CCIRN Chairs recommend that all CCIRN R&E networks explore membership in the FIRST – for details about this organization, see http://www.first.org. Steven Bakker, DANTE-UK, steven@dante.org.uk
Vincent Berkhart, DANTE-UK, vincent@dante.net
Kilnam Chon, KAIST-Korea, chon@cosmos.kaist.ac.kr
John Dyer, Terena-EC, dyer@terena.nl
Uwe Ellermann, DFN-CERT-Germany, ellermann@cert.dfn.de
Mark Graff, Sun Microsystems, graff@eng.sun.com
Peter Jurg, SURFnet-CERT-NL, jurg@surfnet.nl
Peter Kirstein, Univ. College London-UK, kirstein@cs.ucl.ac.uk
Thomas Lenggenhager, Switch-Switzerland, lenggenhager@switch.ch
John Martin, Terena-EC, martin@terena.nl
Tracie Monk, DynCorp/FNC-US, tmonk@snap.org
Sandy Sparks, CIAC/FedCIRC-W, ssparks@llnl.gov
Walter Wiebe, Federal Networking Council-US, wwiebe@nsf.gov
II. RECOMMENDATION
CCIRN Chairs recommend that all CCIRN R&E networks explore membership in the FIRST – for details about this organization, see http://www.first.org.
III. ACTION ITEMS
A representative from FIRST will be invited to participate in the CCIRNmeeting in Kuala Lumpur, Malaysia on June 28th. (Kilnam Chon)
Tracie Monk will distribute NIST’s draft standards for PKI to the CCIRNmailer.
Chon will follow up with Mark Graff on issues relating to Asian R&Enetworks submitting applications for FIRST membership. Chon will also serveas the POC and coordinate with CCIRN R&E networks from developing countriesin Latin America and Africa.
Peter Kirstein will take the lead in coordinating with CAIRN and FNC/CISmembers concerning adding secure multicast (SMIME) to their efforts.
A new mail list for the CCIRN Security Working Group will be set up.(Tracie Monk)
IV. DISCUSSIONS
a. FIRST
Mark Graff and Sandy Sparks provided an overview of the FIRST organizationand its relevance for R&E networks. The Forum of Incident Response andSecurity Teams (FIRST) is an international consortium of computer incidentresponse and security teams who work together to handle computer securityincidents and to promote preventive activities. Its mission is to:provide members with technical information, tools, methods, assistance, andguidance; coordinate proactive liaison activities and analytical support;encourage the development of quality products and services; and improvenational and international information security for government, privateindustry, academia and the individual.
FIRST was started in 1989 by CERT, CIAC and NASIRC (U.S. Federal agencies)in response to the Morris Worm and similar Internet security threats. Todaythere are upwards of 48 teams in two dozen countries – including twofor-profit incidence response teams. FIRST has also incorporated this yearas a non-profit institution. Requirements for membership include:
Activities that FIRST does NOT do include:
The key challenges it is facing today include:
The FIRST’s 9th Computer Security Incident Handling Workshop will be held inBristol, England, 22-26 June 1997. CCIRN members are invitedto participate in this meeting. The group also discussed the possibility ofhaving a FIRST representative present at the CCIRN meeting in Kuala Lumpur,June 28, 1996. Chon agreed to follow up with several Asian networks abouttheir inquiries concerning FIRST (Chon will work directly with Mark Graff onthese items).
b. EUROPE
Thomas Lenggenhager provided an overview of Terena’s Internet security efforts. Terena produced a task force paper on incidence response requirements for Europe in August 1996. The technical advisory team put forth a proposal for continent-wide coordination of the CERTs based on this paper. Thomas provided details on the proposed SIRCE -- Security Incidence Response Coordination for Europe, also see the Terena web site at http://www.terena.nl.
Shortly following this CCIRN meeting, the establishment of SIRCE wasannounced by Terena. The following text describes SIRCE – it is anelaboration on the details provided at the CCIRN meeting.
DANTE/UKERNA PARTNERSHIP TO SET UP SIRCE SERVICE The TERENA Executive Committee has announced its intention to award the set-up of a pilot European Security Incident Response Coordination Service to a partnership consisting of DANTE and UKERNA. UKERNA is the UK organization responsible for the operation and development of JANET and SuperJANET. The establishment of a European Security Incident Response Coordination Service was discussed and requested by the European IRTs (Incident Response Teams) to solve a number of coordination problems. These include dependence of European IRTs on the US funded CERT/CC, as well as those arising from cultural, legal and language differences, and different time zones. In consultation with its CERT Task Force, the TERENA Executive Committee set up a Technical Advisory Group (TAG) to advise TERENA on a suitable organization to lead a two and a half year pilot service. At the beginning of October 1996, TERENA issued a call for proposals to a limited number of organizations for the operation of the SIRCE (Security Incident Response Coordination for Europe) pilot. DANTE and UKERNA decided to respond to the call by establishing a partnership which brings together the complementary skills of the two organizations. UKERNA has the technical expertise of the well-established JANET-CERT, while DANTE has the commercial and administrative experience in the management of coordinated pan- European services. The pilot service is planned to be launched in the first quarter of 1997. DANTE and UKERNA, in consultation with TERENA, will immediately start preparing the service implementation, one element of which is the drafting of a detailed service specification. As required in the specification of the TERENA CERT Task Force the service will develop gradually. In the initial phase a coordination function will be offered, which includes organization of meetings, help for the establishment of new IRTs, and the provision of information services. In the second phase of the pilot incident coordination will be included, and SIRCE will be involved in the process of responding to individual incidents. After the pilot phase it is intended that an operational service will provide full incident coordination, 24 hours/7 days a week.
