GAO: US cyber security efforts are uncoordinated. A congressional report released on 22 July identifies no less than 50 different federal organizations sharing responsibility for protecting critical infrastructures from cyber attack, and warns that they're in desperate need of a consistent strategy to glue them together. The General Accounting Office found despite the tangle of bureaucracy thrown at the problem, critical networks remain vulnerable to cyber attack and that relationships among organizations performing similar critical infrastructure protection activities were ill-defined and inconsistent. The report urged the White House to better define the key federal agencies' cyber security roles in its upcoming National Strategy to Secure Cyberspace, due for release in September. (Security Focus, 22 Jul)
Cyber Security Research and Development Act
Cyber Security Research and Development Act - Authorizes appropriations, to the National Science Foundation (NSF) and to the Secretary of Commerce for the National Institute of Standards and Technology (NIST), to establish new programs and to increase funding for certain current programs for computer and network security research and development and research fellowships. Requires the NSF Director to award grants for computer and network security through the following: (1) basic research in innovative approaches to the structure of their hardware and software; (2) multidisciplinary research centers, through institutions of higher education (IHEs) or their consortia which may partner with government laboratories or for-profit institutions; (3) undergraduate and master's degree programs, as well as education-related grants under the Scientific and Advanced Technology Act of 1992; (4) graduate traineeships; and (5) graduate research fellowships. Amends the National Science Foundation Act of 1950 to include among NSF functions leading in supporting research and education activities to improve networked information systems' security. Amends the National Institute of Standards and Technology Act to require the NIST Director to establish a program of assistance to IHEs that enter into partnerships with for-profit entities to support research to improve the security of computer systems. Requires NIST to carry out specified types of intramural computer security research. Requires the NIST Director to arrange with the National Research Council of the National Academy of Sciences to study and report to Congress on critical infrastructure weaknesses.
Government Information Security Reform Act (GISRA) 2000
Federal Information Security Management Act (FISMA) 2002
-makes GISRA permanent-follow NIST policy without exception
Online InfoSec Books
Firewalls Complete
http://secinf.net/info/fw/complete/
Handbook of Applied Cryptography
http://www.cacr.math.uwaterloo.ca/hac/
Information Security Publications
http://www.washingtonpost.com/wp-dyn/technology/techpolicy/security/
Information Assurance News, Information Assurance Support Element
National Infrastructure Protection Center - Cybernotes
Daily CyberCrime and Security Report
http://www.newsfactor.com/perl/story/19151.html
Information Week – Security Tech Center
Network Magazine – Security Tutorials
Network World
http://www.nwfusion.com/topics/security.html
http://www.nwfusion.com/supp/security2002/
Computerworld-Security Knowledge Center
Computerworld-Security Special Report
Information Assurance Technology Analysis Center (IATAC)
Publishes IANewsletter. Good Reading on Government IA initiatives.
Intelligence Enterprise-Privacy and Security
http://www.intelligententerprise.com/info_centers/privacy/
Published by @stake, only online distribution, excellent publication
Security Focus Author Wong, Chief Executive Officer San Mateo, California
Author Wong, Chief Executive Officer
Oliver Friedrichs, Director of Engineering
Security Focus DeepSight Threat Management System, collects and correlates data from more than 14,000 network intrusion-detection, firewall and router devices located on thousands of university, corporate and government networks in 150 countries. Formerly called Attack Registry and Intelligence Service, it tracked its one-billionth security incident after 18 months in operation. SecurityFocus sold to Symantec in July 2002.
TechUpdate- Security
http://techupdate.zdnet.com/techupdate/filters/mrc/0,14175,6020424,00.html
The Encyclopedia of Computer Security
http://www.itsecurity.com/defaultie5.htm
Information Assurance Advisory Council
Network Security Library
http://secinf.net/policye/html
GAO: US cyber security efforts are uncoordinated. A congressional report released on 22 July identifies no less than 50 different federal organizations sharing responsibility for protecting critical infrastructures from cyber attack, and warns that they're in desperate need of a consistent strategy to glue them together. The General Accounting Office found despite the tangle of bureaucracy thrown at the problem, critical networks remain vulnerable to cyber attack and that relationships among organizations performing similar critical infrastructure protection activities were ill-defined and inconsistent. The report urged the White House to better define the key federal agencies' cyber security roles in its upcoming National Strategy to Secure Cyberspace, due for release in September. (Security Focus, 22 Jul)
Central Intelligence Agency
DCID 6/3
Information Security requirements for the Intelligence Community. Signed by CIA Director April 1999.
The National Colloquium for Information Systems Security Education (NCISSC) was created during 1997 to provide a forum for leading figures in government, industry and academia to work in partnership to define current and emerging requirements for information systems security education. The goal of the Colloquium is to influence and encourage the development of information security curricula, especially at the graduate and undergraduate levels. The Colloquium history and charter may be found at http://www.ncisse.org. Chairmanship of the Colloquium rotates annually among government, academia and industry. Check the website for information on the annual conference. An important outcome of the Colloquium is the sharing of knowledge and resources through Colloquium web sites which currently contain course materials on Ethics in Computing http://www.infosec.jmu.edu/computerethics, Risk Management, and Malicious Logic.
