NEWS AT SEI
This article was originally published in News at SEI on: June 1, 2002
Many people imagine that CERT Coordination Center (CERT/CC) staff members spend their days sitting at computers researching cyber security incidents, and think of Secret Service agents as the people in the dark glasses standing behind the president. So why were they working together in the Information Technology Center at the 2002 Winter Olympic Games? Because security is not what it used to be.
Agents must constantly be aware of potential threats posed by the use of emerging technologies—and these days they have to be able to fight criminals by using computers as competently as they use guns. The CERT/CC began an 18-month collaboration with the United States Secret Service in October 2001 to help the service determine how the security of information networks can affect physical security.
"We are a completely different service now than we were even five or six years ago," says Cornelius Tate, the SEI's resident liaison from the Secret Service. "We still use traditional protection methods, but now there is a whole new layer."
Besides providing for the physical protection of designated government officials and visiting heads of state, the Secret Service also provides security at events of national significance, shares federal jurisdiction with the FBI for investigating and prosecuting cyber crime across state lines, and safeguards the financial system of the United States.
Special Security for Special Events
Soon after their collaboration began, CERT/CC staff members accompanied Secret Service agents on advance trips to the 2002 Olympic Games and to Super Bowl XXXVI, which had been designated as national special security events by the U.S. Congress. When an event receives this designation, the Secret Service assumes lead responsibility for the design and implementation of the operational security plan.
CERT/CC staff members were also present in the Olympic Information Technology Center with the Secret Service from the time the athletes arrived until the closing ceremonies, gathering information for the development of a methodology that will help agents identify and plan a response to cyber threats that could be used to cause physical harm. Taking what they learned from their advance trips to the Olympics, they also traveled to New Orleans to assess potential cyber/physical security risks before the Super Bowl.
Training agents to recognize and mitigate these risks is important because the link between cyber and physical security is increasing as organizations become more dependent on networked systems. Many things that used to be controlled mechanically—such as elevators, lights, and door locks—are now controlled electronically and are affected by networked systems. At the Olympics, software applications were used not only to relay up-to-the-second event results to the media, but also to provide security clearance and access to the venues. In such situations, a cyber security breach could lead to vulnerabilities in physical security.
Focusing on Prevention
Many of our nation's critical-infrastructure industries (such as power grids, banking and finance systems, and the water supply) now depend on networked systems as well. Some Australian residents were made acutely aware of this when a disgruntled worker hacked into a computerized waste-management system and caused millions of gallons of raw sewage to spill out into local rivers, parks, and the grounds of an upscale hotel. The worker had made more than 45 attempts to take control of the waste system without being detected.
While most organizations realize that they need to protect their systems from outside intruders, many do not realize that the greatest threat could come from an employee who has access to the organization's computer network every day. The Secret Service National Threat Assessment Center (NTAC) previously conducted studies of assassins and school shooters and has now expanded its scope to include this insider threat. NTAC is hoping to become aware of potential problems before it is too late to take action. The CERT/CC is using its technical expertise to help NTAC identify changes in employees' online behavior that might signal a cause for concern when considered in combination with changes in their behavior offline.
Protecting the Nation's Financial Infrastructure
The Secret Service has traditionally been responsible for safeguarding the financial system of the United States, and protects against a host of illegal electronic activities, such as credit card fraud, identity theft, and the production of U.S. currency through electronic means. In the past, an intruder might have used a gun to commit a robbery, but now cyber criminals possess skills that could enable them to use a personal computer to gain access to thousands of credit card numbers through an insecure e-commerce site.
The Secret Service realized that it could not protect consumers from these kinds of fraud unless it knew as much about computer networks as the criminals did, so it formed the Electronic Crimes Special Agent Program (ECSAP). As part of its collaboration with the Secret Service, the CERT/CC is currently performing a training and needs analysis for ECSAP. Although ECSAP agents will be the first to receive new training materials developed during this collaboration, every agent coming into the Secret Service will eventually benefit from this research.
Working Toward Common Goals
"We view the collaboration with the CERT/CC as a valued partnership and a tremendous opportunity," says Special Agent Tate. "We bring hands-on experience, and the CERT/CC provides a research and development capability that extends beyond the scope of our traditional protective mission." Tom Longstaff, manager of research and development for the CERT/CC, adds, "The goals of the Secret Service align very closely with the goals of the CERT/CC. We both need to be proactive, to be able to recognize potential threats early and then head off problems before they happen."
Working with the Secret Service to develop specialized training materials is one of the many ways that the CERT/CC is using its extensive research to protect the systems through which we are all becoming increasingly connected.