Industry hesitant about detection system

A top official of a group charged with investigating electronic threats posed to the U.S. critical infrastructure said last week that efforts to gather critical asset information are running into objections from private companies.

Douglas Perritt, deputy chief of the National Infrastructure Protection Center, told the National Institute of Standards and Technology's security and privacy panel that private-sector cooperation is key to assembling information about the computer systems that operate and support U.S. critical infrastructures, such as the banking, transportation, telecommunications, electric, oil and gas industries. But convincing the private corporations to collaborate has been difficult, he said.

The effort is "being worked in coordination with a similar DOD program that focuses on assets critical to DOD's mission," Perritt said. Guidelines currently are under development for the kinds of data needed.

The Justice Department established NIPC last year to develop a system that would detect and track cyberattacks against federal and private computer systems that are integral to U.S. critical infrastructures. As envisioned, the system would detect an intrusion to a computer system and then identify the attacker by tracking the attack back to its source.

The FBI is in charge of developing the system together with the departments of Defense, Transportation and Energy. NIPC officials also plan to coordinate emergency responses, provide training and outreach, and develop technical tools.

The private sector has questioned whether NIPC can put controls in place to prevent the potential abuse of corporate proprietary information. Corporate executives want to know, "Where are my safeguards?" Perritt said.

Partnership is the "only way to address the issue of protecting" the infrastructure, Perritt said. "We understand that there are impediments to information sharing...that stem from cultural barriers...and legal [and] privacy concerns - real and/or perceived - that inhibit trust."

To persuade private companies to share their data on computer systems, NIPC is considering creating so-called Information Sharing and Analysis Centers (ISACs), which Perritt described as "middlemen between government and the private sector." The National Coordinating Center for Telecommunications, part of the National Communications System, which is a federal security group affiliated with DOD, could serve as the group to build an ISAC for telecommunications companies.

The complexity of building the system also will be daunting, said Sam Varnado, the director of energy and critical infrastructure technology at Sandia National Laboratories, which will assign a person to support the NIPC effort.

"The FBI has got an enormous job," he said. Indications and warnings relating to intrusions and other sources of network system failures are "such a complex, new idea that they have to design an information system that meets the needs of the FBI. You can't use a cookbook approach."

Perritt also outlined for the NIST security and privacy panel NIPC's progress in building the intrusion-detection system. He said NIPC and the General Services Administration are designing the preliminary architecture for the Federal Intrusion-Detection Network (Fednet), described as a central burglar alarm system.

Fednet is in the early stages of development, said Tom Burke, chief infrastructure assurance officer with GSA. "A lot of legal and privacy issues remain to be worked," he said.

Perritt said the Key Asset program, for which NIPC is managing the collection of data, is a separate database that will store information about critical parts of the computer systems such as telecom switches, railroad junctions and power plants. The database also will provide the characteristics, connectivities and interdependencies of the parts, and information on the companies that own the parts, names of contacts and potential effects on other infrastructure components if parts fail. The database, which is being compiled by NIPC field offices, will be maintained at NIPC, Perritt said.

Perritt also said NIPC is considering forming the InfraGard Project, which would serve as a forum to encourage people in local organizations to talk about the detection system.

-- Adams is a free-lance writer based in Alexandria, Va.