Appendix III to OMB Circular No. A-130 - Security of Federal Automated Information
http://www.osec.doc.gov/cio/oipr/newaiii.htm
Federal Agency Security Practices
NIST Computer Security Handbook
Common Criteria
http://niap.nist.gov/cc-scheme
International Common Criteria
FIPS 140-1 and 140-2 Specifications & Current Validation Modules
http://csrc.nist.gov/cryptval/
NIAP Validated Products List (VPL)
http://niap.nist.gov/cc-scheme/ValidatedProducts.html
http://niap.nist.gov/cc-scheme/PPRegistry.html
Information Assurance Technical Framework
NSA/NIST US Government recommended Protection Profiles
FedCIRC
http://www.fedcirc.gov/index.html
The U.S. Department of Energy- Computer Incident Advisory Capability
The Government Information Security
Reform Act is requiring action. The new Draft DoD Information Assurance Policy
and Instruction are capstone documents to be used for building an Information
Assurance Program that is documented and measurable, specifically referred to as
DoDD 8500.aa and DoDI 8500.bb. The widely accepted approach to Defense in
Depth has established a methodology for addressing network and information
security concerns. Using these guidelines and requirements, coupled with
currently available information, we can design a framework that will support any
organization and tailor it to fit our individual business needs.
Defense Information Technology Certification and Accreditation Process (DITSCAP). Prescribes all the steps required to assess, assign, implement, and audit the information security environment. The DITSCAP umbrella methodology includes everything from risk assessment and management issues, to complete certification and accreditation of all systems and the network.
Special Information Operations (SIO)
(DOD) Information operations that by their sensitive nature
and due to their potential effect or impact, security requirements, or risk to
the national security of the United States, require a special review and
approval process. Also called SIO. See also information; information operations;
operation.
Directorate for C4 systems-Joint Staff experts on C4
http://www.dtic.mil/jcs/core/j6.html
535 page PDF document that outlines DoD wide Information Assurance policy.
Joint publication 3-13 Rev1 - Joint Doctrine for Information Operations
Joint publication 3-13.1 Rev1 - Joint Doctrine for Command and Control Warfare (C2W)
Department of Defense Annual Reports
http://www.defenselink.mil/execsec/index.html
Rumsfeld said the military now has six operational goals:
o Protect the U.S. homeland and defeat weapons of mass destruction and their means of delivery.
o Project and sustain power in distant anti-access and area-denial environments.
o Deny enemy sanctuary by developing capabilities for persistent surveillance, tracking and rapid engagement.
o Leverage information technologies and innovative network- centric concepts to link joint forces.
o Protect information systems from attack.
o Maintain unhindered access to space and protect U.S. Space capabilities from enemy attack.
Department of Defense
John Stenbit, CIO
DoD Information Assurance Office
www.c3i.osd.mil/org/sio/ia/diap
DoD Information Assurance Scholarship Program
DoD Information Assurance Support Environment
DoD Computer Emergency Response Team
DoD Computer Forensics Laboratory
AFOSI is the executive agent for DoD for the DoD Computer Forensics Laboratory. Publishes excellent newsletter on computer forensics
DoD Information Operations
23rd Information Operations Squadron
Gregory J. Rattray is a Lieutenant
Colonel in the US Air Force. He is currently commander of the 23rd Information
Operations Squadron responsible for information warfare tactics development. He
has served on the Headquarters Air Force and Headquarters Strategic Air Command
staffs and as Assistant Professor of Political Science at the USAF Academy.
Bruce Berkowitz review of LTC Rattray's book on Information Warfare:
Paper on Information Operations to Air Force 2025
http://www.au.af.mil/au/2025/volume3/chap02/v3c2-1.htm#Contents
Critical Infrastrucure Protection in the United States Ralf Bendrath, Berlin FoG:IS Forschungsgruppe Research Group
http://www.isn.ethz.ch/crn/extended/workshop_zh/ppt/Bendrath/index.htm
INFORMATION OPERATIONS "IO in a Peace Enforcement Environment"
http://call.army.mil/products/newsltrs/99-2/99-2toc.htm
Joint Task Force-Computer Network Operations
http://www.spacecom.mil/jtf-cno.htm
The Joint Task Force-Computer Network Operations (JTF-CNO) is the Commander-in-Chief, United States Space Command’s (USCINCSPACE) operational component for Computer Network Operations (CNO), and supports USCINCSPACE in the integration of Computer Network Defense and Computer Network Attack capabilities into the operations of US military forces. Computer Network Operations are comprised of two specific yet complementary mission areas: Computer Network Defense (CND) and Computer Network Attack (CNA). The CND mission is to defend DOD computer networks and systems from any unauthorized event whether it be a probe, scan, virus incident, or intrusion. The CNA mission is to coordinate, support and conduct, at the direction of the National Command Authority (NCA), computer network attack operations in support of regional and national objectives.
The Task Force headquarters, located in the metropolitan Washington, DC area, is collocated with the Defense Information Systems Agency’s Global Network Operations and Security Center (GNOSC) and the Department of Defense Computer Emergency Response Team (DoD-CERT).
The JTF-CNO components are the Land Information Warfare Activity (LIWA), Marine Forces-Computer Network Defense (MARFOR-CND), Navy Component Task Force-Computer Network Defense (NCTF-CND), Air Force Forces-Computer Network Operations (AFFOR-CNO) and DISA’s DOD Computer Emergency Response Team (DOD CERT).
http://www.iwar.org.uk/cip/resources/ia-hearing-2001-05/01-05-17bryan.htm
DoD Cert
Internet Engineering Task Force
Jeff Schiller, Security Area Director
SAAG-IETF Security Area Advisory Group
Password: vivienda
http://web.mit.edu/network/ietf/sa/
IETF Security Tutorial
http://jis.mit.edu/sectutorial
Internet Engineering Task Force
Internet Mail Consortium
The Internet Security Conference Newsletter
http://www.tisc2002.com/insight.html
National Association of State Chief Information Officers
NASCIO has issued a report on IT security titled "Public-Sector
Information Security: A Call to Action for Public-Sector CIOs." (See
"Final Report" download link below.) It was written for NASCIO by Don
Heiman, former Chief Information Technology Officer for the State of Kansas, as
part of a grant from the PricewaterhouseCoopers Endowment for the Business of
Government. http://endowment.pwcglobal.com The report comes out of the November
2001 forum for CIOs held in Washington, DC. Presentations and supporting
materials from that forum are available below.
https://www.nascio.org/
CIO University
CIO Council
Information Technology Association of America (ITAA)
Shannon Kellogg, VP of Information Security Programs
Institute of Internal Auditors, Altamonte Spings, FL
Charles Le Grand, Director of Technology Practices
ISC2, Framingham, MA
James Wade, President (Also CSO for Federal Reserve System)
SANS (System Administration, Networking, and Security)
Alan Paller, Director of Research
Top Twenty Most Critical Internet Security Vulnerabilities. SANS and NIPC compiled this list.
