Also inside:

* New International Partnership—Assisting PKI Students and Faculty With Next Generation Computer Graphics
* If Seeing is Believing—Success is Evident at PKI!
* Building a Parallel Password Cracking Environment—A Case Study
* The Department of Defense (DoD) Information Assurance Scholarship Program (IASP)
* State-of-the-Art Information Warfare (IW) Training
* USPACOM Annual Information Assurance (IA) Conference
* Vulnerability Assessments
* NETWARCOM

Portable Document Format (.pdf) download [1.5 MB]

Training and Preparing for Net-Centric Warfare

Among the many efforts underway at NPS to support NCW initiatives, the faculty of the Department of Computer Science have created specialty courses and tracks in addition to redesigning some existing courses to help prepare officers for the task of acquiring high-quality software-intensive systems.Also inside:

"Growing Up With Guns" A Cultural Education and the Information Age

During a decade of working with information operations and infrastructure protection issues, I have observed a pattern that I feel has critical implications for America’s technological future. I am convinced our culture must recognize its need to supply citizens with a common framework for discourse, debate, and decisions about technology. Meeting this need is essential for our country to meet the challenges of the Information Age.

Also inside:

* US, UK, CAN, AUS, and NZ Computer Network Defense (CND) Technical Conference
* Computer and Telecommunication Infrastructure—How People and Organizations Interrelate
* IEEE 802.11 Countermeasures
* Anatomy of Cyberterrorism—Is America Vulnerable?
* Center of Education Excellence: Understanding the Role of Biometrics and Information Assurance Within the DoD

Portable Document Format (.pdf) download

Security Benchmarks: A Gold Standard

On July 17, the NSA, DISA, NIST, FBI’s NIPC, GSA, SANS Institute, and the Center for Internet Security jointly announced minimum standards for securing computers using Microsoft Windows 2000 Professional. The unprecedented announcement, led by Presidential Cyber Security Advisor Richard Clarke, is an effort to stop most com-mon attacks against computer networks both inside and outside the Government. The new benchmark provides detailed configuration specifications for computers run-ning Windows 2000 Professional and that are to be connected to networks.

Also inside:

* The Importance of Consensus Security Benchmarks
* Measuring the Value of Security Guides
* Enterprise Security Enabled by CVE®
* Operationalizing Critical Infrastructure Protection: A Combatant Command Perspective
* The South Florida Honeynet Project: Yesterday, Today, and Tomorrow
* Guard Technologies: Connecting the Dots

Portable Document Format (.pdf) download

Trust in Cyberspace?

The concept of trust is intuitive, but there are challenges involved in defining, measuring, specifying, and computing trust. We all seem to know what trust is. If you ask a person whether he trusts another person, you are likely to get a “yes” or “no” answer. Ask the same person whether he trusts another person with his life, car, finances, or electronic business, and you are likely to receive quite different responses for each of these contexts of trust.

Also inside:

* GIG Interconnection Approval Process (GIAP)
* An Overview of the Evolving Law Related to Computer Network Defense
* The College Cyber Defenders
* Information Security Incident Response, Part II: Creating and Incident Response Team
* Space-Based Blue Force Tracking
* BlackBerry Security in a Military Environment

Portable Document Format (.pdf) download

Information Systems Security Incident Response

Many companies today have spent time and money on their Internet sites by investing in defenses against computer security incidents. Despite the best planning, incidents do happen and defenses are overrun. When that occurs an incident response capability may be all that stands between an enterprise’s computing environment and an incident that can threaten even the viability of the enterprise.

