REPORT DOCUMENTATION PAGE Form Approved OMB No 074-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response including the time for reviewing instructions searching existing data sourceS gathering and maintaining the data needed and completing and reviewing this collection of information Send comments regarding this burden estimate or any other aspect of this collection of information including suggestions for reducing this burden to Washington Headquarters Services Directorate for Information Operations and Reports 1215 Jefferson Davis Highway Suite 1204 Arlington VA 22202-4302 and to the Office of Management and Budget Paperwork Reduction Project 0704-0188 Washington DC 20503 1 AGENCY USE ONLY Leave blank 2 REPORT DATE 3 REPORT TYPE AND DATES COVERED February 1997 Newsletter Vol 1 No 4 TITLE AND SUBTITLE 5 FUNDING NUMBERS Information Assurance Technology Newsletter 6 Information Assurance Technology Analysis Center 7 PERFORMING ORGANIZATION AND 8 PERFORMING ORGANIZATION REPORT NUMBER IATAC Information Assurance Technology Analysis Center 3190 airview Park Drive Falls Church VA 22042 9 SPONSORING I MONITORING AGENCY AND 10 SPONSORING AGENCY REPORT NUMBER Defense Technical Information Center DTIC-IA 8725 John J Kingman Rd Suite 944 Ft Belvoir VA 22060 11 SUPPLEMENTARY NOTES 128 DISTRIBUTION I AVAILABILITY STATEMENT Approved for public release distribution is unlimited 12b DISTRIBUTION CODE A 13 ABSTRACT Maximum 200 Words The IATAC newsletter is published on a quarterly basis This is the Inaugural Issue with article by Ron Hale who is the program manager In addition this issue contains the following Information Assurance The Road to 2010 Hottest Information Operations Course Around Information Assurance A Community Wide Challenge Conferences and Symposia IATAC Basic Services Contact Us Distribution Information 14 SUBJECT TERMS Information Security Information Assurance Information Operations 15 NUMBER OF PAGES 6 16 PRICE CODE 17 SECURITY CLASSIFICATION 18 SECURITY CLASSIFICATION 19 SECURITY CLASSIFICATION OF REPORT OF THIS PAGE OF ABSTRACT IFIED UNCLASSIFIED UNCLASSIFIED 20 LIMITATION OF ABSTRACT None mm 20001027 071 Information Assurance Technology IATAC is a Department of Defense Sponsored Information Analysis Center Information Assurance The Road to 2010 by Captain William Graveil USN Chief information Assurance Division The Joint Staff J6K I am delighted to have the opportu- nity to participate in the kickoff of this newsletter associated with the new Information Assurance Technical Analy- sis Center IATAC This initiative is yet another vehicle in support of the com- mon goal of the Joint Staff services and warfighters everywhere to achieve Information Superiority as described in Joint Vision 2010 The goal is ambitious and the required tech- niques and capabilities are largely unprecedented especially in the scaie required to face the security challenges of the next century For all these reasons we must embrace every opportunity to share with each other our thinking as well as our growing under standing of this enormous subject We in the Joint Staff Information Assurance Division J6K have always recognized the critical importance of training education and awareness in our IA implementation strategy In that regard I look forward to future issues of the Information Assurance Technology Newsletter as a source of information to bene t the broad IA community policy makers war ghters technologists and intelligence specialists My boss the Joint Staff Director for Command Control Communications and Com puter Systems C4 also known as the Continued on page 3 HOTTEST Information Operations Course Around by Joan Putman Program Analyst Programs in collaboration with Dr Fred Giessler Professor School of information Warfare Strategy National Defense University The Information Warfare Strategy course taught at the National Defense University NDU offers information warriors the inside story on what is happening in the Department of De- fense in information operations today This course is one of the hot- test educational opportunities currently being offered on this subject Classes are packed with a very diverse cross-section of government and military personnel In fact that is one of the of this course This course is held in a non-attributional forum where brie ngs and discussions are held a the Secret' level allowing for candid discussions observations and an open exchange of ideas from this comprehensive audience Students leave with much to ponder and a true realization of what other government entities are struggling to achieve The friendly rst name atmosphere promotes networking and career- influencing relationships that may serve to cross over traditional stovepipe attitudes of the past This very challeng ing course contains enough material to ll a course twice in length A vast amount of valuable printed material from past to present is generously supple mented to the continuous flow of seminar-like brie ngs which the stu- dents attend In addition there are lms strategy sessions and lively discussions Each attendee has the opportunity to share what their own Continued on page 2 Vol I No 1-February1997 Information Assurance A Community-Wide ChaHenge by Roger M Callahan Director for information Assurance Assistant Secretary of Defense for Command Control Communications and intelligence The enormous advances within the computer industry and the integration of that information technology within the Department of Defense DOD have brought heightened awareness to the challenge of assuring the availability and integrity of the information systems we have grown dependent upon These concerns have been well founded as we have seen an increase in the number and the levels of sophistication of attacks to information systems The bottom line is that we should not feel secure with our information environment The threats require action by the Infor- mation Assurance Community to