Assurance Conference (FIAC) last week. “We had a busy summer to keep building on our processes and procedures.”

Both NCSD and the new Terrorist Threat Integration Center also worked the cyber side of the Aug. 14 northeast power blackout, FIAC speakers said.

A New Coordinated Response
 

Hale said that prior to the formation of NCSD in June, “the way the government coordinated cyber incidents and events…was based entirely on personalities—on who knew whom in what company, and a lot of coordination took place from the Office of Cyber Security, Dick Clarke’s [former] office” in the White House.

But the White House “doesn’t want to perform operational tasks, it wants to focus on policy, and they want the departments to do the implementation and operational stuff,” Hale said. He gave the conference a snapshot of how the new division functions:

“Cisco IOS [and the other events] gave us a chance to work closely with the vendors, the academic community, the CERT CC [at Carnegie-Mellon University], the trade associations, and the government agencies. We had teleconferences with agencies and with 22 trade associations. We got good information in, we processed it, and came up with actionable information to give out to people.

“We worked with the CIO Council, we helped identify the systems in government and identify the steps needed to protect government systems and critical infrastructure systems, of which I’m sure you know 80 to 90 percent in the U.S. are owned and operated by the private sector.”

NCSD’s new director, Amit Yoran, formerly of Symantec Corp., took over the division about a week before the Live Wire drill.

This Summer's Northeast Blackout
 

At the FIAC conference, Hale also noted it was only a matter of a few minutes after the northeast power grid failed in August that NCSD was looking for “spikes” or any evidence of “unusual cyber activity.” The lack of such activity might have been reported to the Terrorist Threat Integration Center, where DHS, the CIA, FBI and other anti-terror analysts are co-located.

“I can tell you that within ten minutes of the blackout, TTIC was involved working with components around the government to determine whether or not we thought it was a terrorist act,” said Joseph Augustyn, the CIA’s senior advisor to TTIC.

“We got calls from the White House within ten or fifteen minutes to determine if it was potentially a terrorist event, and we quickly determined it wasn’t,” he said.

The Federal Business Council’s FIAC conference was held in College Park, Md. Oct. 21-23. For more about NCSD, visit www.us-cert.gov.

This article was written by Robert Green, Public Sector Institute senior editor. Green covered FIAC and can be reached at RobertGreen@PubSector.net.

E-Mail a Friend