Net Attack Warning System Proposed

The U.S. National Communications System plans to develop a Global Early Warning Information System to monitor the performance of the Internet and warn government and the industry of threats that could degrade service, such as denial-of-service attacks against the Domain Name Servers that control Internet traffic.

The plan was outlined at a meeting last week of the Federal Wireless Users Forum in Las Vegas, just before an apparent attack of exactly that type.

Brenton Greene, deputy director of the National Communications System (NCS), said the agency wants to use this Global Early Warning Information System (GEWIS, pronounced "gee-whiz") to monitor the "whole performance of the Internet," starting with the 13 high-level Domain Name Servers. It would provide early warnings not only to government Internet users, but also to operators of e-commerce Web sites.

Surveillance Role

The NCS was established in 1962 in the wake of the Cuban missile crisis to improve communications coordination among federal agencies. In 1984, President Reagan expanded its mission to include management of national security and emergency preparedness communications among federal agencies and state and local authorities.

The NCS is co-managed by the White House and the head of the Defense Information Systems Agency, who is currently Air Force Lt. Gen. Harry D. Raduege Jr.

The communications agency wants to use GEWIS to "monitor the health of the Internet globally, looking for degradations in performance" and then providing warnings if necessary, Greene said. He specifically cited the performance of e-commerce sites as one of the parameters that GEWIS will monitor.

Given the growing reliance of the U.S. economy on the Internet, any degradation in service--or outright attack--is seen as a potential economic problem that could seriously affect e-commerce-related businesses.

Greene said the NCS plans to build GEWIS around existing Internet performance tools integrated into a cohesive suite that can provide a top-level view of system performance. The Internet has become an increasingly important communications tool for federal agencies, with even the Defense Department funneling much of its unclassified traffic over the same network used by individuals to send e-mail and surf Web sites.

Privacy Protected

Greene emphasized that GEWIS won't be designed to monitor specific traffic on the Internet, but rather to check on its overall performance and status. That includes status checks on overall topology and peering between servers.

He called GEWIS a "cyberwarning" tool, which could provide early indications of DNS flooding attacks and potentially catch viruses such as the Nimda worm or the Code Red virus, whose quick spread in 2001 plagued government and commercial Internet users. Greene said he believes GEWIS could have detected both Code Red and Nimda sooner if it had been in place.

John Pescatore, a Gartner security analyst, called GEWIS "a good idea, and NCS should be able to pull it off."

"GEWIS will be useful for early warning of attacks against the Internet's underlying structure, like DNS and big core routers and the like, which is a good thing, and needed," Pescatore said.

He predicted GEWIS would eventually allow for prioritization of traffic to protect parts of the Internet if there is an attack against the entire network.

"The Internet is very resilient, but when parts start to die there is no real rhyme or reason to how they go, and GEWIS could lead to a capability to try to keep important parts up while less important parts fail," Pescatore said. He doubts, however, that GEWIS could provide extra protection against virus proliferation, which is already well handled by companies such as Symantec and McAfee.com.

Warren Suss, an analyst at Suss Consulting who closely follows federal programs, agreed with Pescatore that in an era of growing cyberattacks against both government and commercial Internet systems, GEWIS "is absolutely needed."

Said Suss, "It will provide broader and more robust protection against attacks that could bring the nation to its knees."