Sites help keep feds informed about cybersecurity and ahead of the latest security incidents.
Information security is a major concern for federal officials. Hackers exploit security vulnerabilities in commercial software before companies even know about them or can issue patches to fix them. Malware and malicious code attacks are on the rise. And anxiety about protecting mobile data is growing as more government employees use laptop computers and work from home.
Fortunately, a number of Web sites and security blogs help security professionals keep abreast of the latest incidents and vulnerabilities and protect critical data.
1. U.S. Computer Emergency Readiness Team
The U.S. Computer Emergency Readiness Team is a partnership between the Homeland Security Department and other organizations. DHS established US-CERT in 2003 by announcing that it would help protect the country’s Internet infrastructure. Because the team’s function is to coordinate defenses and responses to cyberattacks, the Web site has security information for just about everyone, including systems administrators, federal employees, people who use computer-based control systems that support critical infrastructures such as utilities and water facilities, and ordinary Internet users.
The site offers weekly vulnerability summaries from the National Institute of Standards and Technology’s National Vulnerability Database. Users can also sign up to receive cybersecurity alerts and security tips via e-mail. In addition, users can report security incidents, phishing scams and vulnerabilities.
Federal security officers have access to important commercial alert sites via US-CERT, said Alan Paller, director of research at the SANS Institute. That feature saves agencies millions of dollars on subscriptions to a host of expensive services, he said.
State security officers say they find US-CERT useful because it provides a secure Web portal for members of the Government Forum of Incident Responders and Security Teams (GFIRST), a group of more than 50 incident response teams from federal agencies. Through the GFIRST portal, they can share cybersecurity information with other public- and private-sector participants.
“Through the GFIRST secure compartment on US-CERT, we are provided with very good information,” said Will Pelgrin, director of the New York State Office of Cyber Security and Critical Infrastructure Coordination. “It provides an additional level of detail of data that is very useful for the members.”
2. SANS Institute’s Internet Storm Center
The SANS Institute’s Internet Storm Center is a good site for information on the latest security incidents. It is a cooperative cyberthreat monitor and alert system. The site features a daily incident handler’s diary, which summarizes and analyzes new threats.
“My staff reviews the SANS site multiple times each day,” Pelgrin said.
The Internet Storm Center uses an all-volunteer group of network security analysts to detect problems, analyze threats and disseminate technical and procedural information to the public. They collect information about unwanted traffic via thousands of sensors that work with firewalls, intrusion-detection systems, home broadband devices and all operating systems. The devices send information into a DShield database for analysis.
The center provides a number of automated reports. For instance, by clicking on Top Ports, network security professionals can determine if they are seeing the same attacks as their peers. Or by viewing Source Reports, they can see if the same source is attacking anyone else.
3. Multi-State Information Sharing and Analysis Center
The Multi-State Information Sharing and Analysis Center is a forum for sharing security intelligence among the 50 states and with the federal government.
MS-ISAC has two Web sites: a public one and a secure portal for members. The public site provides cybersecurity advisories and bulletins, a cybersecurity toolkit, and awareness brochures. Members can access information from the MS-ISAC Cyber and Spatial Analysis Center, an operational center that correlates and reports vulnerabilities, threats and other cyber events.
4. Security Fix blog
Brian Krebs, a Washington Post reporter, maintains the Security Fix blog. Krebs’ blog posts attract security professionals and regular folks who want to keep up-to-date on the latest computer security issues, such as Internet scams, viruses, worms and new security tools. He offers valuable insights because he is a techie and “because he has forged strong relationships with people who practice bad things,” Paller said.