promote awareness build consensus and provide direction for the defense of our information systems from exploitation The Assistant Secretary of Defense for Command Control Communications and Intelligence has taken an active role in Information Assurance These activities include policy develop- ment program oversight Major Continued on page 4 mm Welcome lnaugural Issue 2 Conferences and Symposia 4 Basic Services 5 Contacting Us 5 Distribution Information 6 On behalf of the Department of Defense DOD Information Analysis Center IAC Program and the Defense Technical Information Center i would like to extend a warm welcome to you for the Information Assurance Technology Analysis Center and the inaugural issue of Informa- tion Assurance Technology Newslet ter has been established to provide the Department of Defense with a central point of access for information on information Assur- ance emerging technologies in system vulnerabilities research and development models and analysis to support the development and imple- mentation of effective protection and defense of information and informa- tion systems of effective defense against Information Warfare attacks support to the Information Assurance community is provided by leveraging the expertise and capabili- ties of the entire Information Analysis Center IAC Program 000 Research Services lessons learned other Government Agencies and the latest Commercial technologies and tech- niques Integrated Sponsorship for is provided by the Director Defense Research and Engineering Assistant Secretary of Defense Command Control and Information Assur Technology news znce Communications Joint Staff National Security Agency NSA and the De- fense Information Systems Agency DISA Our rapidly advanc ing globally networked societies present many new challenges to our government military and private sectors As part of the world s most technically- advanced and technology-dependent alliance we are the most susceptible and perhaps the most vulnerable to attacks on our critical information infrastructures The global dimension of the networks on which we have come to depend further complicate the problem of achieving secure reliable and timely communications and information sharing across alliance coalition and bilateral boundaries in times of peacetime crisis and con ict support is provided via core operations and technical area tasks TATs Core operations consists of support to user inquiries library operations home page sustainment and data base operations Technical area tasks are separately funded efforts by a sponsoring agency that fall within the scope of but are not provided as part of the core operations iW W by Ronald E Hale Program Manager DOD information Analysis Centers The scope of the global network and its deepening penetration of our na- tions military governmental and com- mercial sectors draws our attention from several different perspectives identify- ing and characterizing critical informa- tion dependencies assessing and understanding the threat making arrangements for effective and secure information exchange and command control and communications between partners and outlining the challenges that we face as cooperating sovereign nations The need for emerging tech- nologies information to ensure our mutual security interests is among our highest national priorities Emerging technologies information is instrumental in protecting critical information re- sources and will help assure our ability to undertake coordinated military action in defense of our shared interests I encourage you to use to support your Information Assurance needs and requirements and include in your strategic planning has been established to support you the user so I invite you to access our web site data bases library and inquiry desk i d also like to solicit your feed- back on how we can best support your Information Assurance Needs Please send your comments to iatac- alx1@kaman com INTELINK-S http l 204 36 65 5 index html and for INTELINK- High irido iatac or to me directly at rhale@dtic mil HOTTEST Course organization is currently doing in Infor- mation Operations The courseware gets updated with each offering as briefers bring in the latest word on what is happening at all levels of government from the President's Commission on Infrastruc- ture to the operators in the field This valuable 5-day course is only offered four times a year and is generally open to infowarriors at the 68-12 through civilian level and Majors through Colonels military level Although others that apply if accepted may attend Information presented at the senior level Information Warfare Course is a consoli- dation of this class lasting only 2 days and offered only twice a year Target audience for this course is all Senior Executive Service SE8 civilians and military from 07 to 09 Flag Officers The senior level course is usually an exclusive group of about 20 individuals Dr Fred Giessler who energetically runs this class is also the Point of Contact If you are interested in attend- ing you can call 202 287 9330 ext 362 DSN 667 9330 ext 362 or e-mail giessler@ndu edu If accepted be prepared to be placed on a waiting list but this course is worth waiting for Information Assurance The Road to 2010 Continued from page 1 J6 is responsible to the Chairman of the Joint Chiefs of Staff CJCS for Informa- tion Assurance In this capacity the J6 provides policy guidance to the CINC's and operating forces establishes relationships with systems designers development agencies and commercial service providers to support the end- users and in coordination with other Joint Staff Directors provides support for joint training exercise and education initiatives Here in J6K we have been proactive in attempting to develop a broader understanding of and build consensus regarding a comprehensive joint approach toward Information Assurance We have done this by rst de ning the problem and developing