Government Technology - December 2007 - (Page 33)

“I knew from the beginning that geographic borders make no sense in state cyber-security. A cyber-attack in California can have an effect in New York.” William Pelgrin, director, New York State Office of Cyber Security and Critical Infrastructure Coordination which is sometimes referred to as “darknet,” is the area of the Internet’s routable address space that’s currently unused, with no active servers or services. On computer networks, darknet is the addresses held in reserve for future network expansion. Often when DoS and other cyber-attacks occur, blocks of Internet address space, including darknet space, briefly appear in global routing tables and are used to launch a cyberattack, or send spam, before being withdrawn without a trace. By monitoring all traffic to and from dark space, U.S.-CERT and other cybersecurity organizations gain insight into the latest techniques and attacks. The U.S.-CERT’s Einstein program provides information about darknet activity originating from state and local government systems, helping notify states of potential cyber-attacks and other malicious activities. New York is in the process of implementing its own plan to combat cyber-attacks by collecting malicious cyber-attack information directed at the state’s IT infrastructure, which can provide early warning intelligence about the nature and characteristics of the attacks. New York state receives warnings of potentially malicious cyber-activity from U.S.CERT on a daily basis, said William Pelgrin, director of the New York State Office of Cyber Security and Critical Infrastructure Coordination. His office is working with the University at Albany to create the Multi-State Information Sharing and Analysis Center (MS-ISAC) Darknet Sensor system, which will help New York and other states prevent cyber-attacks by monitoring dark space and other nonallocated IP addresses. A darknet server will be configured to capture all traffic destined for this unused space. The server listens to all traffic directed at the unused address space and gathers the information packets that enter the dark space. “Just the fact that we are seeing statetargeted traffic in federal dark space is definitely worth the investment to deploy this program to monitor state dark space,” said Pelgrin. “Our goal is not only to do this for New York state, but for all other states.” The MS-ISAC Darknet Sensor system, which is expected to be implemented by late 2007 or early 2008, will monitor and gather information for all traffic directed through the nationwide darknet, which is considered malicious since no legitimate services are available at dark address spaces. New York’s internal and public networks will be analyzed, which is expected to provide invaluable insight into the security of New York’s networks and help predict impending network attacks. Pelgrin is also the founder and chair of the MS-ISAC, whose mission is to raise the level of cyber-security readiness and response for state and local governments nationwide. Although the MS-ISAC Darknet Sensor system will be centered in New York, Pelgrin said the system will benefit other states too. “I’m a big believer in sharing information and a collaborative and cooperative approach to my job,” Pelgrin said. “I knew from the beginning that geographic borders make no sense in state cyber-security. A cyber-attack in California can have an effect in New York.” A MS-ISAC volunteer member will see what information on dark space should be shared with other states to prevent cyberattacks. Alaska and Montana have agreed to join New York’s Darknet sensor system, and Pelgrin expects others to join once the program is running. States participating in the program will set up a monitoring system with sensors placed in strategic places on the network to create an early warning system. A monitoring center will interpret and evaluate warnings, which will eventually help accurately evaluate cyber-attacks. “I think it’s a very valiant effort and it’s a very useful approach,” said Jose Nazario, senior security researcher of Arbor Networks, a network security provider. “I liken the approach of darknet monitoring to throwing a petri dish out there or sticking your finger in wind; it’s a tremendous way to measure all the junk on the Internet and discover both in terms of known and existing threats, ‘Where is it coming from, who’s launching them, and who do we need to block or shut down?’” Dark space monitoring is valuable for protecting municipalities since more government infrastructure and resources are being made available online, Nazario said. “Clearly it’s very valuable for federal governments,” Nazario said. “I would argue that state governments depend just as much on infrastructure not only for their own infrastructure but for their resources, whether business or educational institutions, or other research statewide networks.” A three-week cyber-war was waged against Estonia, one of the most tech-savvy states in the European Union, shutting down the country’s infrastructure. Nicknamed E-stonia for its heavy reliance on technology, it became Nazario said his firm tracks the ﬁrst country to between 2,000 and 3,000 major have a legally binding DoS attacks every day, all of which general election via the Internet. come from forged addresses. GULF OF FINLAND NARVA KOHTLA-JARVE HIIUMAA TALLINN LAKE PEIPSI ESTONIA PARNU RUSSIA SAAREMAA TARTU GULF OF RIGA LAKE PIHKVA LATVIA Although the U.S.-CERT program often warns states of potential cyberattacks, the program is oriented primarily at the federal level, and states often don’t have adequate defense against DoS attacks, according to Pelgrin. With the shared connectivity of the Internet, cyber-attacks can come from anywhere in the world, therefore, a collaborative approach is the best defense for states and organizations worldwide, he added. “Whatever we learn from states and across the world will help New York state, and hopefully what we do will help other states as well,” Pelgrin said. CONTRIBUTING WRITER CHANDLER HARRIS REGULARLY WRITES FOR GOVERNMENT TECHNOLOGY MAGAZINE. HE ALSO WRITES FOR PUBLIC CIO, A BIMONTHLY JOURNAL, AND EMERGENCY MANAGEMENT AND DIGITAL COMMUNITIES MAGAZINES. j 33 http://www.govtech.com

Table of Contents Feed for the Digital Edition of Government Technology - December 2007

Government Technology - December 2007 Contents Point of View Big Picture Profile The Last Mile GT Spectrum Well...How Did We Get Here? Dark Spaces A Paler Shade of Green? Decertification Dilemma Game On Two Cents Products Signal:Noise

Government Technology - December 2007

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.