Government preps Net security system
A centralized early warning system for Internet security alerts should be working by this fall, according to an official from the U.S. Department of Homeland Security.
Marcus Sachs, the department's cyber program director, said the system will provide an Internet counterpart to the Terrorist Threat Integration Center (TTIC) that President Bush announced in his State of the Union address in January. The TTIC, a mammoth data-collection project intended to fuse information collected domestically by police and internationally by spy agencies, has a broad mandate but has focused on physical threats to national security.
"We don't have today a way to do early warning detection broadly," Sachs said in an interview after a speech at the Black Hat Briefings security conference here. Defense contractor SRI International is expected to deliver a preliminary version of a working system--called the Global Early Warning Information System (GEWIS)--by October 2003 and a final version by March 2004, Sachs said.
GEWIS is intended to act as a kind of central hub that monitors sensitive areas of the Internet and alerts Department of Homeland Security officials to suspicious activity. Sachs offered the example of the department monitoring unusual numbers of domain name lookups and requests to authenticate VeriSign certificates as possible precursors to an electronic attack.
"That'll fall under us," Sachs said. "We recognize there's a lot of good information out there that's not connected."
In 1999, the FBI proposed a related plan, called the Federal Intrusion Detection Network, or FIDNet, but was forced to dramatically limit its scope in response to public outcry and pressure from libertarian-leaning members of Congress. Texas Rep. Dick Armey, who was House Majority Leader at the time, wrote a letter to then-Attorney General Janet Reno saying: "This new bureaucracy would look for suspicious activity on both government and private computer networks, and the information collected would be gathered at the FBI's National Infrastructure Protection Center, under your jurisdiction. News reports about this system have understandably caused a great deal of concern."
David Sobel, general counsel of the Electronic Privacy Information Center, said GEWIS raises similar legal and constitutional concerns if it includes monitoring Internet resources operated by the private sector.
 | ||||
| | | ||
| News.Commentary  IT managers' spending decisions were once rarely questioned. Today's environment makes for deeper thinking about security. | | ||
| ||||
| ||||
The FBI's National Infrastructure Protection Center is now part of the Department of Homeland Security. When Congress created the department in November 2002, it mashed together five agencies that previously had divvied up responsibility for "critical infrastructure protection." The other four were the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis center and the Federal Computer Incident Response Center.
Sachs said the government already has "a prototype that's been under development in the last year." GEWIS will take over where the efforts of the five individual agencies had ended, Sachs said.
He said GEWIS is not intended to focus on content and should not raise the same concerns that plagued FIDNet. GEWIS is based in part on work conducted by the National Communications System, a Defense Department agency that