Governmentwide security surveillance net takes shape

What the Transportation Department is trying to do for a single agency, the Federal Computer Incident Response Center (FedCIRC) hopes to do for government's entire civilian side.

FedCIRC is developing a centralized data analysis capability that will collect incident reports from agencies to see what cyberattacks are being made on government computers and, in return, provide agencies with information on how best to defend against them. At some point, the center might even be able to trigger agency defense systems to respond to an attack automatically.

"The bottom line is that this capability will help improve the situational awareness of government," said Mike Smith, director of operations and technical support at FedCIRC. "We may eventually be able to identify trends and make predictions about what the data means, so we can spot things early, even before attacks really begin."

FedCIRC is moving from its longtime home at the General Services

Administration to a more central position at the new Homeland Security Department.

The array of security devices that agencies have now are all good and useful, but they only give a local perspective of what's going on in that agency, said Richard Pethia, director of the CERT Coordination Center at Carnegie Mellon University and an

adviser to FedCIRC on the project. What the devices don't do is say what's happening to the agency's systems in relation to what may be happening elsewhere.

"If you are experiencing a particular kind of attack, it's useful to know if other organizations are also experiencing it or if you are the only agency being attacked that way," Pethia said. "In one instance, it may just be your assets the attacker is after, but a broader attack, such as the Slammer worm [that slowed down the entire Internet in January], will be nondiscriminating."

Also, if some agencies report that they are under a particular kind of attack but others don't, he said, it could indicate that the ones being attacked don't have their firewalls properly configured, and that information could be quickly relayed to the unprotected agencies.

The process could eventually include reporting of some very "fine-grained" agency data, Pethia said. This will require consultation with agencies because each will have its own policies for privacy, confidentiality and what kind of information, such as

originating IP addresses, needs to be

sanitized.

FedCIRC is in the initial stages of pulling this data analysis capability together, Smith said. In February, the center released a request for information calling for industry leaders to join the Internet Engineering Task Force's efforts to develop common incident data formats.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.