The pilot referred to above would be a 2-1/2 year project starting at thebeginning of the year. After the start-up period, Terena envisions a fullintegrated incidence response capability available to European networks.Each R&E network in Europe are required to provide some funding for SIRCE.The key areas include getting the information service up and running andproviding incidence response coordination.
Other efforts discussed included the European Commission’s ICETELL project which seeks to develop a public key infrastructure for Europe (see http://www.terena.nl) and the need for integrating security hooks into new software / hardware (particularly web browsers and servers).
c. United States
Sandy Sparks provided an overview of the new Federal Computer Incident Response Capability (FedCIRC) – as a model for consideration by other countries. The FedCIRC is a new initiative undertaken by the U.S.’s National Institute of Standards and Technology (NIST), the Department of Energy's Computer Incident Advisory Capability (CIAC), and the Carnegie Mellon, Software Engineering Institute's CERT/CC. These computer security organizations have banded together to offer the Federal civilian community assistance and guidance in handling computer security related incidents. The FedCIRC has received funding for 18 months through the National Performance Review Innovative Pilot Fund award of $3 million. At the end of this period, FedCIRC anticipates funding provided through participating federal agencies. Details on the FedCIRC are available at http://ciac.llnl.gov/fedcirc/.
Walter Wiebe provided an overview of the Federal Networking Council (FNC)Collaborations in Internet Security (CIS) project. Eight federal agenciesare participating in the effort, including: DARPA, DoD, DOE, NASA, NIH,NIST, NSF, and NSA. This phase of the CIS is from October 1, 1996 throughSeptember 30, 1997. The effort emphasizes testing and deployment ofemerging COTS technologies. Participation from academia and industry isbeing encouraged.
Project goals include:
Key CIS testbeds are described below. Additional information on the CIS effort and specific initiatives can be found at http://www.fnc.gov/cis_page.html.
Kerberos Testbed - The Department of Energy (DOE) has the lead in exploringthe Kerberos v. 5.0 technology. Areas that are being addressed in thiseffort include: inter-realm authentication; scalability; andinteroperability across different platforms as well as different applications.
Advanced Authentication - The Army Research Laboratory (ARL) has the leadon this testbed, including exploration of one time passwords and theirincorporation into single sign-on systems. Other methods of biometricauthentication may also be considered. The one time passwords can besoftware based, e.g., s/key, or based on hardware token generators, e.g.,SecurID and Fortezza. The single sign-on focus will be to incorporate onetime password schemes with Kerberos.
Secure Web - ARL also has the in exploring a variety of schemes availablefor securing web transactions, for authenticating the client and server,ensuring the integrity of the information, and the privacy of the user.
Privacy - This testbed is intended to be used for federal agencies to gainvaluable experience in the use, management, and maintenance of a system ofprivate keys and certificates for authentication and privacy. It willresult in the development of a consistent, coherent strategy for protectingdata and managing and maintaining public keys and certificates for privacyand authentication across multiple agencies . It will also clarifygovernment requirements for interoperability of public keys and certificatesamong different systems and vendors. The National Aeronautics and SpaceAdministration (NASA) has the lead on this testbed.
Fortezza - The National Security Agency (NSA) is supporting CISparticipants who are evaluating Multilevel Information Systems SecurityInitiative (MISSI) products. The applicability of MISSI technology when usedwith other Internet security technologies, e.g., digital signatures,cryptographic application program interfaces (API), and public keyinfrastructure (PKI), are also being evaluated.
Digital Signatures - Through this testbed, NASA is assisting agencies togain valuable experience in the use, management, and maintenance of a systemof public certificates for authentication, privacy, and security.
Secure Messaging - NASA also has the lead in a testbed designed to helpagencies gain experience in the use, management, and maintenance of a securemessaging system based on the use of public keys and digital signatures.
PKI - The NIST-led PKI effort is seeking to provide federal users with themeans to interact securely with non-federal entities throughout the globe.
National Voluntary Labs - NIST is also extending their NV Lab effortsthrough the CIS and will seek to develop a mechanism to test, accredit, andrank security measures against various standards.
Participants discussed the importance of secure multicast and SMIME, and the possibility of exploring alternatives under the CIS and/or CAIRN efforts (see http://www.isi.edu/CAIRN). Peter Kirstein agreed to follow-up with Tice DeYoung (NASA) or Phil Dykstra (ARL) about the CIS effort and with Hilarie Orman (DARPA) about testing secure multicast technologies under the CAIRN project.
Last updated on 23 January 1997