Feds Move to Secure Net

An anonymous reader writes "eWeek reports:The Cyber Warning Information Network, a key part of the Bush administration's National Strategy to Secure Cyberspace, will use a secure, private IP network separate from the public Internet, according to officials. The government currently has seven nodes running, said Marcus Sachs, director of communications infrastructure protection at the Office of Cyberspace Security, in Washington."

I would hope so

[Blaine Hilton]

Many companies have data centers in multiple locations with private lines connecting them. I would have hoped the government would have thought of this much sooner. Reminds me of a few months ago when they were saying the FBI has not been able to hire many computer experts because they could not pass the required physical tests.

bastards

[solidox]

either they mean there gunna use 10.x.x.x or one of there many DoD class A subnets (i think they got 7 or 8), they do not need 16.7million * 7 ip addresses. this is why there's a global ipv4 shortage, cos the bastards at the DoD and other places own most of them.

Fulltext for offline browsing & quickref'ing

[Anonymous Coward]

from http://www.eweek.com/article2/0,3959,922570,00.asp

March 10, 2003

Feds Move to Secure Net

ByDennis Fisher

SAN DIEGO--The White House and the new Department of Homeland Security have begun in earnest the process of implementing the plan to secure the nation's critical networks--starting with extensive changes in the federal security infrastructure.

The most significant move is the development of a private, compartmentalized network that will be used by federal agencies and private-sector experts to share information during large-scale security events, government officials said at the National Information Assurance Leadership conference here last week.

The system is part of the newly created Cyber Warning Information Network, a group of organizations including the National Infrastructure Protection Center, the Critical Infrastructure Assurance Office and others that have some responsibility for the security of federal systems. The private-sector Information Sharing and Analysis Centers will also be included.

The Cyber Warning Information Network, a key part of the Bush administration's National Strategy to Secure Cyberspace, will use a secure, private IP network separate from the public Internet, according to officials. The government currently has seven nodes running, said Marcus Sachs, seen on left, director of communications infrastructure protection at the Office of Cyberspace Security, in Washington.

Sachs, speaking at the conference here, which was put on by The SANS Institute, pointed to last week's handling of the critical vulnerability in the Sendmail Mail Transfer Agent package as a prime example of how such back-channel communication between vendors, researchers and the government can help protect end users. Researchers at Internet Security Systems Inc., in Atlanta, discovered the vulnerability in mid-February and immediately notified officials at the White House and the Department of Homeland Security.

The government quietly spread the word among federal agencies and, along with ISS, began contacting the affected vendors. After the vendors developed patches, the fixes were deployed quickly on critical government, military and private-sector machines before the official announcement of the vulnerability.

However, some in the security community say that until the CWIN is fully operational and proven, they'll continue to use existing methods.

"I would not have used CWIN for Sendmail. There are too many questions about something that has not been fully deployed," said Pete Allor, manager of the threat intelligence service at ISS and director of operations at the Information Technology ISAC. "I'd like to know who I'm transmitting information to and the rules for dissemination.

"My two biggest concerns are having private-sector information on a government network and if Congress withdraws the [Freedom of Information Act] exemption, there won't be any reason for private companies to use [the CWIN]," Allor said. While speculation exists, to date no bill has been introduced to remove the FOIA exemption in the Homeland Security Act.

As part of the plan to improve security, the CIO of each federal agency is, by statute, now accountable for the security of that agency's network. This is a significant change, considering the lack of responsibility permeating government security efforts.

"This is the first time this has ever happened," Sachs said. "It used to be that it was their job, but they just said, 'Yeah, I guess we're secure.'"

The internal structure of the government's security apparatus is also undergoing some major changes, officials said. The President's Critical Infrastructure Protection Board, formerly part of the Office of Cyberspace Security, is now part of the Homeland Security Council. But that may not be where it ends up. There are indications that the board may end up as part of the Department of Homeland Security.

US Military already has it's own private network

[ItaliaMatt]

The military has it's own private and secure data/voice network. They have their own private IP's and everything. Any time people working on the unclassified network need to move data to the classified network they have to use "sneaker-net" and make damn sure the data isn't infected with a virus. Perhaps this is what the Department of National Security is modeling it's data network after.

whoopee!

[Anonymous Coward]

7 nodes - another 10 yrs they'll have a big enough botnet to launch a DDOS attack !

The Feds are auditing what should be on Internet

[MyNameIsFred]

For all those saying I can't believe the Feds don't have a separate network -- golly gee yes they do and have had such separate networks for years. What the Feds are doing is auditing which systems are connected to which networks. If it was originally assumed that the public Internet was safe enough, those assumptions are being checked. If it is decided that those assumptions were wrong, that a system is threatened, it is moved to a private internet. Considering the size of the Federal government it should surprise no one that history, changes in the internet and other factors should justify such an audit. Its not like private companies don't do the same thing on occassion. The difference is this time politics are involved. Its a way to wave the flag and see we're doing something for homeland security. Three years ago, the press would have ignored this.

Cyber Warning Information Network

[plcurechax]

Cyber Warning Information Network (CWIN) looks to be an expensive, slower, and less effective version of CERT [cert.org].

These is the group that "handled" the recent announcement of a new sendmail vulrenability. Except what they did was this: ISS, a info-security company looking for browie points reported to Office of Cyberspace Security at the White House and Homeland Security, who told FedCERT which passed that along to military and federal government IT people. Except all they could do was turn off sendmail, since a fixed wasn't yet available!

Then Sendmail (.com and .org sides, i.e. Eric Allman) and CERT was contacted. CERT alerted various Unix, Linux and BSD vendors that a new sendmail security fix was coming and to get ready to package it. Sendmail shared their fix with vendors and everyone announced a fix at roughly the same time. Thanks to the hard working people at CERT. Nobody played "I'm fixed, screw the rest of you" or other selfish self-centered games.

So the DHS made three phone calls (or emails) and spent the rest of their time writing up press releases about their great job, so the "press release == news" media could spout how great and cyber-aware DHS is. Though ISS, Sendmail Inc./ Consortium, and CERT did all the real work.

Re:I would hope so

[Proaxiom]

I would have hoped the government would have thought of this much sooner.

They have. NIPRNet and SIPRNet are two 'private internets' used by the US military (for unclassified and classified data respectively). This is just a new special purpose network for the Department of Homeland Security.

They're not pretending it's a novel idea.

You've missed the point

[billstewart]

Private lines and frame relay networks don't keep you safe from wiretappers, but they're not exchanging packets with the Internet, and work just fine even if the Internet is dead. This is a network designed to be used when the Internet is under attack, so you want something that's not part of the Internet. VPNs give you privacy, but they need a working network underneath, and for this application that needs to be Not The Internet, though depending on what they're doing, they might want to run a VPN over private networks.

Also, this network may not be very expensive - most of the traffic is likely to be email or occasional software distributions, and just about everything except a major Windows patch can run fine over a 56kbps frame connection.