Volume 16, Number 1, March 2000
By Nancy Laubenthal and Anthony Russo
The NASA Incident Response Center (NASIRC) is located at Goddard Space Flight Center (GSFC) in Building 28. NASIRC researches, coordinates, and responds to all reported NASA computer and network security incidents resulting from unauthorized probes, intrusions, and system compromises. The Space Sciences Data Operations Office (SSDOO) manages NASIRC as a NASA-wide support contract. In October 1999 NASIRC moved to GSFC Building 28 from its off-site location, enabling a closer working relationship between the NASIRC federal team and the NASIRC contractor (Allied Technology Group, Inc.) staff.
Specific NASIRC duties include the technical evaluation, preparation and distribution of security alerts, notifications, patches, and fixes; the proactive sharing of information technology (IT) security information; the evaluation, development, and sharing of security tools and techniques; technical training related to incident detection, analysis, and handling; the coordination of agency-wide and national-level vulnerability notification; and incident response data via secure communications.
NASIRC's day-to-day operations are staffed by Allied Technology Group, Inc. This team consist of the following personnel: Anthony Russo, contract project manager; Tom Baxter, lead incident response coordinator; Michael Brice, incident response coordinator; Jacob Whiting, incident response coordinator; Patti Johnson, security analyst; Eric Scanlan, system administration UNIX/NT; Nathan Bagby, applications development; and Frank Husson, who serves as the Allied Technology group director.
The federal advisory role within NASIRC has been expanded to include the following GSFC SSDOO civil servants: Greg Goucher (NSSDC), federal project manager; Curtiss Barrett (NSSDC), secure incident lead; Richard Schneider, technical lead for NT security issues; and Nancy Laubenthal, leader of the NASIRC Forum for Incident Response Security Teams (FIRST) activities. The continuing federal team members include NASIRC Program Director Dr. James Green, Federal Inter-Agency Liaison Richard Carr of NASA Ames Research Center (who is located on site at GSFC), and the Contracting Officer's Technical Representative (COTR) Dr. Roger Dilling.
Within the past nine months NASIRC's role has been expanded in a number of areas. NASIRC has further enhanced existing collaborations with other NASA Field Centers and has established new collaborations with other federal agencies and national-level computer incident coordinating authorities. For example, Memorandums of Agreement have been signed between NASIRC and the NASA Integrated Services Network (NISN) team at Marshall Space Flight Center and between NASA and the national-level Federal Computer Incident Response Capability (FedCIRC). NASIRC is augmenting its incident reporting capability with the development of an on-line incident reporting Web application. NASIRC responsibilities are being expanded to handle classified incidents.
NASIRC operated on heightened alert over the Year 2000 transition period from December 31, 1999, through January 3, 2000. During this short time period the NASIRC staff handled 150 reported incidents (hostile probes, scans), three of which were verifiable system compromises.
Communications among all of the NASA Centers was outstanding and allowed for near-real-time incident reporting and response. NASA Field Centers are expected to continue this heightened level of IT security awareness, proactive incident reporting, and interactive communications on an ongoing basis in the future.
In the first two months of calendar year 2000, NASIRC has seen a significant rise in the number of incidents being reported from agency-wide sources and is experiencing a substantial increase in the number of bulletins, memos, and alerts issued. As of February 28, 2000, NASIRC had produced over 180 Alerts, Bulletins, and Vendor Releases as compared to a total of 275 for the entire year of 1999.
In a typical week it is not unusual for NASIRC to receive over one thousand security incident reports of IT security activities involving NASA Field Centers. This elevated reporting stems from a combination of elements that include an overall increase in the number of international hostile sites, hackers, and other threat and vulnerability risk factors. The vulnerabilities being exploited include a wide range of both UNIX and Windows NT security issues.
As the critical need for enhanced IT Security measures continues to become a NASA priority, NASIRC's technical support and administrative coordination roles in the agency-wide IT security arena continue to grow at an astounding rate. Visit NASIRC today at http://www-nasirc.nasa.gov.
NASA home page GSFC home page GSFC organizational page