DShield
SANS, a Bethesda, Md., nonprofit educational group for security professionals, is also planning to enlarge its early-warning system called DShield. www.dshield.org Top Ten list of attacking IP addresses for free online as a public service. DShield could get much bigger soon. Check Point Software Technologies Ltd., the world's dominant firewall maker, plans to provide a feature in its August Firewall 1/VPN 1 product upgrade that will allow customers to block traffic from IP addresses SANS lists as attackers. Customers may also choose to automatically and anonymously submit firewall logs to SANS. Check Point has 100,000 customers and its software sits at 250,000 network gateways world-wide. The Check Point partnership with SANS isn't exclusive and doesn't involve money, according to Asheem Chandna, vice president of business development at the Check Point.
ACM Special Interest Group on Security, Audit and Control (ACM SIGSAC)
IEEE Computer Society Technical Committee on Security and Privacy
The International Association for Cryptologic Research (IACR)
Computer Security Institute (CSI)
Publishes with FBI “Computer Crime and Security Survey”
CMP Media LLC, publishes Network Magazine and also owns the CSI
Internet Security Alliance
Dave McCurdy, Executive Director
The alliance is the joint effort of Carnegie Mellon University's Software Engineering Institute, the institute's CERT Coordination Center and the Electronics Industries Alliance.
Braxton
Was Deloitte Consulting (closely held 3.5 billion revenue, 15,000 employees)
Doug McCracken, CEO
Will officially separate from Big Five parent Deloitte Touche Tohmatsu
Accenture
Was Anderson Consulting (public company)
Monday
IBM recently announced will acquire for $3.5 Billion. Was PWC Consulting, was planning to separate itself from
PricewaterhouseCoopers and go public late 2002.
Interpact Inc
Winn Schwartau, President
http://www.interpactinc.com/home.html
Great links from Interpact
http://www.interpactinc.com/infosec.html
White Wolf Consulting
http://www.whitewolfconsulting.com
Counterpane Internet Security
@stake
The @stake Sleuth Kit (TASK) is an open source forensic
toolkit for a complete analysis of Microsoft and UNIX file systems.
http://www.atstake.com/research/tools/task/
ICSA Labs, division of TruSecure Corporation
http://www.icsalabs.com/index.shtml
Information Systems for Security Professionals
Packet Storm
www.packetstorm.decepticons.org
Good infosec links.
Black Hat Briefings & Training, July 29 - August 1, Las
Vegas, the world's premier technical security event! 8 tracks, 12 training
sessions, Richard Clarke keynote, 1500 delegates from 30 nations, with a near
cult following of both CSOs and "underground" security experts.
http://www.blackhat.com
Security Writers organization
Latin American consulting firm
Checksum
Good link farm on Info sec topics
Security Knowledge Base
http://www.security.ittoolbox.com/
Defense Advanced Research Project Agency (DARPA)
Mitretek Systems (Non-profit research organization to Federal Government)
Developed for the Intelligence Community Starlight and Spire, visual analysis tools
Center for Information Systems
Craig Janus, VP
Mitre Intrusion Detection Technology Program
www.mitre.org/research/cyber/security/index.html
The Edge-Information Assurance Issue
www.mitre.org/pubs/edge/february_01/
Mitre Infosec website
www.mitre.org/work/infosec/shtml
CVE
www.mitre.org/pubs/showcase/cve-01/
National Research Council
June 25, 2002 report on electrical grid vulnerabilities-commissioned by National Academies
ANSER (fed funded research agency)
Ruth David, President
Information Security Assessment Training & Rating Program
username: vivienda
password: rancho
Aberdeen Group
Eric Hemmendinger, Research Director in the Information Security Group
Robert Francis Group
Chad Robinson, Senior Research Analyst
The Theory Group
Gibson Research
Steven Gibson, President
Solutionary, Managed Security Service Provider (MSSP)
Foundstone
Stroz and Assciates
http://www.strozassociates.com/
Attrition.org
www.attrition.org/security/denial
computer security website, host Denial of Service database 2.0
Information Week Annual Global Information Security Survey
Fielded by Pricewaterhouse
www.information.week.com/TC/networking/security
Computer Economics
Michael Erbschloe, VP Research and author of Information Warfare: How to survive Cyberattacks
H2K2 Slides [MS PowerPoint, 2.6 MB]
http://www.iwar.org.uk/hope/h2k2strategic_thought.ppt
Wanja Eric Naef
Webmaster & Principal Researcher
IWS - The Information Warfare Site
http://www.iwar.org.uk
www.nitzbergsecurityassociates.com
Information Security Recruiting
Firms
Tatum CIO Partners LLP
http://www.tatumcio.com/index.htm
National Strategy for Homeland Security
Information sharing and data mining important components of plan
http://www.whitehouse.gov/homeland/book/
National Plan for Protecting Cyberspace. On 26 July the Bush administration unveiled the nation's first homeland and cybersecurity strategy, which calls for an unprecedented partnership between federal, state and local governments and the private sector to battle terrorism. The National Plan for Protecting Cyberspace builds upon work started by the Clinton administration to enlist the help of the private sector, which owns and operates the bulk of the nation's critical infrastructure. The new plan calls for the use of a wide array of information technologies to help battle terrorism at home, including the establishment of "smart borders" through the use of IT-enabled sensors and monitoring equipment. It also calls for: port authorities to make use of IT to secure shipping containers entering US ports; biometric authentication systems to secure buildings, airports and other critical infrastructure facilities; the deployment of "red teams" to test the security of critical systems, network and facilities; and an overhaul of IT systems to support better information sharing among federal law enforcement and intelligence agencies.
