GSA's center of activity

A long-term goal of the General Services Administration's Federal Computer Incident Response Center has been to create a governmentwide security data analysis center.

All agency-specific incident information would be examined to detect trends and possible incidents that were not obvious attacks when looking only at information from one or two agencies, said Sallie McDonald, assistant commissioner for information assurance and critical infrastructure protection at GSA.

FedCIRC, which serves as the central point for incident warnings, analysis and response for civilian agencies, is still working on methods for effectively collecting information from individual agencies. This includes using Extensible Markup Language-based forms to allow for easy reporting of incidents, said Mark Forman, associate director for information technology and e-government at the Office of Management and Budget.

But even without having all the information, officials want to make sure they have the ability to use it, McDonald said.

The CERT Coordination Center at Carnegie Mellon University in Pittsburgh is leading the work to develop the data analysis tool the center would use. The tool already has gone through some initial testing, and the center has received comments and feedback to guide modifications.

Although the tool's development is taking longer than expected because of the modifications, "it will be a better process with these changes we are making," McDonald said. Officials hope to have full pilot testing in January, and a fully functional tool by 2004, she said.