                             
|
|
|
Home NCS
Manager's Report to the NSTAC Thank you, Van [NSTAC Chairman Van B. Honeycutt]. I'm going to run a quick survey. Ever since the CINC [General Ed Eberhart, Commander-in-Chief, US Space Command] got up and mentioned coffee and water and so forth. How many coffee drinkers do we have in here? Raise your hands. I understand my mission. I'm very quickly going to cover the events here. I'm very happy to be the cleanup speaker today because a lot of the issues I'm going to discuss I'll try to put a little more detail on them. At the same time you've heard a lot from Dick Clarke [the President's National Coordinator for Security, Infrastructure Protection and Counter-Terrorism] and from the CINC [Eberhart] and the perspective -- and the Deputy Secretary [of Defense Rudy de Leon] -- of how we're facing the critical infrastructure protection of the Department of Defense. Basically, we have a teamwork session going on with the NSTAC. Rather than going into detail today about the National Communications System [NCS], we put on the desk in front of you a document that outlines the 1999 accomplishments and directions and the way ahead for the NCS. Also included in there are all the Government agencies that participated. So you can see that it's a broad spectrum across the entire Government. Since we do have many new members today, I want to quickly go through this spectrum to make sure we all understand the magnitude of what we're talking about when we talk about National Security and Emergency Preparedness [NS/EP]. If you look up here at the top [slide presentation not provided], we have nuclear war. What we've added to this spectrum as you see is "strategic cyber war." We're starting to work now with the lexicon of how do we fit "cyber warfare and terrorism" into the chart. And I would submit to you that our work is not done because we get down here in this level and coming up, we hit "cyber terrorism." But I'd suggest to you we have several other things that have been discussed this morning that would be a little bit on the spectrum. For example, denial of service at Yahoo. And what are the economic impacts when you have denial of service of commercial sites. We're going to need to take a look at that and see how do we characterize that and how do we talk about that. The thing I would point out to you is that we have a host of things that we consider in National Security/Emergency Preparedness--all the way from nuclear war down to the power outages. Very simple type outages that we try to protect from in designing the networks. We had a very successful exercise of the Y2K rollover. What I'm going to do is take this and we're going to come back to the Y2K and put it in the context of what are we going to do on the way ahead. But the bottom line: Everybody is to be congratulated -- the greatest effort I've seen between Government and industry. The advantage we have and the caution, of course, we can all recognize is that we knew it was coming and we mobilized the resources, both dollars and people, to fight it and we were very successful. And there are some lessons I think we can take from this and apply to the critical infrastructure, but as others have said the problem remains far more complex than the Y2K rollover. We have made good progress; it's been discussed. The banking industry has established their Information Sharing Analysis Center [ISAC]. In March, we stood up the Information Sharing [and] Analysis Center for the NCC [National Coordinating Center for Telecommunications] and I want to thank the companies that you see here that are participating in that. A lot of them have stepped forward and you will see shortly that even with the "love bug" virus, we were in fact able to share information although we've been in business a very short time. But I do appreciate the companies that have stepped forward to work in this Information Sharing and Analysis Center. When we talk about the mission you can see that up here. What we're trying to do is to get at the issue we've been talking about all day -- how do we share information while protecting those proprietary aspects of it or the legal liability aspects of it so that we can in fact have an environment where we can share information. We have a history in the National Coordinating Center of being able to do that and what we're hoping to do is extend it into the Information Sharing and Analysis Center. On the "love bug" virus you can see we did do some sharing with the folks as we found what was going on and passed it out. I'll show you how we do that in our relationships between both the military side and the civilian side. These are some of the advantages we would see in sharing the information because as we develop tools and procedures in the Department we would be willing, of course, to share them so that we could get extended protection out of the national infrastructures that Dick Clarke talked about. Here we have an organizational view of what the CINC pointed out. This was a piece that was missing. All right, after we've gotten the information we're being attacked and we start to understand that, what do we do about it? Who’s in charge to step forward and do something about it? Well that's where the JTF [Joint Task Force - Computer Network Defense] comes in. That's their role in the scheme of things. This organization, these two over here Dick Clarke talked about being able to see where the fiber and the cable heads and the weak nodes, are on our global network system and particularly the United States. These folks over here watch the system from a military standpoint. That's one of the reasons the JTF is co-located in Washington with my Headquarters where we watch the military communications slots. We do the analysis and this organization, the CERT [Computer Emergency Response Team], the Department [of Defense] CERT is related very closely to the CERT that's at Carnegie-Mellon [University]. We have a very close relationship between them and we all start to work as soon as we get an indication. Wherever the indication may come from, we start to work on the solution immediately. Also, one of the more important aspects of their job is to try to identify where exactly the attack is coming from, not a simple problem to resolve. And then, of course, we have here the part that we want to bring in and we just stood up the industry component where we're going to in fact greater information that is provided from these functions of monitoring, analysis, response and sharing. I would suggest also that, we alluded to it, but before we get into this paradigm we want to also, back in the "defense in depth" aspect, in the design of our system we want to design in security. The same thing on the networks to prevent service denial. So in addition to these that are largely reactive, we're taking a "defense in depth" strategy that looks at the beginning aspects of when we design the system in the first place. I want to give you some stats on where we stood on reported incidents. You can see that in 1999 we sort of went off the scale. We believe it's because one, there were more intrusions and two, we're much better at identifying and having the reports come in from the services to our central collection facility. Now what I'm going to do is take this very large aggregate number and break it down and show you that there are some areas where this issue that we're talking about on people comes into play. When you look at the serious incidents where you had