National Security Directive (NSD)-42 (5 JUL 90)
National Policy for the Security of National Security Telecommunications and
Information Systems.
Executive Order 13010, Critical Infrastructure Protection, creating the PCCIP
July 15, 1996
President’s Commission on Critical Infrastructure Protection (PCCIP)
July 1996-October 1997. Chairman: General Robert T. (Tom) Marsh USAF (R)
Remains the definitive public policy review of the business, economic and defense implications of cyber-security risks, vulnerabilities and threats Report Summary, Critical Foundations-Thinking Differently.
http://www.pccip.gov/summary.html
Presidential Decision Directive PDD-63 (22 MAY 98)
http://www.fas.org/irp/offdocs/pdd-63.htm
Plan of action on the findings of the President’s Commission on Critical Infrastructure Protection (PCCIP) of Oct 97. Requires Vulnerability Awareness and Education Programs within both the Government and private sector to sensitize people regarding the importance of security and train them to security standards, particularly regarding cyber systems.
President's Critical Infrastructure Protection Board (PCIPB)
Chairman, Richard Clarke
Vice Chairman, Howard Schmidt
The CNSS reports fully and regularly on its activities to the PCIPB.
National Security
Telecommunications & Information Systems Security Policy 11 (NSTISSP 11)
-use Common Criteria by 1
July 2002
-House version of Defense
Authorization Bill 2003 requires DoD to buy certified products
DOD Information Assurance
Directorate
Michael Jacobs, Director
IAD Sponsored events
Executive Order 13231 -
Critical Infrastructure Protection in the Information Age, 16 OCT 2001
http://www.ciao.gov/News/EOonCriticalInfrastrutureProtection101601.html
http://www.whitehouse.gov/news/releases/2001/10/20011016-12.html
Created the President’s
Critical Infrastructure Protection Board (PCIPB)
Information Sharing and Analysis Centers (ASIC) to pool information about cyber threats. Only Four ISAC currently, were created in Banking, Telecommunications, electric Power, emergency law enforcement and Information Technology.
IT-ISAC
Financial services
(FS-ISAC), Mr. Stanley (Stash) R. Jarocki, Chairman
NIPC and Financial
Services ISAC agree to share security information. In an effort to enhance the
security and readiness of the country's financial services industries to deal
with potential terrorist threats, Mr. Stanley (Stash) R. Jarocki, Chairman,
Financial Services Information Sharing and Analysis Center, LLC (FS/ISAC)
signed an agreement with Ronald L. Dick, NIPC Director. The partnership between
the FS/ISAC and the NIPC will allow vital security-related information to move
more effectively between the multi-agency NIPC, based at FBI headquarters in
Washington, DC, and financial services associations.
Chemical Sector Cyber
Security Information Sharing Forum
David Kepler, CIO, Dow
Chemical Corporation
Water supply, and
telecommunications (NCC-ISAC)
North American Electric Reliability Council (NERC)—the ISAC for the electric power sector-have established an indications, analysis and warning program (IAW) program
The proposal for an
interstate information sharing and analysis center (ISAC) for cybersecurity,
put forward by the National Association of State Chief Information Officers
(NASCIO), stems from Presidential Decision Directive 63 issued by President
Clinton in 1998. This may be the same initiative as the Cyber Security
Information Sharing Network.
Critical Infrastructure Assurance Office (CIAO), created by PDD-63
February 1998. National Cyber Warning Center, under the
department of Justice housed within the Federal Bureau of Investigation (FBI).
All 56 Field offices have an Infragard chapter. The NIPC has developed the InfraGard initiative into the largest
government/private sector joint partnership for infrastructure protection in
the world. We have taken it from its humble roots of a few dozen members in
just two states to its current membership of over 4,400 partners. It is the most
extensive government-private sector partnership for infrastructure protection
in the world. InfraGard (with the private sector infrastructure owners and
operators) shares information about cyber intrusions and other critical
infrastructure vulnerabilities. This service is provided free of charge.
NIPC offers "Seven Simple Computer Security Tips"
http://www.nipc.gov/warnings/computertips.htm
US Space Command (SPACECOM) Joint Task Force/Computer Network Operations (JTF/CNO)
National Security Presidential Directive (NSPD 1)
Currently working on EO to implement (NSPD 1)
NCIX
Committee on National Security Systems (CNSS) formerly NSTISSC
John Stenbit, Chairman, Assistant Secretary of Defense for Command, Control, Communications and Intelligence. CNSS is the new name for National Security Telecommunications & Information Systems Security Committee (NSTISSC)
Under Executive Order (E.O.) 13231 of October 16, 2001, Critical Infrastructure Protection in the Information Age, the President redesignated the National Security Telecommunications and Information Systems Security Committee (NSTISSC) as the Committee on National Security Systems (CNSS). The Department of Defense continues to chair the committee under the authorities established by NSD-42. As a standing committee of the President's Critical Infrastructure Protection Board, the CNSS reports fully and regularly on its activities to the Board.
