Cyber Security Warning Network

█ JOSEPH PATTERSON HYDER

Communication is critical during a time of national crisis. Emergency personnel need the ability to communicate quickly and effective with their colleagues in other parts of the country. In wartime, generals must remain in close contact with commanders and troops in the field. In the computer age, all communications systems—telephones, cellular phones, email, and others–are intertwined. A cyberattack that takes down the Internet by attacking root servers would also have a profound effect on all forms of communications, which rely on switches and routers to relay signals. Therefore, a cyberattack coordinated with other terrorist attacks or occurring during wartime could have catastrophic effects on national security and the economy.

In 2001, the George W. Bush administration and emergency response officials began studying what would have happened if an attack on America's communication infrastructure had coincided with the September 11, 2001 terrorist attacks. The more important question, however, was how to stop such an attack. The result was the Cyber Warning Information Network (CWIN), part of Bush's National Strategy to Secure Cyberspace.

Although the CWIN is not fully operational as of 2003, one proposed function of the CWIN is to prevent cyberattacks. The CWIN will accomplish this by creating several industry specific workgroups, or Information Sharing and Analysis Centers (ISACs). Each ISAC will monitor Internet activity and cyberattacks on Web sites and Internet infrastructure within its sector. The government agencies, companies, and network security firms involved in that ISAC will then communication with each other on cyberattacks and increase security to prevent future attacks. IF action is taken quickly enough, an ISAC will be able to stop the spread of computer viruses before they strike important systems.

The Clinton administration developed the ISAC concept. Currently, ISACs exist for each of the following sectors: information technology, banking and finance, telecommunications, chemical, and energy. The Bush administration worked with government agencies and the private sector to develop ISACs for public transportation infrastructure, water treatment, and agriculture and food.

While the idea of sharing information about particular network security vulnerabilities in order to increase security for all interested parties was considered favorable, many private sector members have been slow to volunteer network and software security problems. The Freedom of Information Act covers the CWIN, so these organizations have shown hesitancy that any information shared with fellow ISAC members might become public. Until these companies receive a privacy guarantee from the government, CWIN will not function as effectively as intended.

The second major function of the CWIN will be to allow each ISAC to operate as an individual network, even if the entire Internet is damaged in a cyberattack. This will allow ISAC members to continue to exchange critical information if all other communications systems are down. The CWIN will accomplish this by establishing an independent IP network for each ISAC.

Critics have found flaws with the CWIN on both conceptual and organizational grounds. Detractors argue that in order for the CWIN to be effective, the private sector and network security professionals will have to play a major role. So far, the government has offered few incentives for the private sector to invest the money and labor necessary to accomplish this objective. The Department of Homeland Security has also concerned some of the private sector with a lack of commitment to the CWIN. Even after the unveiling of Bush's National Strategy to Secure Cyberspace program, which includes the CWIN, the DHS had not named a person to head the CWIN.

█ FURTHER READING:

ELECTRONIC:

MacMillan, Robert. "U.S. Heightens Cybersecurity Monitoring." washingtonpost.com < http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&# 0026;contentId=A46583–2003Mar18-Found=true > (18 March 2003).

SEE ALSO

Computer Fraud and Abuse Act of 1986
Computer Hackers
Computer Software Security
Computer Virus
Cyber Security
National Information Infrastructure Protection Act, United States