root access, there are only about 118 that we had sufficient information where we could really dig in to see what happened. Out of that, 111 were totally preventable. It reflects back on the training and being able to retain the qualified people that can in fact do that -- the Systems Administrators. Now on viruses, we've been talking about the "love bug" and "Melissa." This is what we see on average monthly basis over the years here. We've definitely, in this Year 2000, we've already started to see it go up almost double -- again -- largely because we believe that one, it's becoming the thing to do in the hacker community and they're beginning to see how easy it is to do it with the attachments. Now none of the attachments we've had thus far are really what I would consider serious attacks in the sense that they would bring down the network, but they certainly are serious from the standpoint they show what is possible with attachments. The "Melissa" virus is a good example. Because we had stood up the Joint Task Force and because we had procedures in place we very quickly were able to in fact minimize the impact of the virus spreading in the Department of Defense. The "I Love You" virus was much the same story. Again the same procedures and the same team was there working the issue. Again, both of these, this one, for example, was about 300 lines of code which we think was written by a student in the Philippines. But that's 300 very simple lines of code. That's why we start to get concerned because these people are showing the "state of the possible." And at some point we are going to get to that "electronic Pearl Harbor" that [former Deputy Defense Secretary] Dr. [John] Hamre talked about during the session we had the past year. We do have several challenges coming up in the telecommunications arena and I want to sort of explain what they are and again ask for some assistance and help in solving them. I told you I'd talk about Y2K again. We have this environment for the Y2K and all of these were pretty much in place. If you look at the color codes, for example, we've also discussed legislation. It's clear we're going to need to articulate what that is and what needs to be done. The IES [NSTAC's Industry Executive Subcommittee] has really started on that with their looking at the Freedom of Information Act. There are other areas that we're going to have to get into, but I think we're going to have to recommend that to the Government. And you can see what else needs to be done. I would point out here, again, that we can be the honest broker in this Information Sharing and Analysis Center. We do now take information in that is sensitive and we sanitize it and use it in a way that we can protect other individuals and get the word out by protecting the identity of the company that's involved. We've been doing that for some time. So I think this is a model but it isn't a total model of what we can do in the future. We've talked about the IT [Information Technology] personnel situation. This chart pretty well summarizes it. We're having trouble retaining highly IT-qualified individuals. I run an intern program and I have over 400 of them that I brought in over the last five years, some of them highly skilled. I have 70 percent of those interns still with me. Now you can guess the 30 percent that I don't have -- the highly, technically qualified that have gone on to find other jobs in industry. So we've got to find additional incentives. And I'm grateful that a lot of them went to work for certain contractors that allowed me to get them back to work on my projects. The hiring abroad is an issue that there is talent there and I know it's being discussed from a national standpoint. There are security concerns. I'm hoping in the Executive Session that we can expand on this and perhaps come up with some ideas on how we can attack this shortage, ala the idea the Dick Clarke put out. I'm very busily building a National Security Infrastructure across the globe for the military forces so that they can plug in and get broadband connectivity wherever they need to in the globe. We're making great progress and this is a combination of terrestrial and space assets of both military and civilian. And I would say that the interstate highway system is a good analogy. We've got the interstate highway just about built. We're in Europe and we're in the Pacific now. We have just finished the United States with a lot of good help from a lot of the companies that are in this room. As the Secretary [de Leon] alluded to, we do have a problem. We have 600 military locations that need to get on that interstate and the access highways are not there. And so what you see here is a situation where we have a very broadband pipe connecting the United States, and this by extension also goes to Europe, Southwest Asia and to the Pacific. This is the problem. How do we get these locations back here in the States? And what is the importance of that? Let's take Kosovo as an example and Beale Air Force Base. During Kosovo we had the Predator fly to take a look at what was going on, on the battlefield at the time, and that information was passed back as video to analysts who sat at Beale Air Force Base. That took a lot of bandwidth and we had to greatly expand what was going in to Beale Air Force Base. Now we're taking a look at each of our critical bases now because of the lead-time involved. This is where we are right now on the situation on provisioning. We're in a contracted time of 20 days. This is the best, 149. You can see my average and the worst. This is a national problem; it's not just to our bases; it's in other areas also. We need to attack vigorously over the next year because provisioning times that go up into the 260 days are simply not responsive to contingencies that we can have start and end well within that period. I think we pretty much hit these discussion issues and I think that for the Executive Sessions we can certainly expand upon them, but I do believe that there's a lot that we can bring to the table in this area that we've made improvements on. The IES spoke to the converged networks down here and I think that the probable issue that we've really got to attack, on converged networks, if in fact the world is going to be IT-based is, you have to be worried about IPP and the second "P" in that is the psychopaths that are IP-literate. There are very few people going around today attacking Signaling System 7, but a lot of people are on the Internet protocol attacking our computer networks. So when we start thinking about bringing voice, video, data all over the same technology, we had better at the same time think about the security aspects of that because that can have repercussions back into National Security and Emergency Preparedness area. Finally, I want to say that it's been a real pleasure
for me to work with the NSTAC. You are a great group of professionals.
I am forever grateful to the IES members who give their time and effort.
[There's] a lot of tough issues to provide advice to the President and
to the principals that give their time and their collective wisdom to
this organization. Thank you very much. Published for internal information use by the National Communications System. Parenthetical entries are speaker/author notes; bracketed entries are editorial notes. This material is in the public domain and may be reprinted without permissio
Questions or comments concerning this site? Please contact the webmaster. Reviewed December 07, 2006 |
