5.0 REACTION STRATEGIES

Sections 2.0, 3.0, and 4.0 identified the electronic intruder threat to the PSN and the possible implication of this threat to NS/EP telecommunications. Although the threat is believed to be significant, there is an increased understanding and awareness by the telecommunications community to the threat because of an increased interest by the NS/EP community in protecting the PSN. (NCS-M93)

The purpose of this section is to identify several groups responsible for overseeing the security of the PSN and related networks, and to define the missions of these groups. This section does not contain an inclusive list of all groups and agencies interested in PSN security; however, it does identify some of the larger, multiagency and multiorganization groups that are concerned with NS/EP communications.

5.1 National Security Telecommunications Advisory Committee

The President's NSTAC is a CEO-level organization that is charged with advising the President on NS/EP telecommunications issues. The NSTAC's Industry Executive Subcommittee selected network security as an important issue and formed a task force to formulate an industry response. The task force's deliberations led to the formation of the NSTAC Network Security Information Exchange (NSIE) and the Network Security Standards Oversight Group (NSSOG). In August 1992, NSTAC formed a new Network Security Steering Committee (NSSC) to not only oversee NSTAC's critical network security efforts, but also continue addressing network security issues.

5.1.1 NSTAC Network Security Information Exchange. In 1991, the NSTAC NSIE was formed. The NSTAC NSIE is a working forum for identifying issues involving penetrations and manipulations of PSN software and databases affecting NS/EP telecommunications. The group is composed of representatives from several NSTAC member companies. The NSTAC NSIE meets jointly with the Government NSIE (GNSIE). Its purpose is stated as follows:

* "Identify lessons learned about processes and procedures, and about technology and systems

* Exchange information and views on threats and incidents affecting the software elements of the PSN, vulnerabilities and their remedies, and consequent risks to NS/EP telecommunications

* Assess NS/EP risks, including trends, international activities, and key uncertainties, and inform senior government and NSTAC managers, as appropriate." (NCS-M93)

The NSTAC NSIE charter also dictates the function of recommending "measures to reduce vulnerabilities of the PSN." (NCS-M93)

5.1.2 Network Security Standards Oversight Group. In 1992, the NSSOG was formed. The NSSOG is chartered "to develop technical objectives for the standards community to build stronger security standards for the PSN." (NSSOG994) The NSTAC's goal in establishing the NSSOG was to promote a "single, consistent set of security standards for open systems and networks." (NSSOG994) The group is composed of representatives from several NSTAC member companies, and the National Institute of Standards and Technology (NIST), which acts as the government focal point.

5.2 Government Network Security Information Exchange

The GNSIE was formed in 1991 by the OMNCS GNSS. The GNSS is composed of federal government departments and organizations with roles in network security. The GNSIE is composed of representatives from several GNSS-participating agencies and organizations. The group meets jointly with the NSTAC NSIE and represents NS/EP interests in the exchange. In addition to the functions of the NSIEs outlined in Section 5.1.1, the GNSIE is chartered "to assess vulnerabilities of the PSN as they relate to NS/EP needs." (NCS-M93)

5.3 Federal Law Enforcement Agencies

There are two federal law enforcement agencies involved in mitigating the electronic intrusion threat to NS/EP telecommunication systems: the Federal Bureau of Investigation (FBI) and the United States Secret Service (USSS). These two agencies assist in detecting, identifying, and prosecuting electronic intruders. Both agencies work on a variety of issues including credit card fraud, industrial or military espionage, toll fraud, and corruption of information.

5.4 Forum for Incident Response and Security Teams

The Forum of Incident Response and Security Teams (FIRST), a coalition of government and private organizations around the globe, combats and prevents computer and network security problems. This coalition brings together a variety of computer security incident response teams from the public and private sectors. FIRST goals are to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among its members. They also provide a means to alert and advise clients on potential threats and emerging incident situations.

FIRST membership has grown from 11 original teams to more than 40. (NISTNEWS) Although the initial membership consisted primarily of U.S. Government organizations, there has been an increased participation among members of private sector organizations, universities, and foreign organizations. In general, a member response team serves a specific constituency. These incident response teams complement an organization's overall computer security efforts by focusing on computer security incidents. (NISTNEWS)