Consortium demos secure network
- By Dibya Sarkar
- Nov 13, 2002
Oregon Regional Alliance for Information and Network Security
A public/private consortium in Oregon is developing a secure information network that was created as a direct result of homeland security concerns.
The consortium responsible for developing the Oregon Trial of Emergency
and Security Technology (O-TEST) demonstrated the model in Washington, D.C.,
"It is a protocol of communication that is IP-based and lives on top
of a public network that provides a secure point-to-point data interchange,"
said Wyatt Starnes, president and chief executive officer of Tripwire Inc.
and a member of the board of directors of RAINS — the Oregon Regional Alliance
for Information and Network Security.
The consortium was formed as a direct result of the Sept. 11, 2001,
attacks, Starnes said, to improve the cybersecurity of government systems
and critical infrastructures, such as banking and finance, transportation,
electricity, water and communication systems. It is made up of more than
40 Oregon-based cybersecurity and technology companies and the Oregon University
System, supported by several state and Portland government agencies.
The federal government's call for private partnership in solving such
problems also spurred formation of the group.
Charles Jennings, RAINS board chairman and the CEO of Swan Island Networks
Inc., said that before Sept. 11, the public and private sectors focused
on technology performance, proficiency and mass penetration. "Security at
best was a very poor stepchild," he said. Now people realize cybersecurity
is important, but there's still a lot of work to do.
RAINS officials believe O-TEST is a step in the right direction.
Charlie Kawasaki, a board member and CEO of RuleSpace Inc., said O-TEST
is not intended to be the technological answer, but it should be regarded
as an ongoing test environment that is constantly evolving. "The ultimate
goal is to build a blueprint of best practices," he said.
O-TEST is not a peer-to-peer system, but does facilitate secure and
encrypted information sharing using rich media and other technologies. Officials
called O-TEST a work in progress that can be deployed on any platform, upgraded
with new technologies, or can act as a complement to the existing systems
of an organization.
It is aimed at first responders, critical infrastructure owners and
operators, and to all levels of the public sector.
The demonstration Nov. 13 showed a suspicious vessel heading up the
Columbia River toward Portland. Immediately the city's emergency operations
center — which would likely be in charge of such an incident — was notified
and, in turn, sent notifications to appropriate agencies, whether 911 centers,
police and fire departments, and other city agencies.
A user would get the notification on his terminal and then use an authentication
tool — such as a digital watermark embedded in the user's identification
card — to log on to the secure network. The user could then get a description
of the incident as well as a photograph of the vessel, audio files of individuals
in the field, satellite imagery and other pertinent geographic images.
If the vessel began discharging toxic gas or liquid, system users could
see which ports have been secured, or download information about how to
contain the gas or spill. Other news and information could be accessed as
Jennings said a key design principle of O-TEST is survivability. Information
wouldn't be stored in one central database, but locally. So if one system
goes down, other O-TEST nodes would have information and still be linked.
By early next year, the nonprofit organization hopes to have the system
deployed for testing in the Portland area. That would be followed by a second
phase where more regions or states would be set up with the system.
Jennings said the group also is talking with officials in Pennsylvania
and Virginia. The National Governors Association has asked for a demonstration
as well as the Defense Department's Advanced Concept Technology Demonstration,
a program designed to fund the rapid fielding of new technology.
The group has also gotten support from Oregon Sen. Ron Wyden and the Critical Infrastructure Protection Board, while high-level officials from the National Science Foundation and the National Institute of Standards and Technology have expressed interest.
Starnes said that although the group — which was given seed money by
the Oregon Economic Development Department — has spent less than $100,000,
the next two phases are projected to cost about $6.5 million.
He said that the recently passed Cyber Security Research and Development
Act (S. 2182), which would provide more than $900 million over five years
for cybersecurity research and development, may be a funding option.