President's National Security Telecommunications Advisory Committee (NSTAC): Network Group Report [June 1999] [open pdf - 90KB]
"Since the last meeting of the President's National Security Telecommunications Advisory Committee (NSTAC) in September 1998, the Network Group (NG) has directed its efforts to four activities. Two of these activities involve the NG's ongoing responsibilities: facilitating the exchange of network security research and development (R&D) information between industry and Government and overseeing the NSTAC Network Security Information Exchange (NSIE). Discussions at NSTAC XX resulted in an additional tasking that has now been completed: examining how national security and emergency preparedness (NS/EP) operations might be affected by a severe disruption of Internet service. Lastly, in conjunction with the gap analysis effort by the Office of the Manager, National Communications System (OMNCS), NG members provided their individual perspectives on the Public Network (PN) Alternative Analysis Report developed by the OMNCS. R&D Exchange: The NG's network security R&D Exchange was held in collaboration with Purdue University's Computer Operations, Audit, and Security Technology Laboratory (COAST), the Institute of Electrical and Electronics Engineers (IEEE), and the Office of Science and Technology Policy (OSTP) at a workshop on security in large-scale distributed systems, held at Purdue University on October 20-21, 1998. The R&D Exchange addressed the growing convergence of telecommunications and the Internet, and methods for improving the collaboration among industry, Government, and academia on R&D efforts. NSIE: During the previous NSTAC cycle, the Government and NSTAC NSIEs sponsored a workshop on the insider threat to information systems and developed two white papers to provide background material for the workshop. The workshop offered an overview of the emerging insider threat and suggested measures organizations could take to reduce their vulnerability to it. During the current NSTAC cycle, the NSIEs developed an After-Action Report reflecting the insights that emerged from the workshop discussion so this material can be shared with a broader audience. The NSIEs also completed their 1999 Assessment of the Risk to the Security of the Public Network. Lastly, the NSTAC NSIE charter was amended to bring it in line with the way the NSIEs function. Internet Issue: Following discussion at NSTAC XX, the Industry Executive Subcommittee (IES) tasked the NG to examine how NS/EP operations might be affected by Internet failures over the next 3 years. At NSTAC XXI, the NG presented a status update of the problem and discussed data gathering efforts. The NG completed its report and has made recommendations to both the President and the NSTAC. Gap Analysis: As part of its effort to identify alternative PN telecommunications services that are partially or totally non-dependent on the PN during various levels of service impairment, the OMNCS developed a PN Alternatives Analysis Report. NG members were asked to consider the thoroughness of selected alternatives, consistency of evaluations, accuracy of information, and ease of understanding."
National Security Telecommunications Advisory Committee (NSTAC): http://www.ncs.gov/nstac/