About Me

Name:Gabrielle Cusumano
Biography
Loading...

Create Your Own Blog Find Other Townhall Blogs

Comments

Archives

Blog Search

Search

Is My Blog Being Sabotaged By ESP Group Inc.'s CYBERCOP, Co-defendent in the International Profit Associates ( IPA ) RICO Class Action Lawsuit?

Posted by Gabrielle Cusumano on Thursday, April 19, 2007 7:01:44 PM

What happened to your blog?  The bottom half that contains info about International Profit Associates  (IPA) lawsuit with ESP as co-defendents is all darkened to the point you can hardly read it.  What happened?  Did ESP'  (IPA's) Cybercop  do damage to you? 


Comment by Stillseekingtruth    Thursday, April 19, 2007     


( I looked at what "stillseekingtruth" is writing about and the only way I could republish the information that was darkened out was to post it again and highlight it in yellow so it will show up in case it is blackened out again by whomever is doing this.)

(Also quite a lot of what I have posted about Hillary Clinton and Bill Clinton and their various associates,  associations and extra-curricular activities has been darkened out too (perhaps  as a  big favor to the Clinton by whomever is doing this) . Thank you for your patience good and kind readers. )
                                                                                                                                                          Gabrielle Cusumano



______________________________________________________________________________________

Cybercop(Used by US Defencse and Intelligence  Is Owned By The ESP Group, LLC, A Co-Defendant in the International Profit Associates  (IPA)  RICO Case (See Clinton Connection)


"Cybercop is owned and operated by The ESP Group, LLC. - a security-focused  Application Service Provider (ASP) providing highly secure, web-accessible portals to handle sensitive information for Government and Commercial clients. [...]have been accredited for handling sensitive information for the U.S. Defense and Intelligence Community. ESP services are in use by numerous government agencies and corporations and are being used for some of their most sensitive collaboration activities. "

(More on this below)
__________________________________________________________________

Record of International Profit Associates Hillary R. Clinton Contribution from OpenSecrets.Org

HILLARY RODHAM CLINTON (D-NY)
Top Contributors

#10 International Profit Associates $88,400

"This chart lists the top donors to this member of Congress during the election cycle. The organizations themselves did not donate, rather the money came from the organization's PAC, its individual members or employees or owners, and those individuals' immediate families. Organization totals include subsidiaries and affiliates."]
http://www.opensecrets.org/politicians/contrib.asp?CID=N00000019&cycle=2006



For more on this see:   http://gabriellecusumano.townhall.com/g/3d91b78f-6b34-446c-aef0-08d5a5ddcb22?comments=true#comment9be8bf83-c7c1-4a54-938c-505cfe09a0a9
__________________________________________________________________

RICO and CLASS ACTION Lawsuit


*Amari Company, Inc. et al v. Burgess et al    (International Profit Associates)   

Case Number: 1:2007cv01425
Filed: March 13, 2007
 
Court: Illinois Northern District Court
Office: Chicago Office [ Court Info ]
County: XX US, Outside the State of IL
Presiding Judge: Honorable Ruben Castillo
 
Nature of Suit: Other Statutes - Racketeer Influenced and Corrupt Organizations
Cause: 18:1961 Racketeering (RICO) Act
Jurisdiction: Federal Question
Jury Demanded By: Plaintiff
Defendant:  John Burgess; Gregg Steinburg; Kenn Sweet; Tyler Burgess; John Owen; International Profit Associates Inc.; Integrated Business Analysis Inc. USA; Integrated Business Analysis Inc., Canada; International Tax Advisors Inc.; ITA Implementations Services LLC; Creative Tax Strategies Inc.; Accountancy Associates LLC; IPA Advisory & Intermediary Services LLC; International Tax Associates Inc.; ESP Group Inc.; International Financial Advisors LLC; Implementation Services LLC; John Does; John Roes; Jane Does; Jane Roes

3/13/2007 07c 1425 Castillo

Complaint over fraud and RICO violations by defendant providers of fraudulent business financial advisory and consulting services. After getting in the door to make a sales pitch, defendants use a series of scare tactics designed to convince potential clients that their business will fail without the defendants' help. $3 million.


http://dockets.justia.com/docket/court-ilndce/case_no-1:2007cv01425/case_id-207120/


*Amari Co. Inc., a Massachusetts corp.; Amazing Productions Inc., a Florida corp.; BBQ Island LLC, an Arizona limited liability co.; Central Radiator Cabinet Co. Inc.; CompSolution VA Inc., a Virginia corp.; Gilbert-American Companies, a Texas co.; Greater Dallas Wholesale Co.

Inc., a Texas corp.; Gregory & Martin Inc., a Pennsylvania corp.; Gig's Inc., a Massachusetts limited liability co. f/k/a MJP Contracting Inc., a Massachusetts corp.; HiTech Fire Detection Inc., a Texas corp.; Hinsdale Sales & Rentals, Sales & Service, a New Hampshire corp.; HRJL Architects Inc., an Ohio corp.; Integrated Sign and Graphic Inc., a Kentucky corp.; Joseph E. Clouse Inc., a Florida corp.; J.V. Hansel Inc.

d/b/a Institutional Foods Inc., an Ohio corp.; Kyle's Discount Stuff, a Kansas partnership; Mills Mfg. Inc., a Minnesota corp.; MJP Contracting Inc., a Massachusetts corp.; Precision Painting and Decorating Inc.; Trinks Brothers LLC, a Connecticut limited liability corp.; Tring Construction Inc.
http://www.ripoffreport.com/reports/ripoff238773.htm
_______________________________________________________________________________


About CyberCop and ESP Group 

Cybercop is owned and operated by
The ESP Group, LLC. - a security-focused Application Service Provider (ASP) providing highly secure, web-accessible portals to handle sensitive information for Government and Commercial clients. The ESP technology is based on the “Extranet for Security Professionals”, which was a DARPA sponsored collaboration project for the National Security Community. The ESP secure technologies were validated at the Software Engineering Institute of Carnegie Mellon University and have been accredited for handling sensitive information for the U.S. Defense and Intelligence Community. ESP services are in use by numerous government agencies and corporations and are being used for some of their most sensitive collaboration activities.

ESP logo

The ESP Group provides tools engineered for security in an easily accessible web-based format that brings users from diverse platforms and locations closer together. The ESP Group provides a robust suite of collaboration tools in its portals. It also develops custom applications designed to meet individual client needs. The ESP specializes in providing a turnkey operation that includes web hosting, security and network monitoring, software customization, user training and help desk services.

