9-11 Commission keeps network secure

The National Commission on Terrorist Attacks Upon the United States

Related Links

Officials from the 9-11 Commission investigating the terrorist attacks of Sept. 11, 2001, recently wrapped up two days of high-profile public hearings, but researchers working for the commission continue to gather information to prepare a complete account of the events surrounding the attacks.

To enable researchers at remote sites and various offices to collaborate and conduct research via the Internet, technology managers with the commission have set up a virtual private network that offers secure communications and quick access to data.

The 9-11 Commission, officially known as the National Commission on Terrorist Attacks Upon the United States, is an independent, bipartisan commission chartered by Congress in November 2002. The agency is responsible for preparing a report on the events leading up to and during the attacks.

Starting with just four staffers in February 2003, the commission now employs nearly 70 people, 50 of whom are researchers. The commission has teams in two offices in Washington, D.C., and one in New York City, and staffers working at remote sites. The researchers need access to data, including WAV files, images and newspaper clippings, according to Garth Wermter, director of technology for the 9-11 Commission and director of technology at the University of Virginia.

So technology managers installed two networks: a private network to handle classified information, which is not connected to the Internet, and another network for unclassified but sensitive materials.

"We settled on the idea that we needed a virtual private network and firewall because we wanted the folks who are mobile to connect back into the unclassified network," Wermter said.

Commission officials needed a network that could be set up quickly, would be easy for staff and researchers to connect to, and would be flexible enough to handle the growth and changing nature of the staff. That search led the commission to deploy Watchguard Technologies Inc.'s integrated Firebox 700 firewall and VPN at each office, with remote VPN users connecting to the main office in Washington, D.C. Technology managers set up T1 Internet connections for each office and gave mobile and home-office users VPN client software.

The commission also subscribed to Watchguard's LiveSecurity service, which protected the network from the onslaught of computer viruses and worm attacks during the summer of 2003 that infected many corporate and some federal networks.

"We avoid worms completely, including recent threats and last summers'" worms, Wermter said. Because the Firebox 700 performs application layer inspections, viruses and worms are caught before they infect machines. Such inspections examine the content of network packets, allowing the firewall to block malicious code found in executable files or Java applets, for example. Wermter added that the firewall has protected researchers from malicious code that could be placed on Web sites they might go to for research purposes.

The LiveSecurity service, which comes bundled with the Fireboxes, offers additional protection. LiveSecurity includes software updates for Watchguard products to protect against specific attacks, technical support, security alerts on emerging threats and online self-help tools.

LiveSecurity is an important service for any company relying on Internet connections, said Charles Kolodgy, research manager for Internet security at IDC. The service "does the security research for you. If you don't have a dedicated staff for security, you can [still] get a feel for what's going on" regarding threats and attacks, he said.

"We don't go into work worrying about the security of the network" anymore, Wermter said. Technology managers are now working on interactive applications that pull together researcher reports and analysis, he added.

For instance, researchers have radar data that can help in analyzing the movement of the hijacked airplanes, but that data is not synchronized with text or other documents, Wermter said. Another researcher might have a Microsoft Corp. Excel spreadsheet that tracks various individuals' movements that day, but it would be helpful to have something visual to accompany it.

Pulling this together requires a great deal of data sharing. Two teams are working to create visual presentations, Wermter said. So a likely scenario could be an application with radar data, tracking plane activity, with a map of the United States layered over it. It would be even better if there was audio from traffic controllers or telephone conversations to go with it.

"We want to make the report as understandable to the public" as possible "and help tell the story" of Sept. 11, 2001, Wermter said.

Originally scheduled to deliver the final report to Congress and the public by May 2004, the commission was recently granted a two-month extension by President Bush. The final report is now due July 26.

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.


  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above