'Cyber-radar' will alert feds to CPU break-ins

The Defense Information Systems Agency is finalizing plans for a "cyber-radar" system that would link more than 30 sites throughout the Defense Department and various law enforcement and intelligence agencies to beam real-time reports on computer break-ins to a central location.

The Automated Intrusion Detection Environment (AIDE) will use existing internal and external security sensors such as firewalls network management tools intrusion-detection devices and anti-virus software to create a global integrated intrusion-detection system for the military and other federal agencies said DISA's Lt. Col. Perry Luzwick project director. An interface layer called a data bridge will be inserted next to each of these sensors.

The interface will collect and correlate intrusion data generated from the sensors and beam it to a central location where it will then be monitored by officials at a regional operational control center. AIDE alerts operators of a system that has been broken into as well as other participating agencies within "nanoseconds" of an intrusion so that they can quickly respond Luzwick said.

For example during an electronic attack the control center would determine that a specific network has been broken into and perhaps pinpoint the "bad actor" in an exploited system so that other operators who may be connected to that system could respond he said. At the same time law enforcement agencies which would probably be charged with tracking down the intruders would be notified of the attack in real time.

Participants in the project include nine commanders in chief (CINC) the Army the Navy the Air Force the Marines and 16 other agencies and organizations. "If you look at all the CINCs...all these guys need to do their [own] things but they should all feed into a core...where a few people know what's going on and can direct the offensive and defensive [response to electronic attacks] " Luzwick said. "Not everything gets reported on a global level. I want everything reported to me. What I'm concerned about is getting partial reports or in some case no reports.

I need to have a global picture of what's going on." DOD plans to launch AIDE next year at a cost of about $13.7 million. Many federal systems - those that support DOD in particular - have been a favorite target of intruders. A General Accounting Office report estimated that in 1995 DOD may have experienced as many as 250 000 attacks to its computer systems.

Of those attacks 64 percent succeeded in gaining access to DOD systems according to the report. Furthermore only 4 percent of those attacks were detected by system operators and only one in 500 was reported. DOD systems are particularly vulnerable to intrusions because of the types of information stored on systems and communicated via networks.

According to various federal officials attending an information warfare conference in Vienna Va. last week DOD is developing security systems similar to this to fend off attacks that could involve an enemy intercepting electronic messages regarding troop movements gathering electronic intelligence about the locations of various aircraft or other scenarios that could cripple U.S. military defenses.

Still DOD requires more protection said Anita D'Amico manager of information warfare for Northrop Grumman Corp. DOD agencies need to expand their efforts to defensive responses such as denying an intruder information and offensive responses such as overloading an intruder's system with an avalanche of information to disable it. They need to focus on recovering D'Amico said.