Security threats Toolkit

US govt to get early warning of Net attacks

Tags:
Internet,
Terrorist,
Web,
Hacker

Declan McCullagh CNET News

Published: 01 Aug 2003 10:40 BST

A centralised early warning system for Internet security alerts should be working by this autumn, an official from the US Department of Homeland Security said on Thursday afternoon.

Marcus Sachs, the department's cyber programme director, said the system will provide an Internet counterpart to the Terrorist Threat Integration Centre (TTIC) that President Bush announced in his State of the Union address in January. The TTIC, a mammoth data-collection project intended to fuse information collected domestically by police and internationally by spy agencies, has a broad mandate but has focused on physical threats to national security.

"We don't have today a way to do early warning detection broadly," Sachs said in an interview after a speech at the Black Hat Briefings security conference. Defence contractor SRI International is expected to deliver a preliminary version of a working system -- called the Global Early Warning Information System (Gewis) -- by October 2003 and a final version by March 2004, Sachs said.

Gewis is intended to act as a kind of central hub that monitors sensitive areas of the Internet and alerts Department of Homeland Security officials to suspicious activity. Sachs offered the example of the department monitoring unusual numbers of domain name lookups and requests to authenticate VeriSign certificates as possible precursors to an electronic attack.

"That'll fall under us," Sachs said. "We recognise there's a lot of good information out there that's not connected."

In 1999, the FBI proposed a related plan, called the Federal Intrusion Detection Network, or FIDNet, but was forced to dramatically limit its scope in response to public outcry and pressure from libertarian-leaning members of Congress. Texas Representative Dick Armey, who was House Majority Leader at the time, wrote a letter to then-Attorney General Janet Reno saying: "This new bureaucracy would look for suspicious activity on both government and private computer networks, and the information collected would be gathered at the FBI's National Infrastructure Protection Centre, under your jurisdiction. News reports about this system have understandably caused a great deal of concern."

David Sobel, general counsel of the Electronic Privacy Information Centre, said Gewis raises similar legal and constitutional concerns if it includes monitoring Internet resources operated by the private sector.

"It warrants closer examination, and more details need to be disclosed so a full assessment of the legal and privacy issues that may be raised can be made," Sobel said.

The FBI's National Infrastructure Protection Centre is now part of the Department of Homeland Security. When Congress created the department in November 2002, it mashed together five agencies that previously had divvied up responsibility for "critical infrastructure protection." The other four were the Defense Department's National Communications System, the Commerce Department's Critical Infrastructure Assurance Office, an Energy Department analysis centre and the Federal Computer Incident Response Centre.

Sachs said the government already has "a prototype that's been under development in the last year." Gewis will take over where the efforts of the five individual agencies had ended, Sachs said.

He said Gewis is not intended to focus on content and should not raise the same concerns that plagued FIDNet. Gewis is based in part on work conducted by the National Communications System, a Defense Department agency that became part of the Homeland Security Department.