Cyberattack solution ready

• By Diane Frank
• Jul 10, 2000

With cyberattacks increasing in frequency and lethality, the Transportation Department has developed a solution that combines past experience and a commercial model that has already passed the security test several times this year.

The U.S. Government Information Sharing and Analysis Center (USGOV/ ISAC), a component of the DOT Millennium Solutions Center, provides a forum through which organizations can share cybersecurity information to better understand the vulnerabilities and attacks they face.

The idea springs from Presidential Decision Directive 63, which calls for agencies and industry to protect their critical information systems, and the National Plan for Information Systems Protection, the first version of which President Clinton issued in January.

In the private sector, financial services companies have formed the first formal ISAC. The Financial Services ISAC has already proved its value. The General Accounting Office and Congress noted that the FS/ISAC was able to give its members early warning of the distributed denial-of-service attacks that cut off service to Yahoo, eBay and other sites in February, as well as the "love bug" virus that struck computers worldwide in May.

The Millennium Solutions Center is an outgrowth of DOT's Year 2000 Service Bureau. A fee-for-service organization, the center offers solutions from pre- competed contracts, choosing among the vendors on the DOT Information Technology Omnibus Procurement (ITOP) II contract. Agencies who join the USGOV/ISAC sign an interagency agreement with the center, which allows them to use the services from the center's ITOP task order.

The USGOV/ISAC serves agencies in several ways. Anyone who goes to the site can get the latest alerts about viruses and attacks, including an analysis of the severity of the problem and any corrective action that can be taken. By year's end, the center hopes to turn the USGOV/ISAC into a security portal that will provide alerts, warnings, analyses and patches from a variety of sources in a single place.

However, agencies can receive more services if they join the USGOV/ISAC as members, said Bonnie Fisher, the center director. Agencies can then receive an initial vulnerability and risk assessment overview and learn where to focus attention for immediate and long-term assistance. The Millennium Solutions Center team will also help member agencies form computer emergency response teams to help agencies manage security internally, Fisher said.

Membership allows agencies to submit incident information, or anything they find suspicious, to the USGOV/ISAC via the Internet using a digital certificate for authentication. Any data that may identify the agency submitting the information is removed.

The USGOV/ISAC staff combines security reports from other members nationwide and looks for patterns and links to other cyberattacks or security incidents. Members have access to this information as well.

Agencies also can use a "lookup" function to search past security data gathered by the USGOV/ISAC. A system administrator can use that information to learn about vulnerabilities and fixes for installing a new system or software.

Alerts, warnings and patches are sent directly to members via e-mail, fax and pager depending on the severity of the vulnerability. The USGOV/ISAC sends information to individual members based on members' profiles, which include members' individual systems.

The USGOV/ISAC staff has agreements with software vendors to receive the patches ahead of general release and tests the patches before sending them to members.

"We really believe this network is a valuable resource for agencies," Fisher said. "We want agencies to be proactive, not reactive."

The governmentwide ISAC, which is open to federal, state and local agencies, awarded a contract to Global Integrity Inc., a subsidiary of Science Applications International Corp. and the provider of the Financial Services ISAC, to run the government ISAC. Global Integrity works with private-sector companies to provide a range of security services, products and training.