Also inside:

* IATF: At Five Years Old: A Wealth of Knowledge, and Still Growing!
* Phoenix Challenge: Information Operations Concepts and Solutions Exploration in the 21st Century
* Software Decoys for Software Counterintelligence
* FIWC IO Technology Workshop
* Continuity of Operations (COOP)

Portable Document Format (.pdf) download

Cyber Terror—Potential for Mass Effect

With the tragic events of 9-11, the ensuing anthrax spread, and the war on terrorism DoD and Government are faced with an ever increasing new threat—Cyber Terror. While terrorists’ plans have traditionally involved physical attacks, DoD’s increasing reliance on a highly interconnected information grid translates into a growing possibility that terrorists could elect to employ computer network attacks. As the Internet has expanded and DoD’s reliance on it increased, protests and political activism have entered a new realm. Political activism on the Internet has already generated a wide range of activity, from using E-mail and Web sites to organize, to Web page defacements and denial-of-service attacks. This edition of the IAnewsletter features two articles which address this evolving threat.

Also inside:

* DoD IA Acquisition Initiatives
* PACOM TCCC Update
* Building the LE/CI COP
* Biometrics & Smart Card Integration

Portable Document Format (.pdf) download

CERT/CC: Tracking, Preventing & Resolving Computer Security Incidents

In past editions of the IAnewsletter we have featured many of DoD's premier network security organizations including the DoD CERT, the Joint Task Force for Computer Network Operations and each Service's security incident response teams. CERT/CC is one of the many organizations strongly aligned with DoD's network security commands. For this reason, this edition of the IAnewsletter features three articles from the security professionals at CERT/CC.

Additional articles include—

* DIAP Reorganizes Reflecting the DoD Defense-in-Depth Strategy
* Tactical Decision Exercises—Preparing the JTF-CNO for Mission Readiness
* A Metric for Availability
* Configuration Management Compliance Validation

Portable Document Format (.pdf) download

Modeling & Simulation

This issue showcases IATAC's newest SOAR on Modeling & Simulation for IA. This report was co-authored with MSIAC. Also in this edition—

* Developing ATM Intrusion Detection Systems to Support the High Performance Computing Modernization Program
* International Technology Watch Partnership
* Virtual Technology Exposition
* Life Cycle Security and the DITSCAP
* Today's Information Security Challenge—CyberWolf

Portable Document Format (.pdf) download

SPACECOM

This issue's feature article is from SPACECOM on "Revising the DoD INFOCON System" and specifically addresses the activities and processes upon which SPACECOM has focused. Following this is a EUCOM article summarizing Combined Endeavor 2000. From the Allied perspective, is an article on CND in a Coalition Environment. Several other information articles follow on topics such as Biometrics Technology, Information Operations in the Army Reserve and an overview of FIPS 140-2.

Portable Document Format (.pdf) download

USPACOM Theater Network Operations

The largest to-date feature article from USPACOM former director for C4 on Theater Network Operations. Followed by a retrospective on Computer Network Defenses by Maj Gen John Campbell. Also included are articles from:

* U.S. Naval Forces in Europe
* JTF-CND
* Law Enforcement and Counterintelligence Support to CND
* IA Training at the US Army's Computer Science School
* PKI Help Desk
* Marine Corps CND
* IO/IA Visualization Technologies SOAR released
* IATAC's newest product—the Collection Acquisitions CD-ROM—introduced

Portable Document Format (.pdf) download

Warfighter Support in a Coalition Environment

This issue contains an article from Joint Forces Command (JFCOM) on their Coalition Interoperability Solution, The Hexagon. Also covered is EUCOM's Information Assurance Conference. At 36 pages, this issue is our largest to date and boasts such great articles as:

* JTF-CND Intelligence Support
* ZENITH STAR 99-1
* Distributed Denial of Service Tools from DoD CERT
* Air Force Materiel Command's Information Defense—Information Assurance
* The Army Prepares for the Next Generation of Warfare
* The Burning Zone—Containing Contagion in Cyberspace
* Computing on the Virtual Border—.mil meets .edu
* In Pursuit of the "Trustworthy" Enterprise

Portable Document Format (.pdf) download

Defense in Depth

The physical analogy for this strategy is the formidable layered defenses of the medieval castle. The Fall 1999 cover article discusses this strategy. This issue features a slew of great articles, such as—

* Matrix Mission Planning in Information Operations
* DoD Computer Security Tips for Y2K
* SHERLOCK: A Third Generation Log Analysis Tool

