Router flaw tests cyber alert system
- By William Jackson
- Apr 21, 2004
The Homeland Defense Department's efforts to keep the nation informed of serious threats to the cyber infrastructure got a workout this week.
'There have been a series of vulnerabilities announced in the last 24 hours,' said Amit Yoran, director of the DHS National Cyber Security Division. The most serious was a flaw in the operating system of many routers from Cisco Systems Inc. that could make them vulnerable to denial of service attacks, crippling many backbone networks.
Yoran testified about the work of the National Cyber Alert System at a hearing before the House Government Reform Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.
The Cisco router problem is potentially serious because the company's hardware and software are incorporated into the heart of many networks, including large backbone networks that carry much of the Internet's traffic.
Yoran declined to discuss publicly the department's work with Cisco prior to today's public announcement of the vulnerability, but he acknowledged that public release was rushed because of the British government's announcement of the problem Tuesday.
Major backbone network companies were alerted to the problem late Tuesday, before the public announcement, and Yoran said their response has significantly diminished the seriousness of the threat.
Larry Hale, director of the Federal Computer Incident Response Center, also held a conference call today with officials from agencies across government. The U.S. Computer Emergence Readiness Team, which operates the Cyber Alert System, coordinated its work with federal CIOs, Yoran said.
Other major vulnerabilities brought to light today include problems with two widely implemented networking protocols, the Border Gateway Protocol and the Simple Network Management Protocol. Information about vulnerabilities can be found online at www.us-cert.gov.
Yoran also announced DHS's involvement with two programs aimed at improving information assurance education programs.
The department has joined with the National Security Agency to expand the National Centers of Academic Excellence in Information Assurance Education Program. The program, established by NSA in 1998, has certified 50 universities in 26 states as centers of academic excellence, making them available for scholarships and grants through the Federal and Defense Information Assurance Scholarship program.
DHS also has partnered with the National Science Foundation to expand the Scholarship for Service program, established in 2001 to fund the education of information assurance specialists in exchange for a two-year commitment to work for the government upon graduation. NSF expects 81 students will graduate from the program next month, and the goal of the expanded program is to graduate 300 students each year.
'The Homeland Security Department has already hired graduates' of the program, Yoran said. He said their abilities are outstanding.
William Jackson is a Maryland-based freelance writer.