an understand- ing of what needs to be done translat- ing those concepts into speci c actions and then bringing that understanding to a broad audience and enshrining that knowledge in policy In short we have concentrated on getting eevegyon on- board then r_igh_t plan The success of our efforts to date is reflected in the status of current initia- tives undenrvay within the Joint Staff and throughout the Department of Defense J6K is the Joint Staff lead in support to the President s Commission on Critical Infrastructure Protection pursuing a rigorous understanding of the vulnerabil- ity of critical information based infra- structures at the national level We provide support to CINC exercise and training efforts and are currently corn- pleting the rst Joint Doctrine for Infor mation Operations JP 3-13 in coordina- tion with other Joint Staff of ces In the more technical vein we are addressing interoperability issues associated with combined-force operations through the Combined Communications Electronics Board CCEB and other allied organiza- tions and J6K is also the'coordinating office for the Electronic Key Manage- ment System EKMS now entering use With US forces and soon with key Allies aswelI J6K supports the Command and Control C2 Joint War ghting Capabili- ties Assessment JWCA which ad- tems ance we are focused on developing infrastructure Law a Pellet Technology Joint Pub 3-13 dresses hardware software and technoiogy issues related to C4 sys- ln our eld of Information Assur- strategies and technological approaches to long-standing and complex issues such as Multi-Level Security and risk- management Closeiy related to that is a recentiy initiated Advanced Concept Technology Demonstration ACTD entitled Information Assurance Auto- mated Intrusion Detection Environment IAAIDE Its objective is to develop an in-depth integrated environment for information defense using state-of the art technologies for intrusion detection attack detection and warning This approach will avoid dependence on a single technology concentrate on seeking interoperability across organiza- tional and system boundaries and actively engage almost all CINC's with as the designated sponsor services defense agencies and several federal laborato- ries We are very excited about this new initiative and look forward to working with the broad IA community in pursuit of interoperable solutions to our com- mon needs in this area In any discussion of the work of J6K we must acknowledge our extensive and serious participation in several projects focused on understanding and preparing for the national security future we all face Following the lead Technology Doctrine Organization we are actively working to retain the military effectiveness we will need to prevail against the nontraditional opponents strategies and mission scenarios which the next century may bring In that regard we are fully involved in larger Joint Staff initiatives such as the Quadrennial Defense Review and efforts to combat terrorism We hope to bring to those projects our unique perspective on information and information-based technologies in terms of both their vulnerabilities and the opportunities provided by full use of their capabilities Information Assurance is critical to the success of our current and future war ghting efforts The Road to 2010 will be not be paved by a single organi- zation or guided by the production of any single plan or policy The most casual examination of the distributed ownership and equities associated with Information Assurance will convince anyone that is not the model The journey begins with a broad awareness that everyone has a stake and as such we will achieve the required capability through cooperative efforts from the entire engaged community We in the Joint Staff Information Assurance Division look forward to meeting you as fellow travelers along that road and in the pages of future issues of the Information Assurance Technology Newsletter ASSURANCE Information Assurance Defined A Community Wide Information Operations that protect and defend Challenge information and information systems by ensurIng their availability integrity authentICation confi- Automated Information Systems Review Committee or MAISRC and the estab- dentiality and non- -repudiati0n This inc IUdes pro Iishment of standards and practices An viding for the restoration of information systems example of some recent policy initiatives isthe 3168360wa Directive 3600 1 by incorporating protection detection and reac information Operations which provides - tion capabilities' ffe n'tt'f i ' format'on suraf cfe- - DOD Directive 3600 1 Information Operations orma Ion ssurance are 059 In orma- December 9 1996 tion operations that protect and defend information and information systems by ensuring their availability integrity group called the Information Assurance have been formed to address critical IA authentication con dentiality and non- Group IAG to function as a Steering issues These groups include Policy repudiation This includes providing for Group for Information Assurance 1A Computer Emergency Response Team the restoration of information systems by The membership of the IAG is comprised CERT Operations Education Training incorporating protection detection and of the Services Joint Staff Intelligence Awareness and Professionalization reaction capabilities Community and Defense Agencies Tools and Multi Level Security has established a working Within the IAG several working groups Training and education are funda- Information Warfare March 13 -14 1997 City Marriott Arlington VA information 310 534-3922 Southeast C4l Biennial Conference and Exposition Global Information Society The Warfighters Perspective sponsored by AFCEA Tampa-St Petersburg Chapter March 18 - 20 1997 Tampa Convention Center Tampa POC J Spargo Associates inc 703 631 6200 Dixie Crow Symposium Theme Information and Electronic Warfare Their Impact Upon Battle eld