InfoGram

February 22, 2001

NOTE: This InfoGram will be distributed weekly to provide members of the emergency services sector with news and information concerning the protection of their critical information systems. For further information please contact the U.S. Fire Administration's Critical Infrastructure Protection Information Center at (301) 447-1325 or email at usfacipc@fema.gov.

Critical Infrastructure Protection (CIP): "Computer Security"

• The National Institute of Standards and Technology (NIST) has just released draft guidance on intrusion/detection systems that outlines all the factors that agencies and others need to consider when integrating these security systems into their networks. The guidance is part of a series of special publications that NIST has released to assist agencies and others in the information security arena. Other publications in this series include Generally Accepted Principles and Practices for Securing Information Technology Systems, and Guidelines to Federal Organizations on Security Assurance and Acquisition. The new guidance document "is intended to assist federal agencies and others as a primer in intrusion detection," according to personnel at the NIST Computer Resource Center. It aims to assist those who need to understand what security goals intrusion/detection mechanisms serve, how to select and configure intrusion/detection systems for their specific system and network environments, how to manage the output of intrusion/detection systems, and how to integrate intrusion/detection functions with the rest of the organizational security infrastructure. Additional information is available at www.nist.gov.
• The case of the career FBI agent charged this week with spying for Russia since 1985 is "being touted by the FBI and IT security experts as a harsh lesson in a growing threat to corporate data by insiders." According to an article in Computerworld magazine, although alleged spy Robert Hanssen and his Russian handlers relied heavily on traditional spying methods, Hanssen also made extensive use of computer media to communicate with Russian intelligence officers, allegedly providing as many as 26 encrypted floppy disks during the course of his espionage activities. "The lesson for corporate America, is that companies tend to gain a false sense of security from strong perimeter security such as firewalls," says Eric Friedberg, a former computer and telecommunications crime coordinator at the U.S. Attorney's Office in New York. He added that "What goes on behind the firewall can be even more damaging because of the degree of access insiders have." Friedberg recommends that companies try to protect themselves from insider abuse by focusing on what their networks can tell them about what is going on inside the company. He suggests that artificial-intelligence-enabled security software can alert administrators to "anomalous activity" on the network. (http://www.computerworld.com)

"Computer Security"

• In what could be a warning for 911 centers, a dampened set of telephone cables was blamed for putting the city of Lincoln's (Nebraska) 911 emergency call center out of service for six hours on February 15, 2001. ALLTEL confirmed that the 911 underground line failed when moisture got into the cable. Lincoln Police Chief Tom Casady said that the outage was very frustrating because center personnel knew there were emergency calls, but the city could not receive them. He said it appeared that no serious incidents were missed. Problems began shortly before 1:00 a.m. CST and worsened until 911 failed altogether. Authorities relied on commercial radio reports to tell people where to call. For two to three hours, only the sheriff's office's nonemergency number worked for police. Lincoln Mayor Don Wesely said that the hours of interrupted service were unacceptable. "We were somewhat surprised by this failure," he said. "We assumed there was no one point of failure that could take down the entire system."