CyberCop Major Players

Matt Donlon – Cybercop Co-Founder

The Cybercop/ESP concept was founded as the result of his achievements as Visiting Scientist at the Software Engineering Institute (SEI), Carnegie Mellon University, where he was the Director of the Extranet for Security Professionals program. This program gained visibility and recognition in the national security community by President Clinton and the director of the CIA, Mr. Tenet. Prior to SEI, Mr. Donlon was the Director, Security and Intelligence Office (S&IO), Defense Advanced Research Projects Agency (DARPA).

Throughout his extensive career, Mr. Donlon has held many responsible positions and has received many awards for his innovativeness and contributions to the security profession. He was the Security Official in charge for the Office of Aeronautics and Space Technology at NASA HQ; Program Security Officer, supporting DARPA's highly classified R&D programs for the Department of the Navy; and a Security Specialist for TRW, Inc. Mr. Donlon's career began with the CIA after graduation from Radford University where he earned a Bachelor's Degree. Mr. Donlon is also a graduate of the Federal Executive Institute (FEI). Mr. Donlon is also a current adjunct Professor at the University of New Haven, Connecticut where he assists with the Forensic Computing Investigation Program.

Mr. Donlon has been awarded the Meritorious Civilian Service Medal and the Exceptional Service Medal Department of Defense.

http://www.cybercopportal.org/about.htm_
______________________________________________________________________________________
______________________________________________________________________________________

The ESP Group LLC., an Application Service Provider, offers a thorough security solution for diverse organizations to share Sensitive but Unclassified (SBU) information through highly secure, compartmented, Internet accessible portals. Continuously striving to operate at a higher level of security, trust, service, technology and performance, the ESP Group focuses on aligning its solution of leveraging the Internet for sensitive applications with client's individual needs.

Back To Top
Company History

The Defense Advanced Research Projects Agency (DARPA), the Defense Department's R&D organization that originally created the Internet (ARPANet) and other projects, such as the stealth bomber, recognized an internal need to communicate and collaborate securely over the web. So in 1997, a multi agency security team was established to review and select the most secure technologies available in the government and private sectors to acknowledge this need.

Meanwhile, the White House's U.S. Security Policy Board, a coordinating body for the national security and intelligence communities, was charged under the Presidential Decision Directive (PDD) 29 to provide a new combination of technology and business to the secure community.

In response to both directives, the Security Policy Board launched the Extranet for Security Professionals (The ESP – www.xsp.org ). The ESP is a highly secure collaboration system equipped to handle Sensitive But Unclassified (SBU) information over the Internet. This private external network (Extranet) portal, accessed over the web, is used by security-cleared national and cyber-security professionals to share and collaborate on sensitive information.

Due to its overwhelming success, the ESP technology was transitioned in 1998 to the Software Engineering Institute at Carnegie Mellon University. With funding and guidance from DARPA, DoD, CMS, DoE, NRO, NASA, and the Air Force, the U.S. Security Policy Board tested and matured the ESP technology. Afterwards, the ESP helped tie together the national security and intelligence community as well as supported such tasks as the Department of Defense Y2K efforts. In August 1999, the Joint Security Commission II, while reviewing the Security Policy Board's achievements, recognized the ESP experiment as a “success” and recommended that it be moved from an experimental to an operational status. Both DARPA and the SEI, in line with their technology transfer missions, supported the commercialization of the technology.

The ESP Group, LLC, a privately held company, was formed in 2000 to provide a secure solution to various governmental and private organizations for collaboration based on the ESP technology. The new company acquired the proprietary rights to the privately developed core technologies as well as licenses for government financed enhancements in early 2000. By March 2000, the ESP Group began serving clients.

Since its founding, The ESP Group has focused on developing new and existing applications with security as THE design criteria to better serve its clients.

Back To Top
The ESP Advantage

For most of ESP Group's clients, a secure communication application is a necessity. The ESP Group offers the needed protection of sensitive information as well as numerous other benefits that other Application Service Providers do not or cannot offer in its entirety.

•  Application Development. The ESP Group develops and customizes unique Web-based applications that meet the specific communication needs of clients.

•  System Administration Costs. The ESP Group allows clients to leverage the cost savings benefits and the expertise of a focused, trusted security provider without having to hire additional in-house talent.

•  Secure Socket Layer (SSL) Methodology: The advantage of SSL is that virtually anyone with a current browser and an Internet connection can establish a highly encrypted session.

•  Network Architecture Costs. With ESP, clients do not have to invest in complex and ever-changing technologies for multiple destinations. They utilize a centralized Secure Operating Center that serves multiple platforms.

•  Full-Service Helpdesk. ESP provides a help desk that supports and trains clients with their access of the portal so they can fully benefit from the systems and applications.

•  Research and Development. ESP makes significant investments in research and development so clients can be confident their communications are always secure.

Back To Top
Management Team

The ESP Group, LLC is led by a seasoned and successful management team dedicated to providing the most advanced products and services and building a responsive, reliable and sustainable organization.

Senior Partners

William Potvin – President/CEO

With over 25 years of experience leading professional services and finanical organizations, Mr. Potvin helped found The ESP Group and now specializes in delivering superior service to their clients.  Prior to founding the company, he was a management-consulting partner at Deloitte & Touche, where he led numerous successful consulting practices globally and specialized in business start-ups and privatization.

Ron Register – Chairman/Chief Operating Officer

Before he became a member of The ESP Group team, Mr. Register held a variety of positions working with the U.S. Government and other government contractors. He was an advisor and consultant on major defense programs for Cypress International, Inc.; a visiting professor for the Defense Systems Management College, Executive Institute; Deputy Director and Senior Acquisitions Executive for DARPA; and Director of Contract Management Office within DARPA.

George Johnson, CISSP – Chief Technology Officer

Mr. Johnson has worked in information technology and security for over 15 years, focusing specifically on computer and Internet security for the last seven years. In 1996, while working in the Security and Intelligence Office at DARPA, he implemented the Extranet for Security Professionals (ESP) as a proof of concept “secure web application.” When the ESP technology moved to Carnegie Mellon University Software Engineering Institute, Mr. Johnson worked as an adjunct professor in InfoSec and also served as the technical director of the ESP. Working with the Computer Emergency Response Team (CERT/CCtm), he refined and matured the software and networking environment that supported both the ESP and the DoD Y2K reporting system in support of the Deputy Secretary of Defense. Since The ESP Group was formed, Mr. Johnson has been running enterprise-scale secured network applications for customers ranging from private pharmaceutical companies to the U.S. Government (DoD, Department of Energy, NASA and OPM). Mr. Johnson holds a current CISSP certification.

