Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
      Digg this story   Add to del.icio.us  
A Cyber National Guard
Kevin Poulsen, SecurityFocus 2001-04-18

The Defense Department supports a controversial Arizona cyber security plan.

Pentagon cyber security wonks are looking to the Grand Canyon State for the future of information warfare defense, thanks to a bill in the Arizona legislature that would create the country's first State Infrastructure Protection Center (SIPC).

Like its national namesake -- the FBI-housed NIPC -- the Arizona SIPC would be poised to respond to physical and cyber attacks on seven critical infrastructures: telecommunications, energy, banking, finance, transportation, water and emergency services. But it would be overseen by the state's emergency management department, and be comprised primarily of state agencies.

It would also maintain close ties to the Pentagon, which has endorsed the proposal. Under the plan, the Department of Defense would provide the SIPC with up-to-date, sanitized information on network vulnerabilities and ongoing attacks through a new Computer Emergency Response Team (CERT) established within the Arizona National Guard.

"The National Guard is the perfect conduit between the [Defense Department] and the state," says James Christy, law enforcement and counterintelligence coordinator for the Pentagon's Defense-wide Information Assurance Program, who helped draft the proposal. "The National Guard works for the state governor most of the time, but they can be federalized in times of crisis."

The Guard's quasi-federal status is key to the plan, which Christy wants to see spread to all fifty states. He argues that state-level involvement is needed to protect critical infrastructures from terrorists and foreign info-warriors. "If we were ever to see a strategic attack on the nation, what you need is somebody on the local level, and then upstream it to the national level," says Christy.

"If something happens here in the state, it could disrupt Luke Air Force Base, for example, which is here in the Arizona," agrees Representative Wes Marsh, the bill's sponsor. "The cyber impacts the physical, and that's what's so unique about the bill."

But the SIPC bill is not without critics, and an earlier version passed Arizona's House of Representatives only to be shot down in the Senate. At issue: The legislation foresees crafting the SIPC out of existing hardware and personnel, at no cost to taxpayers -- a proposition Arizona governor Jane Hull says is unrealistic.

Moreover, the bill would require the state's technology managers to promulgate a series of cyber security plans -- including use of intrusion detection systems in every government agency -- but doesn't offer any money for that effort.

"The governor has concerns because it's not funded, and it calls for the creation of fifteen different plans with no implementation strategy or funding," says Susan Patrick, strategic communications manager with Arizona's Government Information Technology Agency, the group that would be responsible for pushing the reforms. "It also calls for us to use existing resources, and we have no statewide information security specialists in our agency."

Marsh counters that the state should already be using IDS systems, and other security measures, across the board, and argues that availability of freeware programs like Snort and PGP should alleviate cost concerns. "Current statutes require them to have disaster recover and reconstitution plans," says Marsh. "Information assurance is a critical component of that."

    Digg this story   Add to del.icio.us  
Comments Mode:







 

Privacy Statement
Copyright 2008, SecurityFocus