The EO directs the protection of information systems for critical infrastructure, including emergency preparedness communications, and the physical assets that support such systems. The Secretary of Defense and the Director of Central Intelligence are responsible for developing and overseeing the implementation of government-wide policies, principles, standards, and guidelines for the security of systems with national security information.
The CNSS provides a forum for the discussion of policy issues, sets national policy, and promulgates direction, operational procedures, and guidance for the security of national security systems through the CNSS Issuance System. National security systems contain classified information or:
a. involves intelligence activities;
b. involves cryptographic activities related to national security;
c. involves command and control of military forces;
d. involves equipment that is an integral part of a weapon or weapons
system(s); or
e. is critical to the direct fulfillment of military or intelligence missions (not
including routine administrative and business applications).
National Information Assurance Partnership
Ron Ross, Director
Partnership between NIST and NSA to implement Common Criteria
Developing “Protection Profiles” for each technology area-Basic, extended and Advanced
Trusted Computer Security Evaluation Criteria (TCSEC) “Orange Book”
Security Proof of Concept Keystone Program (SPOCK Program)
SPOCK is a joint government-industry consortium sponsored by NSA to demonstrate security features of commercial and government products that can support dependable security architectures. This activity provides a forum for government users and security technology providers to share information on security requirements, emerging technologies, and new product developments. Integrators and product developers are afforded opportunities to share new solutions, identify government developed technology available for commercial use, and prototype COTS products in government sponsored test beds.
John H. McIver, Jr
NSA SPOCK Program Manager
410-854-6318
jhmcive@missi.ncsc.mil
Larry McGinness
COACT, Inc. SPOCK Support
301-498-0150
lbm@coact.com
ICAT Metabase Common Vulnerabilities and Exposures Database
ICAT is a searchable vulnerability index available at http://icat.nist.gov and maintained by the Computer Security Division at the National Institute of Standards and Technology. ICAT enables one to search, at a fine granularity (e.g. by software, version number, and other attributes), a set of vulnerabilities standardized and verified by the members of the computer security community involved with the CVE vulnerability naming standard http://cve.mitre.org Once a vulnerability is isolated, ICAT provides a snapshot of the vulnerability and links to the appropriate entries in public vulnerability databases. These public databases then provide ICAT users with detailed vulnerability and patch information. ICAT is a fine grained search engine that allows one to search and access the contents of some of the best public vulnerability databases on the web. ICAT can help system administrators, researchers, and security officers to stay abreast of the ever changing world of vulnerabilities.
National Computer Security Center
National Security Council
Stay Safe Online
Defense Information Systems Agency (DISA)
Air Force Office of Special Investigations Computer Crime Investigations and Information Operations
Vermont National Guard
RESERVE COMPONENT IO SUPPORT
The multi-component concept of operations for the LIWA includes reserve component support to expand the LIWA's capability to support Army total IO requirements across the entire operational spectrum especially defensive IO emphasizing information infrastructure protection. Both the Army National Guard (through the IO Project Office) and the Army Reserve (through the Reserve IO Coordination Center - RIOCC) are organized and trained to provide a structure to complement and reinforce the LIWA's IO operational capabilities. Both reserve components provide direct IO support to operational and tactical commanders to achieve full spectrum dominance, expanding the Army's capability to perform IO across the operational continuum. Additionally, ARNG IO organizations also support Homeland Defense and state applications of defensive IO in the form of computer emergency response and vulnerability assessment. Another purpose of the integrated multi-component support strategy is to contribute to the readiness of the entire Army by providing an IO capability using the soldier's civilian acquired skills.
Reserve Information Warfare Enhancement Center (RIOCC)
Defense chief outlines challenges of information age warfare
http://www.govexec.com/dailyfed/0802/081602td1.htm
Army Strategic Readiness System - replaces the USR https://akocomm.us.army.mil/srs/
AR 520-20, Information Warfare/Command and Control Warfare Policy, established LIWA to support and integrate IO in Army operations.
AR 380-19, Information Systems Security
http://www.gordon.army.mil/sit/ar380-19.doc
AR 380-5, US Army
Information Security Program
AR 380-53, Penetration testing and security testing attempting to circumvent security features
FM 3-13 (Formerly FM 100-6), US Army Information Operations
Scheduled to be published in 3rd Qtr 2002. FM 3-13 is the
Army's overarching publication for information operations (IO) and builds on the
foundation laid in Chapter 11, "Information Superiority, of FM 3.0
AR 381-14 (S), TEMPEST and communications security
Information Operations in the US Army Reserve
http://www.usarc.army.mil/news/IOPromo.htm
US Army Land Information Warfare Activity (LIWA)
8825 Beulah Street, Fort Belvoir, VA 22060-5246
https://www.liwa.belvoir.army.mil/
Great links from LIWA
https://www.liwa.belvoir.army.mil/io_websites.html
Army's Computer Response Team assumes electronic border protection duties
by Master Sgt. Joan Fischer
FORT BELVOIR, Va. (ARNEWS, May 12, 1997) -- Information dominance took a giant leap into the future in March when the U.S. Army Intelligence and Security Command opened the Army Computer Emergency Response Team Coordination Center at Fort Belvoir, Va. Its mission is to re-write the books on how the Army handles the newest threat in the field manuals -- computer hackers.The team, also known as ACERT/CC, is the newest division formed under the two-year old Land Information Warfare Activity led by Col. Halbert F. Stevens. It's chartered with the responsibility to detect, track and report computer attacks against Army computer networks.
