Federal NOC To Be Modeled After Incidents.org / DS

An anonymous reader writes "Computerworld is covering in more detail the new Federal 'Cybersecurity Center.' The article explains that unlike some earlier rumors indicated, the center will not try to build a super-carnivore, but instead use voluntary reports. It will be similar to the SANS Institute's Internet Storm Center, which summarizes contributions submitted to DShield.org. This system of voluntary contributors has been shown to be effective in the past by issuing early warning for a number of major Internet worms, like Code Red, Ramen and SQLSnake. Unlike Symantec's 'for pay ' Deep Sight service, which publishes alerts only to paying members, Incidents.org is a free service."

Protection or detection?

[Spazholio]

I'm a little unsure of what this will accomplish. Is it only going to alert you to the newest threats out there, or is it actually going to give info on how to protect your computer from them as well? Hopefully, one would think one would naturally lead to the other, but as someone already said, this IS the government running it. =)

Duplicating private sector

[sjanich]

WOUldn't it make more sense to instead of spending money building something like incidents.org, to fund incidents.org partially with grant money from the feds, so that it can beef up somewhat, and create a Federal liason team? They would spend less and get their goal quicker.

Re:Duplicating private sector

[RollingThunder]

Not if you want to start doing DShield-like data correlation, but from the ubersecure (snicker) internal government systems.

People would have an absolute bird if it got out that attempted access logs from #insert government agency here# were being sent to a NGO for correlation.

Although I won't deny that some greenbacks for incidents.org would be a great idea.

Good Idea

[extagboy]

Seems like a good idea as long as anonymous contributions from the public are welcome and uncensored. If it turns into a government throttled source of information, it won't be any good to anyone.

IT purchases must be _certified_ for security?

[cfadam]

Did anyone else notice this statement:

"In an interview with Computerworld last month, Clarke said the plan may include a governmentwide policy that requires all IT purchases to be independently certified for security prior to approval."

I would like to know what it takes for a product to get "independently certified for security", and how would/does this affect OSS?

(If this has been posted and answered in the past, please mod me down.)

Re:Why do you care?

[cfadam]

I care because I don't want to see open-source security products viewed as a lesser-quality product due to funding issues on the part of its contributors. If the government is going to install something as important as security software, they should have the right to choose the best product period, not just the best commercial product.

If the cost of certification is too great, that may also stop smaller security companies from being evaluated as well, also due to funding problems.

We shouldn't trust our nation's security only to those with deep pockets.

- A

Gov's first simple steps, NIST will lead on

[turtleshadow]

This is NOT news to anyone that has been following CSRC NIST SP-800 publications that have been trickling out of Gaithersburg MD for some time. They are even reaching out to small business

Establishing a decent list of the telco demarks and physical inventory and assesment of vital devices was the 1st thing and probably done to a good tolerance. This is the next step. Get all the traffic reports going to a central NOC.

NIST have been writing fairly decent and comprehensive publications that deal with Firewall, email, WAP and assesment of security position. And surprisingly the Public it seems has been regularly asked to comment based what is occuring everyday in business IT.

Currently with the release of the ASSET evaluation tool Fed agencies and departments no longer have the rug to sweep year's of poor planning and practice under.

I'd fully expect that in a few years, use of this Federal NOC and its services of cross site and network attack detection ability could be put into a FIPS standard of some sort. Those that deal with GOV will have to deal with GOVs rules.

If I was a federal law enforcement agency it would be an easy sell.

Sharing GOV net traffic information parallels the concept of sharing "most wanted" lists, prison rolls, evidence research, cold leads and what not.

I just wish the US Gov would also do the same for spammers for theft of services!

Its not a surprise that nearly 100% of all Federal buildings and critical facilites have a small number of meatspace entry points which are screened and watched, why should we expect different for Internet, Extranet and Intranet spaces.

I foresee the American Internet much like American Banks in the 1930's. We are past the "glory" bandits like Bonny and Clyde stage and are just getting weary of the wanna be criminals.

It was about that time the FBI was established to chase after cross juristiction criminals. The Bureau with many other institutions like Insurance companies insisted Banks put in physical measures, guards, bars, silent and audible alarms, robbery training for staff, proof of executing government regulations, etc.

I predict in 8 years Insurance industry will up your premiums for not having a syslog server, Not having a written and practiced fair use policy with employees, not having firewalls between vital resources and untrusted segments of your business. Heaven help come audit time!

My friends computers are rock, metal, plastic and air -- not majik. Get over it.

Reading any of the NIST program documents and having any experience with business consolidation helps in what to forecast next.

My bet is the US Gov to institute internal national EDI networks based on XML exchanges to negotiate terms of service and usage of resources. Quasi-Privatized EDI would preclude any undesireables and non-participant networks.

My 2c