Matt Donlon – Founder/Executive Vice President

Through his work and achievements as the director of the Extranet for Security Professionals (ESP) and as a visiting scientist at Carnegie Mellon University’s Software Engineering Institute (SEI), Mr. Donlon founded The ESP Group. His successes with ESP gained the necessary visibility and recognition in the national security community by President Clinton and the director of the CIA, Mr. Tenet.

Prior to the SEI, Mr. Donlon was the Director of the Security and Intelligence Office at DARPA. He has also served as the Security Official in charge for the Office of Aeronautics and Space Technology at NASA HQ; the Program Security Officer, where he supported DARPA’s highly classified R&D programs for the Department of Navy; the Security Specialist for TRW, Inc.; and a member of the CIA.

Mr. Donlon graduated from Radford University where he earned a B.S. in Criminal Justice & Political Science. He is also a graduate of the Federal Executive Institute (FEI). Currently, Mr. Donlon is the coordinator for the National Security Graduate Degree program for the University of New Haven, Crystal City campus.

Throughout his extensive career, Mr. Donlon has received many awards for his innovativeness and contributions to the security profession. He has been awarded the Meritorious Civilian Service Medal and the Exceptional Service Medal from the Department of Defense.

Dr. Cliff Gregory - Vice President of Systems Development

After spending 27 years in the U.S. Navy on assignments in Europe, Asia and the United States, Dr. Gregory embarked on an impressive career where he became known for his leadership and experience in enterprise software development organizations in both the private and public sectors.

In the public sector, he has served in various senior management and technology roles with the US Navy, Hawaiian Electric Industries, Magellan Network Systems, and the Lawrence National Energy Lab. In the private sector, Dr. Gregory has been Chief Technologist and Vice President of Engineering in start-up and established companies.

Through his positions, Dr. Gregory has specialized in deploying management methodologies to make best path decisions that free managers from routine issues, allowing them to focus on areas that need truly creative thinking and improving the bottom line. He has hired and trained hardware support and software development teams to create value using an agile paradigm.

Dr. Gregory has published a number of papers on managing people and processes in an agile environment. He spent the last two years consulting with Fortune 500 companies in the area of software development management. He has founded 3 start-up companies, including Agilityware, Right-Steps Resources and Makani Uwela Renewable Energy Engineering.

Dr. Cliff Gregory received a PhD in Computer Science as well as in Engineering Design Management from the Dublin Institute of Technology (DIT).

Principals

JJ Daniels – Software Development

Mr. Daniels currently serves as a senior member of the software development staff at The ESP Group. He manages DOE, NASA and DHS Foreign Visits and Assignment applications, manages development teams and assists in new business development.

After receiving his Bachelor’s degree in Industrial Engineering and Operation Research as well as a Master’s degree in Systems Engineering from Virginia Tech, Mr. Daniels began his career as a Senior Developer at DIVX where he was responsible for developing several multi-media and front end applications. He then led a team of developers in designing and maintaining Army Logistics Software at Lockheed Martin/TWC/CSC. In his next position, he became the Director of Database Services for Stenrich and a database designer for Progressive Design. Through all the companies Mr. Daniels worked for, he was instrumental in setting up databases for the management and tracking of internal projects and human resources function.

Dwayne Miller – Software Development

Bringing over 15 years of experience in software and database design and implementation to the company, Mr. Miller currently serves as a senior member of the Software Development staff.

Prior to joining the company, Mr. Miller worked as an IT Consultant to Metro Information Services, where he was tasked with developing process software, documentation and web applications for an electronic retail sales company. Next he became the division manager for MRJ Technology Solutions, where he was the project manager for software development, exercise training support, installations and other contract related activities for the Simulation System Division. Mr. Miller then worked for Intergraph Corporation, where he, as the Senior Software Analyst, was responsible for developing a cutting edge navigational system for the U.S. Coastguard. Lastly, he supported the RF modeling and simulation effort in addition to developing quality control software as a member of the technical staff for Questch, Inc.

Mr. Miller graduated from the University of Maryland with a Bachelor’s Degree in Computer Studies/Computer Science.

Karie Greider – Director of Client Services

Within the ESP Group, Ms. Greider manages all aspects of the client relationship from overseeing initial training and setup, to managing the on-site client support team and maintaining ongoing help desk and training activities.

Prior to working with The ESP Group, Ms. Greider served as a contractor at DARPA where she assisted in the development the Extranet for Security Professionals (ESP). From there, she was a member of the Technical Staff at Carnegie Mellon University in the Arlington, Virginia office where she assisted in the maturation of operations surrounding the ESP community. Ms. Greider transitioned to The ESP Group in 2000 to establish the help desk and training programs for their secure portal services.

Ms. Greider received a B.A. in Advertising from Murray State University in Kentucky.

Sean Waddell – Director of Operations

With over 10 years of network operations experience, Mr. Waddell currently serves as the Director of Operations, directing and overseeing the day-to-day operations and security of ESP's critical infrastructure. He also manages both headquarter and disaster recovery sites to ensure the systems remain online continuously for customers.

Mr. Waddell began his career at Innovative Business Technology as a system engineer tasked with architecting, administering and troubleshooting various client networks, including the National Archives, St. Paul Companies, Millenium Laser Eye Center and eBrains. He then worked for the Orkand Corporation as a systems analyst on a contract to support the Department of State. Here Mr. Waddell provided support to consulates world wide and installed and upgraded networks and Oracle database systems.

Mr. Waddell has several certifications including CCNA and Citrix Metaframe to compliment his experience in the operations field.

Back To Top
Employment

The ESP Group, LLC is a privately held company. Employment opportunities exist for self-motivated professionals at all levels of systems development and programming; secure systems administration; training and help desk; and customer service, sales and marketing.

An active security clearance is a plus and the ability to obtain one is required for most positions.

The ESP Group offers competitive compensation, benefits and advancement opportunities.

Inquiries can be sent to HR@espgroup.net .

