rdp@SEI.CMU.EDU (Richard Pethia) (06/03/89)
ANNOUNCEMENT AND CALL FOR PAPERS
Invitational Workshop
on
Computer Security Incident Response
Sponsored by
National Institute of Standards & Technology
and
Software Engineering Institute
July 31 - August 1, 1989
Pittsburgh, Pennsylvania
Background: Recent incidents involving computer viruses and related
disruptions of computer systems and networks have highlighted a
national need for more comprehensive, responsive, and systematic
methods to prevent, detect, and respond to such threats. In
November, 1988, the Defense Advanced Research Projects Agency
(DARPA) established a special Computer Emergency Response Team
(CERT) with a Coordination Center (CERT/CC) at the Software
Engineering Institute (SEI) to respond to security incidents
involving the ARPANET/Internet. The National Institute of Standards
and Technology (NIST), with the cooperation of several agencies,
including the Department of Energy, Defense Communications Agency,
and National Computer Security Center, is working to develop a
cooperative network of similar centers, each serving a specific user
or technical constituency. As part of that effort, an invitational
Workshop on Computer Security Incident Response is being planned for
July 31 - August 1, 1989 at SEI facilities in Pittsburgh.
Workshop Objectives: The purpose of the workshop is to identify,
discuss, and help find solutions to the issues and problems that
will be involved in the operation of incident response centers.
Participation: The workshop will be conducted as a problem- solving
activity, not as a tutorial or training activity. (A
government-wide symposium on computer security incident response is
planned for late 1989.) Participation in this workshop will be by
invitation, with selection based solely on potential for
contributing to the objectives of the workshop.
Expected Results: In addition to the opportunity for the
participants to share ideas and approaches to the problems of
response center operation, the participants will prepare materials
for a set of proceedings to be published. These proceedings will
contain summaries of the workshop discussions and recommendations.
Structure and Format: Each participant will be assigned to a working
group to address a specific problem area. The goal of each working
group will be to define the scope of the problem area; identify
specific issues, problems, and other factors; and recommend specific
actions to address the issues and other follow-on actions relating
to the assigned topic area. The planned topic areas are the
following:
- Incident Handling - general and specific procedures and
other requirements to ensure effective handling of
incidents and reported vulnerabilities.
- Vendor Relations - the role and responsibilities of
vendors in incident prevention and follow-up, software
flaw correction, and other areas.
- Clearinghouse Activities - role, responsibilities,
requirements, and methods for the collection, control, and
dissemination of various types of information designed to
help prevent or respond to computer and network security
problems.
- Communications - requirements, implementation, and
operation of emergency and routine communications channels
among cooperating response centers.
- Legal and Criminal Investigative Issues - issues driven by
legal considerations and the requirements or constraints
resulting from the involvement of criminal investigative
organizations during an incident.
- Constituency Relations - response center support services
and methods of interaction with constituents, including
training and awareness, configuration management, and
authentication.
- Research Agenda and Interaction - identification of
existing research activities and requirements and
rationale for needed research relating to response center
activities.
- Model of the Threat - development of a basic model that
characterizes the threat and risk to help focus
risk-reduction activities and progress in those
activities.
- External Issues - factors which are outside the direct
control of individual response centers (e.g., legislation
or policy and procedural requirements), but which could
affect the operation and effectiveness of response center
activities.
Nomination Procedure: Participants will be selected by the Planning
Committee. Persons interested in participating should be able to
contribute to the problem-solving orientation of the workshop. Each
candidate must submit a short statement of qualifications and a
position statement (1-2 pages) discussing the issues relevant to one
or more of the problem areas and the candidate's approach to
addressing these issues. Nominations should be sent to:
Lisa Carnahan Kumar NIST
(301) 975-3362 A-216 Technology
csir@csmes.ncsl.nist.gov Gaithersburg, MD 20899
Upon selection, participants will be sent a confirmation package
with registration and other information. Each participant will be
assigned to a working group, and each will be expected to contribute
to the preparation of the final report on the group's activities for
the proceedings.
Costs: A charge of $65 per participant will be made to cover the
cost of administration, printing, mailings, breaks and lunches each
day, and a dinner on July 31.
Key Dates:
June 19 Applications for participation,
including position statements due.
July 3 Notice of Acceptance Mailed to
Participants
July 19 Participant Registration Cutoff
July 31 Workshop
Workshop Chairs
Dennis D. Steinauer Richard D. Pethia
N.I.S.T. Software Engineering Inst.
A-216 Technology Carnegie Mellon University
Gaithersburg, MD 20899 Pittsburgh, PA 15213-3890
(301) 975-3359 (412) 268-7739
steinauer@ecf.ncsl.nist.gov rdp@sei.cmu.edu