[ISN] States prepping cyberalert plan

InfoSec News isn at c4i.org
Tue Aug 31 01:24:45 EDT 2004

Forwarded from: William Knowles <wk at c4i.org>


By Tim Greene
Network World

PROVIDENCE, R.I. - Looking to gauge the risk of attacks against their
networks, state officials this week will vote on new measures that
would assess threats and dictate specific actions to take to protect
key resources.

If adopted, the common alert-level procedures would color-code the
threat to state networks and recommend action to take in response to
specific threats. The proposed cybersecurity alert system would
establish a secure Web site state officials could tap to determine why
each state has the security ranking it does and whether they should
take action based on what other states experience.

Homeland security ranked among the key topics considered last week at
the National Association of State Telecommunications Directors
(NASTD). The state network executives also shared experiences with
VoIP, and concerns about public-safety networks, the threat of worms
to state agencies, making more efficient use of existing
infrastructure and getting enough staff to carry out their duties.

NASTD members were warned that coordinated attacks against their
networks could be a tactic terrorists use. "We should regard
cyberterrorism as a weapon of mass destruction," said William Pelgrin,
chairman of the Multistate Information Sharing and Analysis Center
(MS-ISAC), which he coordinates through the New York State Office of
Cyber Security & Critical Infrastructure Coordination.

The system will be very specific, Pelgrin said. "If we went to yellow,
it would tell you why and what you need to do right now. It might be:  
Block Port 445 until a patch comes out."

MS-ISAC has been developing for more than a year and already has
helped out member states. During last August's week of worm outbreaks,
Arkansas sought and received help to restore its affected network
segments, said Claire Bailey, the director of its the state's
department of information systems.

MS-ISAC is an informal group set up at the request of the Department
of Homeland Security (DHS) to gather and share data about critical
state government networks with the goal of protecting them from
potential cyberattacks that could threaten public health and safety.

While Pelgrin said the full cyber-evaluation criteria are secret, he
said the appraisal takes into consideration events outside the
networks. For instance, New York has been ranked as blue or "guarded"  
solely because the Republican National Convention is being held this
week in New York City, Pelgrin said, not because of network problems.

Montana, which shares a 600-mile border with Canada, is seeking grants
to upgrade law-enforcement radio networks so local, county, state and
federal agencies can talk to each other, said Carl Hotvedt, chief of
the network technology services bureau for the state's information
services division. "The problem is a lot of different systems that
don't talk to each other," he said.

Federal agents at a remote border crossing recently needed help from
the local police 10 miles away, but their radios used different
frequencies. "The border patrol needed backup but couldn't contact the
local sheriff," Hotvedt said.

Homeland security has given new momentum to a 15-year project to
better integrate public safety radio networks, said R.D. Porter,
security services manager for the Missouri division of information
services. Wyoming, Virginia, Florida and Arizona are among states
either planning or revamping their radio networks to interoperate
better, he said.

While radio network concerns are somewhat far afield from the concerns
of corporate IT executives, other worries are the same. In
Pennsylvania the state's acting telecom director is concerned about
security of desktops and the threat of worms and viruses shutting down
networks for extended times. That translates into a pending proposal
to beef up authentication of desktops and servers before they are
allowed access to the network, said Charles Strubel, acting director
of Pennsylvania's telecom services bureau.

He said software to make sure these devices have necessary patches
installed would protect networks from worms and Trojans. Software or
hardware to segregate network segments that get infected would limit
the effects of outbreaks and keep services closer to normal levels, he

Strubel also is looking at building redundant fiber rings to serve
schools in the northern part of the state to handle dual purposes.  
They would deliver needed connectivity for inter-school communication
and distance learning. But redundant fiber also would support the
schools' role as disaster shelters and command centers by providing
high-speed links to emergency agencies.

North Dakota already has a statewide ATM-over-SONET network on which
it wants to overlay networks for police agencies to connect via
encrypted paths, said Glen Rutherford, network architect for the
state's IT department. His proposal to the DHS would make use of North
Dakota's existing network to carry traffic that was secured at each
end by separate firewalls, authentication software and encryption
devices. If it is successful, other states could adopt the model and
link their networks to share information, he said.

North Dakota also is seeking funding to back up its data centers to
keep key state agencies operating if a disaster strikes its primary
site, said Mike Ressler, deputy to the CIO of the state's IT

West Virginia has applied for grants to install redundant routers and
other network gear to make the state's networks more resilient against
attacks, said Deepesh Randeri, manager of state network infrastructure
in the department of administration.

In some states, homeland security is more basic, such as extending 911
services to all state facilities, as in the case of Oklahoma. A DHS
grant paid for upgrades to PBX software so 911 calls would accurately
reflect where a caller was located and interoperate with the public
911 emergency call system.

Mississippi is looking for more staff to keep up with its network
security needs, said Jimmy Webster, data network manager for the
department of IT services. He said he only has four staff members who
work on security in addition to other duties.

While DHS grants are available, Webster said some federal mandates
still leave the states short of cash. "There's still a lack of effort
to fund some of the things we need to do today," he said. And physical
security, such as protecting airports and bridges, seem to take
precedence over protecting networks. "If you compete for money, cyber
will lose 90% of the time and physical will win," he said.

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

More information about the ISN mailing list