Back To Top
Contact Info/Locations

The ESP Group's Main office is located in Arlington, Virginia.
Please call for our address and/or directions to our facility.

Arlington, Virginia - Headquarters
Phone: 703-682-6000
Email: info@espgroup.net

http://www.espgroup.net/espGroup.htm

______________________________________________________________________________________
 _____________________________________________________________________________________

The Interactive Nightmare

The best thing about the modern computer network is also its chief liability: Everything's connected, with on-ramps conveniently located everywhere.

BY TODD DATZ

CONSIDER THE following scenario. Members of a terrorist organization announce one morning that they will shut down the Pacific Northwest electric power grid for six hours starting at 4 p.m.; they then do so. The same group then announces that it will disable the primary telecommunications trunk circuits between the U.S. East and West Coasts for a half day; they then do so, despite our best efforts to defend against them. Then, they threaten to bring down the air traffic control system supporting New York City, grounding all traffic and diverting inbound traffic; they then do so. Finally, they threaten to cripple e-commerce and credit card services for a week by using several hundred thousand stolen identities in millions of fraudulent transactions. Their list of actions is then posted in The New York Times, threatening further action if their demands are not met. Imagine the ensuing public panic and chaos.

Alarmist, perhaps? Far from it. The scenario is actually quoted from a letter sent by a group of concerned scientists to President Bush in February 2002. Signatories included O. Sami Saydjari, founder of the Cyber Defense Research Center; Matt Donlon, former director of the security and intelligence office at the Defense Advanced Research Projects Agency; and Robert T. Marsh, a retired Air Force general and former chairman of the President's Commission on Critical Infrastructure Protection. The scientists don't mince words about the cyberthreats facing the nation: "The critical infrastructure of the United States, including electric power, finance, telecommunications, health care, transportation, water, defense and the Internet, is highly vulnerable to cyberattack. Fast and resolute mitigating action is needed to avoid national disaster."

While the group's scenario was meant to grab attention, it also was grounded in reality. Each of the events depicted has happened (though not concurrently); some resulted from government-sponsored exercises, some from technical failures and some from actual cyberattacks. All could plausibly be triggered by a few knowledgeable people using some PCs and Internet access.

The cyberthreat to the nation's security and economy may not be as well understood to the general public as a dirty bomb or a vial of ricin in the wrong hands. But to experts in cybersecurity—those who know the vulnerabilities of the Internet and do daily combat with hackers, criminals and foreign governments trying to probe our critical infrastructure and military networks—the threat is vividly real. Indeed, the 54 scientists who signed the letter believe that a professionally coordinated cyberattack on the critical infrastructure could ravage not only the nation's economy (to the tune of hundreds of billions of dollars in damage) but also undermine public confidence in the government's ability to protect its citizens. In fact, although a cyberattack alone may lack the awful human destruction that can accompany a physical attack, because the systems controlling the critical infrastructure are often densely interconnected, such an attack could have more destructive and widespread consequences.

Amit Yoran, director of DHS's National Cyber Security Division, is said to be building a high-quality technical team at the fledgling agency.
The lead defender in protecting the critical infrastructure is the Department of Homeland Security, a collection of 23 agencies that began operations in January 2003 (see "From the Ground Up," March 2004). Spearheading the effort is the National Cyber Security Division, led by Director Amit Yoran. Like the rest of DHS, Yoran and his staff face a steep uphill climb in accomplishing the department's mission. Eight-five percent to 90 percent of the critical infrastructure rests in private hands. Yet in the absence of regulation, which the private sector often views as a poison pill, DHS has no whip; rather, it must play the role of prodder and pleader, reaching out to a leery private sector that knows it needs to harden security but wonders where the money is coming from to pay for it. As a result, many of those private-sector companies may not feel compelled to move as quickly as DHS might like. Compounding the fledgling division's challenges is its organizational immaturity: At the same time it's trying to boost cybersecurity, it's also dealing with the headaches of hiring staff, integrating IT systems, figuring out how to analyze the boatloads of data coursing through its pipelines and how to share that information. All that will take months—some say years—to sort out.

This story looks at the challenges facing DHS and its cybersecurity team, and how they're working with the private sector to address them. While regulations remain a political third-rail within the business community, DHS and some in Congress are sending signals to CEOs that serious progress had better happen fast or else regulation may turn from threat to reality.


Cybersecurity Makes a Name for Itself
Given the relatively brief history of ubiquitous computing, cybersecurity wasn't addressed at the presidential level until Ronald Reagan signed the Computer Security Act of 1987, a measure aimed at protecting the security and privacy of sensitive information in the federal government's computer systems. Recognizing the growing dependence of the critical infrastructure on information technology, President Clinton formed the President's Commission on Critical Infrastructure Protection in 1996. Led by Robert Marsh (a signatory of the aforementioned letter), the commission, consisting of both public- and private-sector members, set out to develop a national policy and implementation strategy to protect the critical infrastructure from physical and cyberattacks. In 1997, the commission, which focused primarily on the cyberthreat, issued a report that recommended improving structures and processes to promote information-sharing between government and industry, educating citizens on cybersecurity issues, revising certain statutes to address infrastructure assurance concerns and greatly improving funding for R&D into infrastructure protection.

The White House took the report and the growing infrastructure threat to heart. In May 1998, President Clinton issued Presidential Decision Directive 63 (PDD 63), which set forth a framework to address the Marsh Commission's findings. It created the National Infrastructure Protection Center (NIPC) at the FBI; the Critical Infrastructure Assurance Office (CIAO) at the Department of Commerce; and the National Infrastructure Assurance Council (NIAC), consisting of representatives from both the public and private sectors. It also called for the establishment of Information Sharing and Analysis Centers (ISACs). As with the Marsh report, PDD 63 emphasized that infrastructure protection need not be dictated by government but by market forces. Also that month, the president appointed Richard Clarke as the first national coordinator for security, infrastructure protection and counterterrorism.

Cybersecurity Time line
Read More
In January 2000, the White House issued its National Plan for Information Systems Protection, the first stab at creating a comprehensive cyberdefense strategy. The following year, a month after Sept. 11, President Bush established the President's Critical Infrastructure Protection Board to coordinate protection of critical infrastructure information systems and to recommend policies. Clarke, who was appointed special adviser for cyberspace security that same month, chaired the board. But as much as the Clinton and Bush administrations understood the need for better policy coordination, the federal government was, in fact, a hodgepodge of cybersecurity activities. A July 2002 report by the General Accounting Office identified at least 50 organizations involved in national or multinational critical infrastructure cyberprotection efforts.

