Consortium demos secure network

Oregon Regional Alliance for Information and Network Security

A public/private consortium in Oregon is developing a secure information network that was created as a direct result of homeland security concerns.

The consortium responsible for developing the Oregon Trial of Emergency

and Security Technology (O-TEST) demonstrated the model in Washington, D.C.,

Nov. 13.

"It is a protocol of communication that is IP-based and lives on top

of a public network that provides a secure point-to-point data interchange,"

said Wyatt Starnes, president and chief executive officer of Tripwire Inc.

and a member of the board of directors of RAINS — the Oregon Regional Alliance

for Information and Network Security.

The consortium was formed as a direct result of the Sept. 11, 2001,

attacks, Starnes said, to improve the cybersecurity of government systems

and critical infrastructures, such as banking and finance, transportation,

electricity, water and communication systems. It is made up of more than

40 Oregon-based cybersecurity and technology companies and the Oregon University

System, supported by several state and Portland government agencies.

The federal government's call for private partnership in solving such

problems also spurred formation of the group.

Charles Jennings, RAINS board chairman and the CEO of Swan Island Networks

Inc., said that before Sept. 11, the public and private sectors focused

on technology performance, proficiency and mass penetration. "Security at

best was a very poor stepchild," he said. Now people realize cybersecurity

is important, but there's still a lot of work to do.

RAINS officials believe O-TEST is a step in the right direction.

Charlie Kawasaki, a board member and CEO of RuleSpace Inc., said O-TEST

is not intended to be the technological answer, but it should be regarded

as an ongoing test environment that is constantly evolving. "The ultimate

goal is to build a blueprint of best practices," he said.

O-TEST is not a peer-to-peer system, but does facilitate secure and

encrypted information sharing using rich media and other technologies. Officials

called O-TEST a work in progress that can be deployed on any platform, upgraded

with new technologies, or can act as a complement to the existing systems

of an organization.

It is aimed at first responders, critical infrastructure owners and

operators, and to all levels of the public sector.

The demonstration Nov. 13 showed a suspicious vessel heading up the

Columbia River toward Portland. Immediately the city's emergency operations

center — which would likely be in charge of such an incident — was notified

and, in turn, sent notifications to appropriate agencies, whether 911 centers,

police and fire departments, and other city agencies.

A user would get the notification on his terminal and then use an authentication

tool — such as a digital watermark embedded in the user's identification

card — to log on to the secure network. The user could then get a description

of the incident as well as a photograph of the vessel, audio files of individuals

in the field, satellite imagery and other pertinent geographic images.

If the vessel began discharging toxic gas or liquid, system users could

see which ports have been secured, or download information about how to

contain the gas or spill. Other news and information could be accessed as

well.

Jennings said a key design principle of O-TEST is survivability. Information

wouldn't be stored in one central database, but locally. So if one system

goes down, other O-TEST nodes would have information and still be linked.

By early next year, the nonprofit organization hopes to have the system

deployed for testing in the Portland area. That would be followed by a second

phase where more regions or states would be set up with the system.

Jennings said the group also is talking with officials in Pennsylvania

and Virginia. The National Governors Association has asked for a demonstration

as well as the Defense Department's Advanced Concept Technology Demonstration,

a program designed to fund the rapid fielding of new technology.

The group has also gotten support from Oregon Sen. Ron Wyden and the Critical Infrastructure Protection Board, while high-level officials from the National Science Foundation and the National Institute of Standards and Technology have expressed interest.

Starnes said that although the group — which was given seed money by

the Oregon Economic Development Department — has spent less than $100,000,

the next two phases are projected to cost about $6.5 million.

He said that the recently passed Cyber Security Research and Development

Act (S. 2182), which would provide more than $900 million over five years

for cybersecurity research and development, may be a funding option.