Reporting Internet incidents to Homeland Security
In case you missed the memo, Howard Schmidt acting chairman of the President's Cybersecurity Board announced the National Communications System is the place you are supposed to report Internet infrastructure incidents. http://www.fcw.com/fcw/articles/2003/0331/web-cyber-04-02-03.asp "Many incidents can be handled by the private sector, but there is current discussion about how to better define expectations on the government side and to institutionalize what type of incidents will be automatically reported to the government, Schmidt said." "One step officials already have made is to establish the National Communications System (NCS) as the key contact point for industry representatives when reporting Internet infrastructure incidents, he said."
Hello, ----- Original Message ----- From: "Sean Donelan" <sean@donelan.com> To: <nanog@merit.edu> Sent: Thursday, April 03, 2003 10:51 AM Subject: Reporting Internet incidents to Homeland Security <snip> : "Many incidents can be handled by the private sector, but there is current : discussion about how to better define expectations on the government side : and to institutionalize what type of incidents will be automatically : reported to the government, Schmidt said." What kind of incidents should be reported to gov? DDoS done by script kiddies don't live in the USA for example? Webhosting folks should report the script kiddies using free homepages to host trojans? Thanks, -A
Speaking on Deep Background, the Press Secretary whispered:
: "Many incidents can be handled by the private sector, but there is current : discussion about how to better define expectations on the government side : and to institutionalize what type of incidents will be automatically : reported to the government, Schmidt said."
What kind of incidents should be reported to gov? DDoS done by script kiddies don't live in the USA for example?
Webhosting folks should report the script kiddies using free homepages to host trojans?
Every 419 letter; they are clearly cover for a 5th column attack. And most significant [given Schmidt's recent past], be sure he knows of every "Latest Microsoft Security Update" you get.... -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
This is assuming the US Government security authority over the Internet. Why should the US Government get the appearance of special privileges where other governments of the world do not? The vast majority of serious security incidents I see all cross national jurisdictions. So you can label them "international Internet security incidents." As far as I see the Internet, the US Government is just another customer ... not "the government" that exclusive access to the state of the Net's health. My advice to the "Internet Industry" is to keep pressing forward with Industry driven solutions. That way, governments around the world who wish to be "plugged in" can join the industry's response to security incidents on the Net.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Sean Donelan Sent: Wednesday, April 02, 2003 11:52 PM To: nanog@merit.edu Subject: Reporting Internet incidents to Homeland Security
In case you missed the memo, Howard Schmidt acting chairman of the President's Cybersecurity Board announced the National Communications System is the place you are supposed to report Internet infrastructure incidents.
http://www.fcw.com/fcw/articles/2003/0331/web-cyber-04-02-03.asp
"Many incidents can be handled by the private sector, but there is current discussion about how to better define expectations on the government side and to institutionalize what type of incidents will be automatically reported to the government, Schmidt said."
"One step officials already have made is to establish the National Communications System (NCS) as the key contact point for industry representatives when reporting Internet infrastructure incidents, he said."
On Thu, 3 Apr 2003, Barry Raveendran Greene wrote:
This is assuming the US Government security authority over the Internet. Why should the US Government get the appearance of special privileges where other governments of the world do not? The vast majority of serious security incidents I see all cross national jurisdictions. So you can label them "international Internet security incidents."
http://www.govexec.com/dailyfed/0403/040103td1.htm "The Homeland Security Department may take more of a direct role coordinating the security of the Internet's infrastructure, a top administration official said Tuesday." "The Bush administration's acting cybersecurity adviser Howard Schmidt said in an interview that homeland security and government agencies officials are working to formalize a security apparatus for the global Internet root servers, a series of computer systems that underpin the Internet's address system." Since US state and federal government affliated agencies already operate 5 out of 13 of the root servers, and 2(3) root server operators are essentially under the contractual supervision of the US government, I'm not sure how much more direct you can get. 3 root server operators are outside the US.
This is assuming the US Government security authority over the Internet. Why should the US Government get the appearance of special privileges where other governments of the world do not? ...
http://www.govexec.com/dailyfed/0403/040103td1.htm "The Homeland Security Department may take more of a direct role coordinating the security of the Internet's infrastructure, ...
"The Bush administration's acting cybersecurity adviser Howard Schmidt said in an interview that homeland security and government agencies officials are working to formalize a security apparatus for the global Internet root servers, a series of computer systems that underpin the Internet's address system."
Since US state and federal government affliated agencies already operate 5 out of 13 of the root servers, and 2(3) root server operators are essentially under the contractual supervision of the US government, I'm not sure how much more direct you can get.
speaking for f-root, ISC reports attacks and outages to US-NCS and have since long before the current executive order, and without reference to any order. it's not an exclusive. any nation that the US state department tells ISC is not an "enemy" is welcome to hear our attack and outage reports. generally this means G8 but...
3 root server operators are outside the US.
...we've now got f-root mirrored in spain and china, with more on the way. -- Paul Vixie (PS. plans for dns-isac.org are proceeding nicely.)
<ritual line eater offerings> I've forgotten the date, but there was an "event" that was not an "event", but which significantly perturbed the ARPAnet of the time. Since I was at SRI, it was between 1987 and 1990 -- before SRI had an I4 or whatever. I had a conversation that evening with the duty officer at an agency that had "where did you put the bomb Mr. Brunner" as its starting point. The net was the the <agency> couldn't dump <assets> in finite time, though I did mine, a bunch of MILNET subnets and boxen (e.g., CENTCOM, SOCOM, etc.), and that was a problem. The evening ended with a chat with a senior technical member of staff at <agency> on the distribution of clue. I wrote up on it, and eventually a quasi-govo-dork contacted me to share his lack-o-clue. Sometime subsequent, or prior, but also while I was running the same playpen at SRI, there was the Morris Worm. I wasn't one of the decoders. If memory, always a feeble thing, serves, I made a call to a senior technical member of staff at <agency> on the distribution of clue. Twice the propeller-heads were hours (or days, or weeks, or professional lives) ahead of the Feds. Anyone for 3-out-of-5? Does ENO<ASSET> matter? I think CERT came from those calls. I'm probably mistaken. It probably came from a golden drop of Retsyn. The orange jump suits were early Ghostbuster. Anyway, the clue-density of the DOJ/HSD isn't enough to get optimistic over, and the deck-chair exercise the current ship-o-fools is engaged in, while highly entertaining, and wildly distracting from minor issues like getting work done, isn't enough to divert paid staff time to feed. I _did_ notice that when unpopular, "unpatriotic", network operators were the targets of coordinated and opportunistic criminal acts, that the DOJ and HSD had other priorities. That's the dns hijacking of Al Jazeera, in the US (registrars and registry), the ddos on webservers in New Jersy, and ddos transit through the US to non-US targets. Wake me up when there's a photo op with Secretary Ridge or some DoJ hitter with his or her foot on a pile of "patriotic" script-kiddie heads. I'd like to think that "law" and "net" together means something other than a game of badmitten. Eric
participants (6)
-
Abdullah Ibn Hamad Al-Marri -
Barry Raveendran Greene -
David Lesher -
Eric Brunner-Williams in Portland Maine -
Paul Vixie -
Sean Donelan