As the fallout from 9/11 continued, some members of Congress began calling for a Department of Homeland Security to centralize the nation's counterterrorist efforts and protect the homeland. The Homeland Security Act of 2002, which created the department, established the Information Analysis and Infrastructure Protection Directorate (IAIP) within DHS as the place where cybersecurity efforts would now be coordinated.


DHS as Chief Cybercop
As DHS tried to hit the ground running, it needed to spend a good chunk of time just lacing up its shoes. Some observers expressed serious concerns last year when the department absorbed a number of existing organizations that had been making steady progress on cybersecurity in the critical infrastructure. In March 2003, NIPC (except for the Computer Investigations and Operations Section), CIAO and the Federal Computer Incident Response Center were transferred to DHS. Getting those groups under the same umbrella made sense. But Michael Vatis, the founder and former director of NIPC, testified before Congress last April that even though more than 300 positions were transferred from NIPC to DHS, most of the incumbent staffers found other positions in the FBI; only 10 to 20 actually made the move. Further complicating recruitment, DHS had not yet created its National Cyber Security Division.

Whether recruiting has improved is open for debate. James Lewis, senior fellow and director of technology policy at the Center for Strategic & International Studies, says getting talented people to join DHS is still a tough sell. "The problem they have is that DHS is relatively weak, as agencies go. It routinely gets beaten out by the FBI or CIA.... It's the new kid on the block," he says.

On the other hand, Alan Paller, director of research at the SANS Institute, believes Yoran has nabbed a bunch of good hires. "They're building a high-quality technical team—that's what Amit is doing. He knows how to hire really solid technical people and motivate them," Paller says, adding that employees like working with Yoran because, rather than being an inexperienced appointee, he comes from a cybersecurity background. (Yoran, a former military officer, worked at Symantec before joining DHS.)

As the agency struggled to begin operations, it also had to absorb the loss of Clarke, one of the country's foremost cyberterrorism experts. Clarke resigned just before the president removed the position of cybersecurity czar from the White House. Although many observers speculated that Clarke resigned in frustration at the loss of his White House post, he vehemently denies that. "I was not about to be absorbed—anybody that says that doesn't know what they're talking about." Clarke, now chairman of Good Harbor Consulting, says he left "because I'd completed 30 years of government service, because I'd just finished the project I had undertaken for the president, which was developing the National Strategy to Secure Cyberspace."

Howard Schmidt, the former CSO of Microsoft and vice chair of the infrastructure board at the time, succeeded Clarke as a White House adviser on cybersecurity. But within a few months, Schmidt resigned as well, becoming CISO of eBay.

After a long search, DHS Secretary Tom Ridge appointed Yoran to head the new National Cyber Security Division. Yoran, who reports to Assistant Secretary for Infrastructure Protection Bob Liscouski, took office in October.

Howard Schmidt, a former White House adviser on cybersecurity, worries that the relationship between the cyber and physical infrastructures isn't well understood.
Even though Yoran has been crowned the new cybersecurity czar, critics worry his kingdom has lost some power. The departures of Clarke and Schmidt and the removal of the cybersecurity position from the White House prompted questions about the administration's commitment to the issue. Clarke himself believes cybersecurity has fallen somewhat off the administration's radar. "Basically, what we've done is taken the former position we had until a year ago—where the senior person worrying about cybersecurity was a special adviser—and now that person is an office director," Clarke says. "That sent a message that was very widely interpreted by industry of the administration downgrading the importance of the issue."

Jeffrey Hunker, former senior director for critical infrastructure in the White House and now a professor of technology and public policy at Carnegie Mellon, agrees. "Now you're putting it essentially below a secretary, several layers down in a big department," he says. "My experience has been that what it really means is a lack of access, or that it limits access to the Cabinet and the presidential level."

Yoran disagrees about the access issue. "I'm there [at the White House] at least once a week, more frequently twice a week. I can assure you cybersecurity has visibility at the most senior levels of the White House and has their attention. Folks who've spent time in Washington know it's very clear the White House doesn't have an operational role. Actual operations take place in the agencies. Placing cybersecurity in DHS very clearly demonstrates we're in the implementation phase of the national strategy," he says. Lewis concurs. "Cybersecurity only makes sense if it's integrated into the larger critical infrastructure strategy. They did the right thing by putting it in Liscouski's group," he says.


Is the National Strategy Sensible or Toothless?
The National Cyber Security Division has a smorgasbord of responsibilities as it continues ramping up. It's tasked with responding to major incidents, conducting cyberspace analysis, improving information-sharing, issuing alerts and warnings, and aiding in national recovery efforts. The division is also charged with implementing the Homeland Security Act of 2002 and the National Strategy to Secure Cyberspace. In announcing creation of the division last June, Ridge said that its work would focus on "the vitally important task of protecting the nation's cyberassets so that we may best protect the nation's critical infrastructure."

The strategy document, like many of the things associated with DHS, has its share of passionate supporters and critics. It lays out five critical priorities:

  • Developing a national cyberspace security response system

  • Developing a national cyberspace security threat and vulnerability reduction program

  • Developing a national cyberspace security awareness and training program

  • Securing the cyberspace of all levels of government

  • Assuring national security and international cyberspace security cooperation

In fall 2002, Clarke was set to release the document at a Stanford University ceremony. But before the release, the strategy was put on the back burner. Lobbyists for businesses likely to be affected by the report (including those in the software, security and telecom industries) had successfully squelched certain provisions in earlier drafts. One, for example, called for ISPs to provide users with personal firewalls; another mandated improved wireless security. When the strategy was finally released in February 2003, some complained it had been left with little bark and even less bite. Its main cornerstone was that cybersecurity should, for the most part, be left to the private sector. While business generally applauded the strategy, many security experts derided the reliance on voluntary action as a capitulation to powerful lobbying interests.

If there is one-size-fits-all government regulation on cyberspace, you'll have a least-common-denominator solution. Over time, that won't work.

—RICHARD CLARKE

Clarke defends the strategy. Referring to those who think it lacks teeth, he says, "That's kind of a trite criticism. People who say that, one assumes, are advocates of government regulation. If there is one-size-fits-all government regulation on cyberspace, you'll have a least-common-denominator solution. Over time, that won't work. Hackers and other criminals will work their way around whatever homogenous solution you come up with."