Plus a Special Section on the—

* JTF–CND Component Commands
* ACERT/ARFOR-CND
* MARFOR-CND
* Navy Computer Network Defense
* Monitoring and Protecting the Global Network

Portable Document Format (.pdf) download

USSOUTHCOM

This feature article is on the U.S. Southern Command's Information Sharing Projects. Also in this issue is an article on the Law of Computer Network Defense. DISA'S DoD CERT covers the DoD IAVA Process. FIWC covers the Naval IO Wargame '99 and the U.S. Air Force Research Lab discusses the Automated Intrusion Detection Environment. This issue includes an article on Raytheon's SilentRunner, and highlights the updated Intrusion Detection Tools Report as well as DISA's New Infosec Training Products.

Portable Document Format (.pdf) download

Coalition IA

The feature article on Coalition IA is from the U.S. Army Signal Command. Also in this issue is an article on IA Red Teaming from OASD(C3I). DISA's DoD CERT covers "Meeting the Melissa Virus Head On." HQCECOM covers "I2WD's Role in Securing the Digitized Force" and the U.S. Army Research Lab speaks out on "Using Operations Security Methods to Protect DoD Information." This issue includes an article on face recognition technology, JMU's Internet-based Information Security Master's Program, and highlights the latest IATAC reports released!

Portable Document Format (.pdf) download

JTF-CND

This issue includes a feature article on the Joint Task Force for Computer Network Defense. Also in this issue are articles from USACOM on their IA Certification Program, U.S. Army ODISC4 on "The New Arms Race for the Information Age," NAWCAD on "Risk-Based Decision Making," Sandia National Laboratories on "The Next Generation of Security Engineering Tools," Purdue University on "Educating the Next Generation of Security Specialists," and a vulnerability assessment tool from Harris Corporation.

Portable Document Format (.pdf) download

This issue highlights Information Assurance (IA) initiatives at various levels within the Department of Defense and the IA Vendor Community. The newsletter features "The Defense-Wide Information Assurance Program" from OASD (C3I)/IA and an NIPC article entitled "protecting Our Critical Infrastructures Through Public-Private Partnership." Also included is an "Intrusion Detection System Evaluation" article from the Lincoln Laboratory at MIT, "Detecting Intrusions Cooperatively Across Multiple Domains" from the University of Idaho and Lucent Technologies, Inc. The newsletter also features a selection of Firewalls tools maintained in the IA Tools Data Base. (Available in electronic copy only)

Portable Document Format (.pdf) download

This issue features an article from the U.S. Strategic Command on "Incorporating IA into Global Guardian" and an article from the Navy INFOSEC Program Office on "Security Tools for Network Centric Warfare." From the R&D community comes an article from the Army Research Laboratory entitled "ARL Primes Army Information Assurance Capability." Also included is an article from AXENT Technologies, Inc. and a selection of Vulnerability Analysis tools maintained in the IA Tools Database as well as a summary of DIA's Information Warfare Course.

Portable Document Format (.pdf) download

This issue highlights ongoing Information Assurance initiatives within the Department of Defense. The newsletter includes a feature article by the Joint Command and Control Warfare Center (JC2WC) on "Defending Against C2W and IW Attack" and a summary article highlighting the recent Information Assurance Seminar Game hosted by the U.S. Army War College. The newsletter also features a selection of Intrusion Detection tools found in the Information Assurance Tools Database, as well as an overview of available products.

Portable Document Format (.pdf) download

The feature article for this issue encircles the Defense Intelligence Agency's (DIA) commitment to information operations by establishing the DIA Information Warfare Support Office. Also included is a commentary by then Director of IATAC, Dr. John I. Algers, title "Information Assurance Evolves from Definitional Debate" that considers the rise and importance of information assurance to the warfighter.

Portable Document Format (.pdf) download

The Information Assurance Technology Analysis Center's inaugural issue includes an introduction to the establishment of IATAC and a brief description of core operations and the technical area task program. Also included is a feature article by the Joint Staff on JV2010 and the OSD initiatives by ASD/C3I.

Portable Document Format (.pdf) download