Tuesday, October 21, 2003

New Security Organizations One Year After Attacks on Root Name Servers

A couple new security organizations have been created in the last month. First, the US-CERT was announced last month. I see a lot of talk about "information sharing," but I'm not sure how that's different from what the CERT at Carnegie Mellon does. This article mentions how the National Cyber Security Division of the Department of Homeland Security is

"taking the lead on a cybersituation awareness project that can conduct near-real-time analysis of incident data nationwide... The division is currently working with SRI International, Symantec and Computer Associates International Inc. to develop an automated capability that would enable data to be shared immediately with various private-sector-run Information Sharing and Analysis Centers. The research and development effort includes plans to build a nonproprietary system that would allow any organization in the nation, regardless of IT infrastructure, to feed data into the incident analysis system.

'We will be deploying this in the federal sector starting at the US-CERT first so we can see in real time what is happening across the nation,' McDonald said."

Sallie McDonald is "the DHS's senior executive responsible for outreach and awareness efforts."

Not to be outdone, the Internet Software Consortium (ISC) announced today the creation of the Operations, Analysis, and Research Center (OARC), focused on the defense of the Internet's domain name servers. This is a response to last year's attacks on the root name servers. I found a site dedicated to news on the Internet infrastructure, with articles on DNS, ICANN, and other topics.

Speaking of DNS, one year ago today the root name servers were attacked. CAIDA offers good descriptions and graphs of what happened.