Schmidt points out that the government sought plenty of input from around the country. "We did 12 town meetings. We met with the public, CEOs, home users and security technicians. Never before had [a strategy] been vetted so thoroughly." Like Clarke, Schmidt says the result was "a good, balanced approach to the problem."

A Bunch of Hacks
How vulnerable are the nation's computer networks? How much devastation can cyberattacks wreak?
Read More

Paller begs to differ. "It lacks teeth, " he says simply, noting that between the first and final drafts, most of the good ideas were lost. "That was the pinnacle of the business power movement in cybersecurity, the last editing of the plan," he says. "The specific proposals—the 'we will' and 'you must'—disappeared."


Assessing the Threat
How vulnerable is the United States to a massive cyberattack on its critical infrastructure? What are the bad guys zeroing in on? "It's absolutely feasible for a massive attack to take out huge segments of the Internet," says Paller. But he adds that the probability of that happening is pretty low. One reason, he says, is that the bad guys earn a living from cybercrime. Taking down the Net would damage their lifeblood, the digital hand that feeds them. Paller thinks a more likely event would be on a smaller scale, such as taking out the electrical system in some areas.

Tom Longstaff, manager of survivable network technologies at the CERT research and analysis center, is currently focusing on how to look at sensors all over the nation's computer networks to see what kinds of problems are lurking there. The biggest threats he sees fall into two categories. The first is aimed at the Internet itself. "We're seeing attacks targeting specific points in the infrastructure, not necessarily to bring it down, but to control it. These kinds of attacks focus on the mechanisms that make the Internet work," he says. One kind of attack he's seeing more of targets domain name services, undermining trust that the typed URL will bring a user to a legitimate webpage, or that an e-mail will actually go to its intended recipient.

CERT's Tom Longstaff sees a growing risk to Scada systems controlling physical processes at infrastructure elements such as power grids, gas lines and manufacturing plants.
The second worrisome category of attacks involves the interfaces between the cyber and physical worlds: Scada (supervisory control and data acquisition) systems and other process control systems that connect to power grids, gas lines and manufacturing plants. Longstaff notes that in the past, these sorts of physical systems weren't well connected to the Internet. Now, though, as companies have cut personnel and installed technology to make them more automated and efficient, the physical components of the critical infrastructure are much more vulnerable to cyberattack. "There are small computers in the field or in a manufacturing line feeding into larger computers [that] feed into business computers that are connected to the Internet.... In some cases the security is very good. But that's far from the industry standard," he says.

Schmidt sees a huge challenge in trying to understand the interdependencies that exist where electronic networks interface with the physical world. When the Slammer worm hit in January 2003, for example, people couldn't get cash out of some ATMs that connected to back-end databases compromised by the worm. Schmidt worries that the relationship between the cyber and physical infrastructure isn't well understood. He recalls that when he used to ride the train between Washington and New York, he took notice of a bunch of nondescript brick buildings along the tracks in Philadelphia. When he asked local law enforcement officials what they were doing to secure those buildings, he was told, "We're not doing anything. Nobody wants to break into those; they're just computers."


Carrot or Stick?
Last December, DHS, along with four business associations (the Information Technology Association of America, Business Software Alliance, TechNet and the U.S. Chamber of Commerce), organized a National Cyber Security Summit in Santa Clara, Calif. Some 350 people from government, academia and industry attended the closed event. Working groups were formed to deal with establishing a cybersecurity early warning system; developing technical standards and common criteria around information security; making management of cybersecurity an integral part of corporate governance; creating better security awareness among home computer users and businesses; and increasing security in software development, installation and patch management.

This sort of private-sector outreach is part of DHS's mission, which emphasizes building a strong public-private partnership to tackle cybersecurity. But all wasn't lovey-dovey in Santa Clara, according to Dan Burton, vice president of government affairs for Entrust, a digital identity security company. DHS's Liscouski delivered a stern message to the attendees. "He basically said we're at war. Industry is not doing enough, and we have no qualms about going to Congress and passing legislation to change [industries'] ways. It was a broadside toward industry at large," Burton says.

"That's not the best way to come across to the [private] sector," says Suzanne Gorman, who chairs the financial services ISAC and attended the summit. But with viruses, worms and other attacks sure to continue—and likely become more destructive—DHS seems to be delivering a not-so-subtle message: Industry secure thyself, or we'll start lighting fires under your feet. The five working groups delivered reports last month, and another summit is planned for September. If DHS determines then that enough progress hasn't been made, businesses may hear unpleasant news from Washington.

Waiting in the wings on Capitol Hill, and casting a keen eye on the task forces' progress, is Rep. Adam Putnam (R-Fla.), the youngest member of Congress. Last fall Putnam, who chairs a House subcommittee on technology and information policy, drafted legislation (the Corporate Information Security Accountability Act of 2003) that calls for companies to disclose annually to the SEC an audit of how they're doing on information security. Compliance with Putnam's legislation could involve performing independent corporate security and risk assessments, and developing risk-mitigation, incident-response and business-continuity plans.

Putnam circulated the draft for feedback from industry and other groups. Not surprising, it generated a number of concerns, including the view that more regulation isn't the answer. Says Bob Dix, the subcommittee's staff director, Putnam listened to the private-sector feedback and decided to hold his legislation in abeyance for a period of time. Putnam, Dix says, challenged corporate America to come up with an alternative approach to "meaningfully move the ball down field to get significant improvements." In the meantime, Putnam and his staff assembled a working group from the private sector and academia to report back to him on ways that corporate information security can be improved. His report was due out around the same time as the findings from the Cyber Security Summit working groups.

While Putnam sees regulation as a last resort, Dix implies it's up to the private sector to take action. "The potential for a combined cyber and physical attack is frightening," he says. "We have reason to believe there are vulnerabilities that exist in the critical infrastructure that need to be addressed now."



Senior Editor Todd Datz can be reached at tdatz@cxo.com.

PHOTO OF YORAN BY DRAKE SOREY; SCHMIDT BY JAY BLAKESBURG; LONGSTAFF BY RIC EVANS

The Interactive Nightmare

The best thing about the modern computer network is also its chief liability: Everything's connected, with on-ramps conveniently located everywhere.  BY TODD DATZ

http://www.csoonline.com/read/040104/nightmare.html?action=print
All Credit to 2002-2007 CXO Media Inc.

