Companies taking over cyberalerts

FedCIRC

Federal agencies soon will have a commercial resource at their beck and call when dealing with security vulnerabilities and cyberattacks.

The Federal Computer Incident Response Center, the central civilian organization for security alerts and recovery, last week signed a contract with Science Applications International Corp. and its partner Global Integrity Information Security to provide the day-to-day operations for the center.

Responsibilities include issuing vulnerability alerts and helping agencies respond and recover when actually hit with a cyberattack, said Dave Jarrell, director of FedCIRC, which is based at the General Services Administration.

That service has been provided by the Computer Emergency Response Team Coordination Center at Carnegie Mellon University. The partnership with Carnegie Mellon will continue, but the CERT Coordination Center will focus on analysis, such as determining patterns in attacks, Jarrell said.

"Their strength is in their analytical capabilities," Jarrell said Wednesday at the GSA Federal Technology Services Networking conference in Las Vegas.

SAIC and Global Integrity — now part of Predictive Systems Inc. but an SAIC subsidiary until last year — have secure operations centers around the world, including in Japan and Europe. This will enable them to quickly gather vulnerability information to form alerts no matter where the problem starts, said Gene Hunt, corporate vice president of the system security and engineering operation at SAIC.

The two companies proved their effectiveness during the "ILOVEYOU" e-mail virus from the Philippines in May 2000. They were able to inform their customer, the Financial Services Information Sharing and Analysis Center, about the virus and how to counteract it hours before even the Defense Department could spread the word to the United States.

Now with FedCIRC, SAIC will be able to inform civilian agencies of potential threats found by other customers, such as the FS/ISAC, Hunt said.