Cyberattack solution ready
- By Diane Frank
- Jul 10, 2000
With cyberattacks increasing in frequency and lethality, the Transportation
Department has developed a solution that combines past experience and a
commercial model that has already passed the security test several times
this year.
The U.S. Government Information Sharing and Analysis Center (USGOV/
ISAC), a component of the DOT Millennium Solutions Center, provides a forum
through which organizations can share cybersecurity information to better
understand the vulnerabilities and attacks they face.
The idea springs from Presidential Decision Directive 63, which calls
for agencies and industry to protect their critical information systems,
and the National Plan for Information Systems Protection, the first version
of which President Clinton issued in January.
In the private sector, financial services companies have formed the
first formal ISAC. The Financial Services ISAC has already proved its value.
The General Accounting Office and Congress noted that the FS/ISAC was able
to give its members early warning of the distributed denial-of-service
attacks that cut off service to Yahoo, eBay and other sites in February,
as well as the "love bug" virus that struck computers worldwide in May.
The Millennium Solutions Center is an outgrowth of DOT's Year 2000 Service
Bureau. A fee-for-service organization, the center offers solutions from
pre- competed contracts, choosing among the vendors on the DOT Information
Technology Omnibus Procurement (ITOP) II contract. Agencies who join the
USGOV/ISAC sign an interagency agreement with the center, which allows them
to use the services from the center's ITOP task order.
The USGOV/ISAC serves agencies in several ways.
Anyone who goes to the site can get the latest alerts about viruses and
attacks, including an analysis of the severity of the problem and any corrective
action that can be taken. By year's end, the center hopes to turn the USGOV/ISAC
into a security portal that will provide alerts, warnings, analyses and
patches from a variety of sources in a single place.
However, agencies can receive more services if they join the USGOV/ISAC
as members, said Bonnie Fisher, the center director. Agencies can then receive
an initial vulnerability and risk assessment overview and learn where to
focus attention for immediate and long-term assistance. The Millennium Solutions
Center team will also help member agencies form computer emergency response
teams to help agencies manage security internally, Fisher said.
Membership allows agencies to submit incident information, or anything
they find suspicious, to the USGOV/ISAC via the Internet using a digital
certificate for authentication. Any data that may identify the agency submitting
the information is removed.
The USGOV/ISAC staff combines security reports from other members nationwide
and looks for patterns and links to other cyberattacks or security incidents.
Members have access to this information as well.
Agencies also can use a "lookup" function to search past security data
gathered by the USGOV/ISAC. A system administrator can use that information
to learn about vulnerabilities and fixes for installing a new system or
software.
Alerts, warnings and patches are sent directly to members via e-mail,
fax and pager depending on the severity of the vulnerability. The USGOV/ISAC
sends information to individual members based on members' profiles, which
include members' individual systems.
The USGOV/ISAC staff has agreements with software vendors to receive
the patches ahead of general release and tests the patches before sending
them to members.
"We really believe this network is a valuable resource for agencies,"
Fisher said. "We want agencies to be proactive, not reactive."
The governmentwide ISAC, which is open to federal, state and local agencies,
awarded a contract to Global Integrity Inc., a subsidiary of Science Applications
International Corp. and the provider of the Financial Services ISAC, to
run the government ISAC. Global Integrity works with private-sector companies
to provide a range of security services, products and training.