Email It | Print It | Comments (0) | Trackbacks (0) | Flag as Offensive

More ESP Group's Cybercop Use in DOE and during Clinton WH Years
Wednesday, March 28, 2007 6:32 PM


"Safety and Security Oversight of the New National Nuclear Security ...49 Material submitted for the record by: Department of Energy, ... In 1998, Sandia began a network scanning process (using ISS/ CyberCop) almost a year ..."

Spotting intruders

BY BRIAN ROBINSON

As government concerns about the threat of cyberattacks on critical systems escalate, intrusion-detection technology is poised to become the next line of defense for federal agency computers.

Intrusion-detection technology works much like burglar alarm systems installed in many homes. Just as burglar alarms alert homeowners when someone has broken through a locked window or door, intrusion-detection systems alert systems administrators when hackers have gotten past a firewall, making it possible to thwart the attack and even track down the intruder. The technology resides either on a host computer or at key points on the network (see "How they work").

 

How they work
Intrusion-detection systems are used to detect unusual activity in a network of computer systems, to identify that activity as unfriendly or unauthorized and to enable a response to that intrusion. There are two main implementations:

1. Network-based intrusion-detection systems use monitors placed at strategic places on a network to examine data packets to see if they conform to known attack "signatures."

2. Host-based intrusion-detection systems employ intelligent agents to continuously review computer audit logs for suspicious activity, and they compare each change in the logs to a library of attack signatures or user profiles. They also poll key system files and executable files for unexpected changes.

When an intrusion is detected, the intrusion-detection system can react in a number of ways - from alerting a systems administrator and recommending various actions to automatically kicking the intruder off the network.

For the government, the ultimate goal is to link all intrusion-detection systems into a network that will allow all intrusion-detection systems in federal agencies to be instantly updated about attacks that occur at any point on the network.

Deploying intrusion-detection systems in government was a stipulation of Presidential Decision Directive 63 on critical information protection, issued last May, and intrusion-detection systems were a prominent part of President Clinton's January proposal of a $1.46 billion fiscal 2000 program to counter cyberterrorism.

PDD 63, which many people see as the driving force behind use of intrusion detection in the government, was the result of a study launched by the White House in 1997 of the nation's critical information infrastructure. But its intent was dramatically underscored just a few months before its formal announcement when hackers, using tools and techniques readily available through the Internet, launched the now-infamous Solar Sunrise attack on Defense Department computers.

PDD 63 reflects concern about the growing number of intrusions being reported across the nation. In 1998, the Computer Emergency Response Team (CERT), part of the federally funded Software Engineering Institute, reported that it handled 3,734 incidents in the public and private sectors, compared with 2,134 in 1997 and 2,573 in 1996. Since 1988, when it began operations, CERT has handled a total of 16,096 incidents and has issued 184 advisories and 61 bulletins. These numbers reflect the number of incidents CERT has determined are significant enough to require its analysis.

DOD already has an intrusion reporting system, in which intrusions are reported from lower-echelon commands to higher commands and then to the Defense Information Systems Agency, which collects and collates the information. On the civilian side, the National Infrastructure Protection Center, located within the FBI, also is planning an intrusion-detection reporting system.

"The NIPC has developed an architectural concept to protect the most sensitive of these [federal systems] in real time, providing nearly instantaneous alerts of an ongoing penetration to both the system operator and an NIPC technical analysis center," said Terry Maynard, chief of the NIPC's analysis and warning section, in a recent presentation to the Energy Security Forum. "As mandated in the president's directive, and with the approval and resources from Congress, we plan to begin to deploy that system in fiscal 2000 and expect to protect more than 200 federal systems by fiscal 2003."

In current intrusion-detection technology, most of this intrusion reporting has to be done manually. But the ultimate objective is to put intrusion-detection systems into all government systems and tie them together in a network so that each system will eventually "talk" to the others on the network. In this way, the notification of an attack on one government site instantly would be transmitted to the rest of the government, along with the method of attack and other details that agencies could use to guard their systems from similar intrusions.

There's confidence that this will happen. CERT, located at Carnegie Mellon University's Software Engineering Institute, has been a center for network incident reporting and analysis for the past decade. According to Jed Pickel, a member of CERT's technical staff, there is no way of automatically reporting incidents now. "But absolutely we will see an automated structure in the future," he said.

It is an ambitious goal because agencies already have their hands full dealing with their own networks, observers said. Most agencies are running complex networks that are not plain-vanilla versions from one vendor, said Bill Hadesty, director of security standards and evaluation at the Internal Revenue Service. Agencies have installed a fair number of basic security devices, such as packet sniffers, but networking those across a single organization would impose significant overhead, Hadesty said.

And government agencies have had a great deal of difficulty interfacing with each other "and [difficulty with] easier issues than this," he said. "There are many disparate systems out there, and there's a lot of trusted interfaces between systems that need to be put in place, so I think this [interagency intrusion detection] is still some ways off," Hadesty said.

Getting a handle on exactly how extensively intrusion-detection systems are being used in the government is difficult, however. There is little public information available, and agencies, for obvious reasons, are stingy in releasing information security data. Most agencies refuse to comment on either current or future plans for deploying intrusion-detection systems.

One federal official, who asked not to be identified, likened the situation in government to that in Fortune 500 companies. Neither is that far along, he said, because "after all, it's a brand-new technology, for all intents and purposes."

Paul Proctor, chief technology officer with Centrax Corp., a San Diego-based security provider that opened in September, believes the overall deployment of intrusion-detection systems in the federal government ranges from bad to poor. "I would guess that for network-based intrusion-detection systems, only 5 to 15 percent of government IT sites employ it," he said. "For host-based intrusion-detection systems, the kind that helps most directly in the battle with insider intrusions, it's probably less than 2 percent."

Before joining Centrax, Proctor spent 10 years at Science Applications International Corp., where he oversaw deployment of intrusion-detection systems at several large federal installations.

Burgeoning Market

While still a relatively new technology, agencies have a number of fairly robust commercial intrusion-detection products from which to choose, many of them based on technology originally developed by DOD and turned into commercial products by specialized security companies.

Commercial products include Axent Technologies Inc.'s Intruder Alert, Network Associates Inc.'s CyberCop and Centrax's eNTrax.