LIWA received the tasker in February 1996 to form the response team. A year later, under the guidance of INSCOM Commander Brig. Gen. John. D. Thomas Jr., the command was ready to take on command and control protect (C2
protect) operations in support of the Army. "It's an element whose time has come," said Lt. Gen. (Ret.) Paul E. Menoher Jr., former deputy chief of staff for intelligence. "C2 protection of information assurance is absolutely critical."
Future plans include regional computer emergency response teams, called RCERTs, which will be located around the world. One regional team is already operational in Europe. ACERT/CC is currently operational Monday through Friday, 12-hours a day. Eventually, it will be operational 24-hours a day.
ACERT/CC is a joint venture among the information operations triad of the Army's deputy chiefs of staff for Operations and Intelligence, and the Joint Chief of Staff's director for Command, Control, Communications and Computers (DISC4).
The ACCERT/CC role is two-fold: help the Army identify computer systems vulnerabilities, and prevent hackers from accessing those same systems by exploiting those vulnerabilities. Set up to operate under the INSCOM umbrella, ACERT/CC receives missions from DA, DCSOPS and assistance requests from any Army command. According to Lt. Col. Bob Vrtis, LIWA's chief of information assurance, ACERT/CC prioritizes the incoming requests for assistance, however the Army's deputy chief of staff for operations can direct their priorities.
A hacker demonstration was conducted as part of the ribbon-cutting ceremony. An ACERT/CC computer security expert conducted the demonstration, saying that you have to "think like a hacker and try to break into a system."
For example, if an Army organization requests the team's assistance in checking out its vulnerabilities, a team member can sit at a computer terminal and attempt to break in from the remote site -- much like a real-world hacker. The goal is to get access to the "target" and gain system administrator's privileges, then erase all electronic record of the contact. In the case of a malicious hacker, the goal might be to alter files, delete information, or replace an Internet web site. While the team can diagnose such vulnerabilities long-range, Vrtis said you lose a lot by this process. "What you miss is the hands-on approach of providing personal attention and training to the systems administrator," he said. ACERT/CC sends out forward support teams to various sites on request. ACERT/CC is also the first-line of defense in tracking down computer hackers, whether teenage hackers trying out their skills on military targets, or people attempting espionage. ACERT/CC's main thrust is to deter outside intrusion into the Army's systems. "Deter is the key piece and focus of what ACERT/CC is all about," said Stevens.
Whatever else it is, ACERT/CC is not a police activity. Stevens said ACERT/CC's role is to determine if there is a hacker, then use the established notification process to report and coordinate responses, such as in the case of any other potential crime.
Barbara Schalestock, ACERT/CC chief, said that, depending upon the incident, it could be reported to Criminal Investigation Command or other appropriate Army activity. She has been involved in writing those reporting procedures while forming ACERT/CC's nucleus. Schalestock visited other agencies, including the Navy and Air Force, both of which had previously formed emergency response teams to address computer security issues. She was able to draw from the other services' experiences, along with DISA, to focus the ACERT/CC mission. She said the groundwork is established for getting operational procedures in place and formalized. The ACERT/CC staffing is another on-going challenge. ACERT/CC is currently staffed with a mix of contractors, Department of the Army civilians and military. Stevens said that resources are being reallocated from existing entities within the Department of Defense, which will enable the ACERT/CC to grow to its target strength of about 20 people.
Educating the rest of the Army about a new system or organization is part of the evolution process. Plans call for a web site on the Army homepage featuring information about ACERT/CC services. Vrtis said they intend to be proactive on notifying their "customers" about vulnerabilities by forming a service database and e-mail notices to consumers. The team will also provide LAN managers with the software tools they need to combat attacks. Rapidly changing capabilities further blur areas of responsibilities among the various agencies in a joint environment. ACERT/CC provides valuable support to the operational side of the military. Stevens said ACERT/CC's primary focus is to support the land component commander. In these days of joint missions, he added that it is difficult to draw the line for areas of responsibilities. "It depends on who gets tasked with the mission," said Stevens. "If the Army gets the lead, then (they will) coordinate with the other players."
Many decisions are yet to be made. Meanwhile, Vrtis and Schalestock are charged with forging ahead -- drawing a road map to the future. "We play it by ear," Schalestock simply said. "There's no (predetermined) path to take."
(Editor's note: To contact the Army Computer Emergency Response Team Coordination Center, call 1-888-203-6332 toll free from the United States or DSN 312-235-1113 from overseas military phones. For more information, call INSCOM Public Affairs Office at COML (703) 806-5326. Fischer is with the INSCOM Public Affairs Office, Fort Belvoir, Va.)
Information Warfare Associates (private firm)
US Army Research Laboratory – History of Computing, ENIAC supported US Army operations
http://ftp.arl.army.mil/~mike/comphist/
Theater Network Operations and Security Center
CONUS-TNOSC is a part of the United States Army Signal Command which is located at Ft. Huachuca, Arizona. CONUS-TNOSC consists of dedicated teams providing system, network and database management support to U.S. Army customers in support of the Army Power Projection missions on a worldwide basis.
The Office of the Director of Information Systems for
Command, Control, Communications and Computers (DISC4)
http://www.army.mil/disc4/ is now Office of the Chief Information Officer/G-6
(CIO/G-6)
http://www.army.mil/ciog6/
Army Information Assurance
https://informationassurance.us.army.mil/
The Information Assurance Directorate is responsible for developing and overseeing the Army's Information Systems Security Program (ISSP) which is the overarching program for securing the Army's portion of the Defense Information Infrastructure. The Army's Chief Information Officer/G-6 is responsible for implementing protective measures, developing plans, policies and procedures, developing and monitoring training, and validating requirements to protect SECRET and below command, control, communications, and computer capabilities. The Information Assurance Directorate develops and directs the implementation of the ISSP for product procurement, the Network Security Improvement Program (NSIP) Plan for the Army sustaining base, and the Force XXI Protection Plan for the tactical force.