Technology As we Pass Into the 21st Century March 24 27 1997 Warner Robins Air Force Base Museum of Aviation Warner Robins POC Mike Salis 912 923-4266 1997 Sea-Air-Space Systems 8 Technology Exhibition March 24 27 1997 Sheraton Washington Hotel Washington POC 703 318-0300 AFCEA Spring Intelligence Symposium April 9 - 10 1997 Washington DC POC AFCEA intelligence Department 703 6316238 or 800 336-4583 ext 6238 Fiesta Crow 97 Symposium and Exhibits - Theme Military Operations in the Information Age April 20 - 23 1997 Henry B Gonzaiez Convention Center San Antonio TX POC Milton Driggers 210 5228207 6th UNIX Systems Administration Networking and Security Conference April 21 - 26 1997 Baltimore For Information Call 714 588-8649 Joint C4ISR Symposium DOMINANCE FOR THE FORWARD DEPLOYED April 22 - 24 1997 San Diego CA POC Dr Bob Kolb 619 553 3010 or Jan Renninger 619 592 3709 a mental and an essential ingredient for all Information Assurance efforts An adversary only has to nd a single vulnerability that he or she exploits whereas those defending the system must defend against all the vulnerabili ties and know how to react and recog- nize attacks On Line Survey OLS testing and vulnerability assessment results highlight these vulnerabilities they re known and the solutions to those vulnerabilities are known yet they continue to reappear It s a training and education issue that needs to be ad- dressed and has initiated a department-wide assessment for IA training and education The lacks a consistent or uniform practice for Information Assur- ance This is somewhat of a cultural issue that will need the commitment of everyone within an organization to address The leadership must recognize the importance of the organization's information systems and provide the resources both in personnel and fund- ing to assure the availability and integrity of those systems The Assistant Secretary of Defense for Command Control Communications and Intelligence is committed to Informa- tion Assurance That commitment has been demonstrated by it's sponsorship along with the Joint Staff Director J6 of the Defense Science Board Report on information Warfare - Defense the creation of the Information Assurance Group IAG and subgroups and the allocation of resources to address this critical requirement Information Assur- ance is a community-wide problem It will require a community-wide and compre- hensive approach if we want to assure the availability and integrity of our critical information systems and networks To this end is working closely with the Information Assurance Community to build consensus promote awareness develop new policy and improve IA training and education 9 IATAC BASIC SERVICES The Information Assurance Technology Analysis Center IATAC provides a variety of services as a part of core operations These services include support for user inquiries analysis operation of the Information Assurance IA library the development of IA data bases and the generation of products and services Newsletter Technical Reports For more information on available services please contact the IATAC staff contact information provided on back cover An overview of the available IATAC data bases is provided below Bibliographic The Bibliographic data base contains information on holdings resident in the Information Assurance library In addition the Bibliographic data base maintains citations to Information Assurance-related articles available in the open media Vendor The Vendor data base maintains corporate information on companies that serve the Information Assurance Community This data base is oriented toward product information rewalls anti-virus tools available to the community The type of information maintained includes name of company address point-of- contact telephone number production name version and hardware and soft- ware platforms Security Alerts The Security Alerts data base contains virus and system vulnerabilities for computer operating systems Information stored in the Security Alerts data base includes system platform type of vulnerability or virus and recovery patch A copy of the complete announce is contained in the data base as well as key- words for search capability Web Sites The Web Sites data base maintains URL addresses for pertinent web sites germane to Information Assurance technology The data base lists the URL address and a description of the site The purpose of the data base is to provide users with a quick reference for Information Assurance-related sites Training Conferences The Training 8 Conferences data base provides detailed information on Information Assurance training courses and conferences This data base can be searched according to location or date Information Assurance Technology Newsletter Vol 1 No 1 IATAC a Sponsored Informa- tion Analysis Center IAC is adminis tratively managed by the Defense Technical Information Center DTIC under the IAC Program Inquir ies about capabilities products and services or comments regarding this publication may be addressed to Telephone 703 329-7337 Robert P Thompson Facsimile 703 329-7197 Director IATAC 703 329-3940 2550 Avenue Facsimile 703 329-7106 Alexandria VA 22303 1403 e mailz Corn 703 329 7337 Fax 703 329_7197 Eamaij iatac alx1@kamanacom nte ink SI URL Intelink El CHANGE ME as noted below ADD ME SEND IATAC TECHNICAL AREA TASK INFO Government Name Title Company Organization Address City State Zip Country Phone Fax DSN E-mail SERVICE Contractor El USAF USN USA El USMC El OSD CLIP SEND TO yam IW I4 Technology Analysis Center Technology Newsletter welcomes ATTN Christina Wright input from our readers on a wide 2560 Huntington Avenue variety of levels To submit photo- Alexandria VA 223034 403 graphs related articles notices FAX 703 329-7197 feature programs or ideas for future issues please use address fax or e-mail as noted e-mail iatac-alx1-kaman com Information Assur nce Technolo- 2560 Huntington Ave Alexandria VA 22303 1403