As the market for intrusion-detection systems grows - the Boston-based Yankee Group estimates the total market could be worth about $750 million by 2003, compared with just less than $160 million last year - deep-pocketed players such as IBM Corp. and network equipment vendor Cisco Systems Inc. are expected to take a more prominent role.

Cisco, in fact, already is making a play with NetRanger, a product that originated with the WheelGroup Corp., which Cisco acquired from BTG Inc. just over a year ago. WheelGroup commercialized technology initially developed by the Air Force.

NetRanger includes two components, called Sensor and Director. Sensor can be situated anywhere on a network. Using a real-time intrusion-detection engine, it examines the header and the content of each data packet that passes by its position on the network as well as the relationship of those packets to adjacent and related packets. If Sensor notices a violation in the network policy, which sets how the network manages things such as packet flow, it sends an alarm to the centrally located Director console, where the human network administrator can decide what action to take.

NetRanger also can proactively work with Cisco routers on the network. The user can configure the system to automatically shun or eliminate specific connections by changing access control lists on the routers. Any unauthorized traffic from internal users or external intruders can be blocked.

This integral approach to network security is becoming the norm in users' minds, according to Jim Massa, director of Cisco's global government alliance. "There are changing perceptions of what security is," he said. "People used to ask how to bolt security onto networks; now they are looking for secure networks. Security is now one of the first words they utter."

A real-time intrusion-detection product widely used in government is RealSecure, from Internet Security Systems Inc., Atlanta. This product combines network-based and host-based intrusion-detection systems.

RealSecure's network engine runs on dedicated workstations and examines network packets for various attack signatures. When it detects an attack or misuse, it passes an alarm to a network management console for action by an administrator, or it can be configured to automatically terminate a connection, reconfigure firewalls or do anything else the user might want to have happen if an attack occurs.

The RealSecure system agent sits on a host computer and analyzes the logs on that host to determine when an attack is occurring. It also can send an alarm to a central console, or it can automatically reconfigure the Real-Secure engine or firewalls to prevent incursions based on the attack just analyzed.

"In the future, we will probably split the product even further and take intrusion detection down to the application level itself, such as the database," said Mark Wood, product manager for ISS' intrusion-detection products. "We will also take it into 'softer' areas of misuse. In the commercial world, for example, employees could be cutting themselves checks. You can't write a pre-defined signature to protect against that kind of event, but nevertheless you need the protection."

Technical Obstacles

For what they are called on to do, current products work fairly well, but they already are bumping up against obstacles caused by the evolution of network technology, observers said.

One major problem is the creation of switched networks, in which organizations arrange networks into segments with switches that link the segments and direct network traffic along the fastest route to its destination. The increasing use of switched networks in organizations means a network intrusion-detection sensor will be needed for each switched segment, which organizations are unlikely to try if doing so means deploying as many network sensors as desktop systems in a fully switched network.

The arrival of virtual private networks also brings new problems. VPNs allow organizations to establish links between their local-area network and outside users by creating a secure path across the Internet or another public network. Unfortunately, the network traffic largely will be hidden from the intrusion-detection sensors.

One pervasive problem in the future will be the increasing speeds of networks, vendors said.

"Moving from 10 megabits/sec Ethernet speeds to 100 megabits/sec Fast Ethernet and beyond quickly outpaces first-generation network sensor products that were designed several years ago," said Tom Clare, product manager for Network Associates' CyberCop. "At best, they can handle 10 to 20 megabits/sec if traffic is light. On a 100 megabits/sec wire, [first-generation sensor products] have been shown to monitor less than 6 percent of the traffic, which means 94 percent goes by unmonitored."

Vendors are working on fixes to this, including "acceleration" products in software and firm-ware that will allow intrusion-detection systems to suck data packets off the network faster.

NetBoost Corp. has come out with a solution that could go beyond software-based solutions, the company said. The product uses custom silicon - a programmable processor with necessary support systems - to provide a fully programmable subsystem that can run several security applications at once. It enables dynamic reprogramming of applications at almost wire speeds, which, for intrusion-detection systems, means they readily can keep up with the speeds of the networks they monitor.

"[Current intrusion-detection systems] can't even keep up with a T-3 [45 megabits/sec connection], let alone a Fast Ethernet," said Len Rand, president and chief executive officer at NetBoost. "Ten megabits/sec is the maximum speed at which they can operate. You can get higher speeds, but with all of the packet header processing, etc. that needs to be done on the extra data, this can get pushed back onto the host."

The NetBoost product will enable intrusion-detection systems to work with such things as firewalls and VPNs to allow the network administrator to manipulate the system to maintain all the necessary network policies, Rand said. Some firms already have announced their support for NetBoost's product, including ISS.

Uncertain Future

Disruptive though the current kinds of intrusions may be, top-level government officials worry that a larger threat looms: sustained and systematic attacks by organized forces. For example, early last year the Navy discovered a new kind of intrusion that involved a number of attackers operating from a highly distributed base for a long period of time.

Air Force Lt. Gen. Kenneth Minihan, director of the National Security Agency, took his concerns to the Senate Governmental Affairs Committee last June. While the unstructured threat from people with limited or-ganization and short-term goals always poses a threat, national security is not targeted, he told the Senate committee. But NSA is concerned with the structured threat "since that threatens system survival," he said.

Larry Dietz, director of information security for Current Analysis Inc., a Sterling, Va.-based market analysis firm, sees things moving this way. "Adversaries on network intrusions will evolve from individuals to teams," he said, "and because of that, the target in the future should be seen as the enterprise as a whole rather than individual networks. I don't think people will be able to put up a defense, as such, against these types of attack, so that puts even more emphasis on intrusion-detection systems since folks will want the ability to at least detect these problems so they can minimize the harm done by them."

Attackers use long-term intrusions to get an idea of what the networks are, where they are and how they are developing, according to Mark Fabro, worldwide director of professional services for Secure Computing Corp. Intrusion-detection systems can handle the real-time burst attacks well because these systems can see the attacks and gauge whether they break the attack thresholds of the perimeter defenses. But for now, "intrusion-detection systems are not offering a great amount of resistance to long-term reconnaissance attacks," Fabro said.

Concern about long-term threats is the impetus behind the recent push to deploy intrusion-detection systems as part of a concerted Defense initiative.

The Defense Advanced Research Projects Agency already has begun to work on such a project, with hopes of involving the civilian agencies as well.

The project will link intrusion-detection systems across different organizations so t