DoD Information Assurance Directorate
Information Assurance Technology Analysis Center
Good infosec links on resource page.
Information Assurance Technical Framework Forum
National Information Assurance Partnership
Systems Security Engineering - Capability Maturity Model
Information Assurance Support Element
Army Computer Emergency Response Team
http://www.acert.belvoir.army.mil/
Orange Book DoDD 5200.28
http://www.acert.belvoir.army.mil/regulations/dod5200
Automated System Security Incident Response Team
CERT Security Improvement Modules
http://www.cert.org/security-improvement
Computer Incident Advisory Capability
DOE Information Security (DOE-IS)
Director of Information Management (DOIM)
INFOSEC Program Management Office
U.S. Army Regional Computer Emergency Response Team Europe (RCERT-E)
http://www.iwsc.5sigcmd.army.mil/
Site Security
Guidance
Site Security Handbook
http://www.net.ohio-state.edu/hypertext/rfc1244/toc.html
This handbook is a guide to setting computer security policies and procedures for sites that have systems on the Internet. This guide lists issues and factors that a site must consider when setting their own policies. It makes some recommendations and gives discussions of relevant areas. This guide is only a framework for setting security policies and procedures. In order to have an effective set of policies and procedures, a site will have to make many decisions, gain agreement, and then communicate and implement the policies.
http://www.yahoo.com/Computers_and_Internet/Security_and_Encryption
List of homepages of leading cryptographers including Ross Anderson, University of Cambridge and Dorothy Denning, Georgetown University
http://www.swcp.com/~mccurley/cryptographers/cryptographers.html
Jan Camenisch http://www.zurich.ibm.com/~jca/
list of Crytographers http://www.zurich.ibm.com/~jca/cryptographers/
SIRENE: SIcherheit in REchnerNEtzen / Security in Computer Networks
http://www.semper.org/sirene/index.html
Zurich Information Security Center
Joint Interoperability Test Command (JITC) (Part of DISA) JITC is located at the Naval Surface Warfare Center (NSWC) Indian Head, Md.
Security Technical Implementation Guide (STIG)
STIG certification is granted to only the most comprehensive and reliable security management solutions and enables government agencies to select and utilize these certified products to help secure their IT infrastructure.
Federal Energy Regulation Commission (FERC)
Office of Science & Technology Policy (OSTP)
House Science Committee
Sherwood Boehlert (R-NY), Chairman
Senate Commerce Subcommittee on Science, Technology and Space
Ron Wyden, Chairman
UNIRAS is a member of
the Forum of Incident Response and Security Teams (FIRST)
and has contacts with
other international Incident Response Teams (IRTs) in order to foster
cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
UNIRAS (UK Govt CERT)
Briefing Notice - 187/02 dated 20.06.02
Time: 11:30
UNIRAS is part of NISCC(National
Infrastructure Security Co-ordination Centre)
-
----------------------------------------------------------------------------------
UNIRAS material is also available from its
website at www.uniras.gov.uk and
Information about NISCC is available
from www.niscc.gov.uk
Upcoming Information
Security and Assurance events:
http://iac.dtic.mil/iatac/news_events/training_2002_main.htm
http://call.army.mil/Io/liwa/20may02.htm
The Federal Cyber Service program offers scholarships to study information assurance in exchange for two years of government service. The University of Tulsa, Carnegie Mellon University, the Naval Postgraduate University, Iowa State University, the University of Idaho, and Purdue University currently participate and have programs for both graduate and undergraduate students. The first group of 66 students is finishing the first year of the program.
National Colloquium for
Information Systems Security Education
NSA Centers of Academic
Excellence in Information Assurance Education
http://www.nsa.gov/isso/programs/coeiae/index.htm
National INFOSEC
Education and Training Program
http://www.nsa.gov/isso/programs/nietp/index.htm
DOD Information
Assurance Scholarship Program
National Security Telecommunications and Information Systems Security Committee:
James Madison University
Center for Research in Information
Systems Security Education (CRISSE)
www.infosec.jmu.edu/ncisse/conference99
Manages the NCISSE as
chairmanship changes each year amongst academic, industry and government.
