Agencies lay groundwork for intrusion-detection network

A group of federal agencies has completed the initial model of a governmentwide intrusion-detection network that will provide a common center for response to cyberattacks on agencies.

The Federal Intrusion Detection Network (FIDNET) is in the very early stages of development, and the group of federal agencies heading the development effort recently agreed on possible agency responsibilities and a reporting structure, said Tom Burke, assistant commissioner of information security at the General Services Administration's Federal Technology Service, today at the Outlook 2000 conference in Falls Church, Va.

GSA, the Critical Infrastructure Assurance Office, the National Security Agency and the FBI's National Infrastructure Protection Center are all developing FIDNET as part of President Clinton's directive to protect the nation's mission-critical systems. The system is intended to provide all agencies with intrusion-detection systems that will allow agencies to locate incidents across the government as soon as they occur. It also will serve as a center for analysis of intrusions or attacks.

The system will be made of three main blocks, with the civilian agencies reporting to the Defense and intelligence agencies and possibly a full-time program management office overseeing the whole system. FIDNET is based on the Defense Department's incident-reporting network, which is much further along than the efforts in the civilian agencies. "We're looking to leverage the work that has already been done at Air Force and DOD so we don't duplicate their effort," Burke said.

The blocks eventually will include a similar network being developed in the private sector and the Federal Computer Incident Response Capability center at GSA, Burke said.