Tech Success: CDC gets inside scoop on worms and viruses
Warning bulletin from iDefense provides IT security intelligence to agencies, integrators
- By Joab Jackson
- Dec 12, 2002
When a variant of the infamous Klez virus, called Klex, wormed its way through e-mailboxes last April, it didn't creep into the Centers for Disease Control and Prevention. And when a little-known buffer overflow in the Solaris operating system came to light last June, no hacker could have exploited it to compromise a CDC system. That's because the agency's servers were already patched.For CDC Chief Information Officer Jim Seligman, getting early notice of threats can avert hours of post-attack clean-up time."Getting as much advance notice is so acutely important in the information security realm, because you can take precautions and preventive actions before you have an intrusion or a failure, as opposed to after the fact," Seligman said. Seligman's inside skinny? An e-mail dispatch service from a company that bills itself as the world's first private security intelligence firm, iDefense Inc., Chantilly, Va. As soon as some vulnerability or virus outbreaks starts to rear itself, Seligman and his team are notified through the company's iAlert bulletins.Both integrators and agencies can use this service to get advance word on vulnerabilities and virus outbreaks as well as receive corrective measures to take, said Brian Kelly, CEO of iDefense. The service is far from the only source of security information CDC taps. According to Seligman, CDC has a security team that looks for threats to the agency's infrastructure. They comb the trade press for information, as well as bulletins from the FBI's National Infrastructure Protection Center, the General Services Administration's Federal Computer Emergency Response Team, the SANS Institute -- a Bethesda, Md., research and education organization -- and from the IT vendors themselves. The fixes to potential problems they find are fanned out to CDC's network administrators, who can then patch the systems. With all these sources, why sign up for iAlert? Although Seligman can't endorse commercial products, he said: "The leading advantage iAlert brings is that it is more upstream." He said he can see reports on iAlert sometimes as much as three days before they are mentioned in other channels. And the service keeps tabs on surreptitious work that may be taking place elsewhere in the world. The iAlert bulletin, which runs $75,000 per year for an enterprisewide license, can be set to arrive at different times during the day. Breaking news also can trigger it. Threats are listed and color-coded by severity and include fixes and countermeasures. The bulletin can be customized to highlight threats to specific applications and hardware.To collect all this information for iAlert, iDefense keeps tabs on multiple channels, Kelly said. The company works privately with software providers on security holes it finds in their products. It even pays individuals for finding new vulnerabilities, a practice that has drawn some criticism from some security quarters. And in addition to those public forums where vulnerability information is posted, the company will also keep tabs on what Kelly calls the "gray source" areas, such as chat rooms used by malicious hackers and covert Web sites filled with potentially destructive code. iAlert also watches political and cultural movements around the world that may affect the company's customers and affect an agency's networks. A spike in anti-American sentiment may result in Web site defacement or spawn viruses aimed at bringing down U.S. computers, for instance.To offer this feature, the company hires analysts with government experience, particularly in international affairs. One such hire is John Frazzini, who is the vice president of intelligence operations. As an agent for the Secret Service, Frazzini took part in a Secret Service-led Electronic Crimes Task Force, which investigated cases of cybercrime. "We made a decision to hire government people," even though they would be more costly, Kelly said.Such thoroughness has paid off for the company. In November, iDefense's discovery of a vulnerability in a router sold by LinkSys Group Inc., Irvine, Calif., received a fair amount of attention in the IT trade press. And earlier this year, the company issued a report on a Chinese malicious hacking group called the China Eagle Union -- with possible ties to the Chinese government -- that posed a threat to agency Web sites. With 30 employees, iDefense is a privately owned company. Kelly said the company, which was founded in 1998, is at the break-even point financially, but that its customer list is growing. About 30 percent of its clients are government agencies or government integrators. A big one is the Department of Health and Human Services. Seligman, who is security program manger for all of HHS as well as CDC's CIO, expanded iDefense's service for use by all HHS agencies last March.On the corporate side, iDefense focuses on the financial services industry clients such as CitiGroup Inc., New York. In 1999, Electronic Data Systems Corp., Plano, Texas, signed a partnership to use the company's alerts for its own corporate and government customers. *If you have an innovative solution that you recently installed in a government agency, contact Staff Writer Joab Jackson at firstname.lastname@example.org.
Brian Kelly, CEO of iDefense, said its software provides advance word on vulnerabilities and virus outbreaks and offers corrective measures.
J. Adam Fenster
Joab Jackson is the senior technology editor for Government Computer News.