US Army Signal Center,
School of Information Technology
http://www.gordon.army.mil/sit/
http://atzhssweb.gordon.army.mil/otdweb/information/contents.asp
Dartmouth
Institute for Security
Technology Studies
Michael Vatis, Director
Dartmouth
The Institute for
Information Infrastructure Protection
http://www.thei3p.org/index.jsp
Great Links from I3P
http://www.thei3p.org/ecommunities/links.jsp
Dartmouth
Investigative Research into
Infrastructure Assurance (IRIA) group
http://www.ists.dartmouth.edu/IRIA/courses/index.htm
Georgetown University
Institute for
Information Assurance
Dorothy Denning,
Director
http://www.cosc.georgetown.edu/~denning/
Carnegie Mellon
University, Software Engineering Institute
Computer Emergency
Response Team (CERT) Coordination Center
Navy War College,
Newport, RI
Knowledge Management
Team
2001 Global War Games –
eliminated stove-piped chains of command
John Hopkins University
Information Security Institute
KSU Center for Info Security Education & Awareness
http://infosec.kennesaw.edu/link2.html
Southeast Crime Institute
http://cybercrime.kennesaw.edu
University of New Haven
Forensic Computer
Investigation Program
University of Washington
Dave Dittrich, Senior
Research Engineer
http://staff.washington.edu/dittrich/misc/ddos
Largest collection of
links relating to DDOS attacks on the Internet
Purdue University
Center for Education and
Research in Information Assurance and Security
Gene Spafford, Director
http://www.cerias.purdue.edu/homes/spaf/index.html
United States Military
Academy
Information Technology
and Operations Center
Norwich University
Mich Kabay, Associate Professor
of Information Assurance
University of Maryland,
Baltimore County
Center for Information
Security and Assurance
National Defense University
Security and Information
Assurance
Carnegie Mellon University
Center for Computer and Communications Security (C3S)
http://www.ece.cmu.edu/c3s/index.html
University of
California-Davis, Department of Computer Science
Computer Security
Laboratory
George Mason University
Laboratory for
Information Security Technology
George Mason University
Center for Secure
Information Systems
Idaho State University
Information Security
Resources
University of Cambridge
Computer Laboratory
Ross Anderson, author of
Security Engineering
http://www.cl.cam.ac.uk/users/rja14/
University of Cambridge
Computer Security Group,
Computer Laboratory
http://www.cl.cam.ac.uk/Research/Security/index.html
Ross Anderson, author of
Security Engineering
http://www.cl.cam.ac.uk/users/rja14/
University of
Wisconsin-Milwaukee
The Center for
Cryptography, Computer and Network Security (CCCNS)
London School of
Economics
Computer Security
Research Center
Queensland University of
Technology
Information Security
Research Centre
http://www.fit.qut.edu.au/DataComms/Research/ISRC/ISRC.html
University Information Security Courses
http://www.iwar.org.uk/comsec/resources/security-lecture/index.html
Recommended Textbooks for course:
Computer Security, Dieter Gollmann, J. Wiley & Sons.
Network Security Essentials, William Stallings, Prentice Hall
Secrets and Lies, Bruce Schneier, J. Wiley and Sons.
Security Engineering, Ross Anderson. J. Wiley & Sons. ISBN 0 471 38922 6
James Madison University
MS in Computer Science
with concentration in Information Security
http://www.infosec.jmu.edu/program/html/program.htm
University of Miami
Michael Froomkin,
Professor of Lay, E-commerce cyberspace expert
http://personal.law.miami.edu/~froomkin/
University of Tulsa
Police, students combat cybercrime. In an unusual
arrangement, Tulsa, OK police are teaming up with students at the University of
Tulsa to help investigate and stop cybercrime. Under the agreement,
computer science students will work
with the Tulsa police to help them investigate child pornography, fraud and
forgery, identity theft and other crimes committed via computers, said Detective
Scott Wanzer of the Cyber Crimes Unit. The student interns gain real-world
experience by learning what a forensic investigator does, and the officers gain
expertise in new software tools, research and techniques. President Bush wants
people to help protect the nation against cyberattacks, but there is not enough
money
or people to go around, said Sujeet Shenoi, computer science professor at the
University of Tulsa.
University of Auckland
Peter Gutmann
http://www.cs.auckland.ac.nz/~pgut001/
Cornell University
University of Tennessee
Tom Dunigan Security
Page
http://www.epm.ornl.gov/~dunigan/security.html
Georgetown University
Dorothy Denning website
http://www.cosc.georgetown.edu/~denning/
MIT
Ron Rivest
http://theory.lcs.mit.edu/~rivest/
http://theory.lcs.mit.edu/~rivest/crypto-security.html
University of
California, Berkeley
David Wagner, Assistant
Professor, specializes in information security
http://www.cs.berkeley.edu/~daw/
Capitol College
MS in Network Security
Intelligence Community
John Dahms, CIO for Intelligence Community
Sallie McDonald, assistant commissioner for the office of information assurance and critical infrastructure protection
Analyzes data from agencies' intrusion-detection systems, firewalls and security-incident logs. Intends to develop early warning system in cooperation with the CERT Coordination Center, a federally funded research group in Pittsburgh operated by Carnegie Mellon University.
Department of Commerce-Office of the CIO
Tom Pyke, CIO
Department of Defense
John Stenbit, Assistant
Secretary of Defense for Command, Control. Communications and Intelligence
(C3I)
Federal Bureau of
Investigation (FBI)
Darwin John, CIO
Was CIO for the Mormon
church
Office of Management
& Budget
Mark Forman, CIO
Office of Homeland Security
Steven Cooper, CIO and Senior
Director for Information Integration
Government Accounting
Office
Robert Dacey, Director
of Information Security
National Security Agency
Daniel Wolf, Information Assurance Director
US Army
LTG Robert W. Noonan Jr., the Army G-2,
MG. Steven W. Boutelle, Director of Information Operations, Networks and Space, CIO/G-6
US Air Force
John Gilligan, CIO
US Navy
Alex Bennet, Deputy CIO
for Enterprise Integration
Federal Emergency
Management Agency (FEMA)
Ron Miller, CIO
Steven Schmidt, Chief
Security Officer
NASA, Washington, DC
Lee Holcomb, CIO
Federal Reserve System
James Wade, Chief
Security Officer
Harris Corporation
Bill Wall, Chief
Security Engineer
Staples
Paul Gaffney, CIO
VISA, Tampa, FL
John Shaughnessy, Sr VP
of Risk Management
Cardholder Information Security
Program
http://usa.visa.com/business/merchants/cisp_how_to_comply.html
Oracle
Mary Ann Davidson, Chief
Security Officer
Hewlett Packard
Zone Labs
Personal firewall
downloaded from the Internet
Bindview Corporation
Worlds leader in Host
bases vulnerability assessment
Scott Blake, VP for
Information Security
Microsoft
Bindview RAZOR Team
Scott Blake, Head of Bindview RAZOR team
Deployed as ISP level,
expert systems examine network traffic against baseline of normal activity
Arbor Networks
Peakflow
Asta Networks
Vantage System
Captus Networks