rdp@SEI.CMU.EDU (Richard Pethia) (06/03/89)
ANNOUNCEMENT AND CALL FOR PAPERS Invitational Workshop on Computer Security Incident Response Sponsored by National Institute of Standards & Technology and Software Engineering Institute July 31 - August 1, 1989 Pittsburgh, Pennsylvania Background: Recent incidents involving computer viruses and related disruptions of computer systems and networks have highlighted a national need for more comprehensive, responsive, and systematic methods to prevent, detect, and respond to such threats. In November, 1988, the Defense Advanced Research Projects Agency (DARPA) established a special Computer Emergency Response Team (CERT) with a Coordination Center (CERT/CC) at the Software Engineering Institute (SEI) to respond to security incidents involving the ARPANET/Internet. The National Institute of Standards and Technology (NIST), with the cooperation of several agencies, including the Department of Energy, Defense Communications Agency, and National Computer Security Center, is working to develop a cooperative network of similar centers, each serving a specific user or technical constituency. As part of that effort, an invitational Workshop on Computer Security Incident Response is being planned for July 31 - August 1, 1989 at SEI facilities in Pittsburgh. Workshop Objectives: The purpose of the workshop is to identify, discuss, and help find solutions to the issues and problems that will be involved in the operation of incident response centers. Participation: The workshop will be conducted as a problem- solving activity, not as a tutorial or training activity. (A government-wide symposium on computer security incident response is planned for late 1989.) Participation in this workshop will be by invitation, with selection based solely on potential for contributing to the objectives of the workshop. Expected Results: In addition to the opportunity for the participants to share ideas and approaches to the problems of response center operation, the participants will prepare materials for a set of proceedings to be published. These proceedings will contain summaries of the workshop discussions and recommendations. Structure and Format: Each participant will be assigned to a working group to address a specific problem area. The goal of each working group will be to define the scope of the problem area; identify specific issues, problems, and other factors; and recommend specific actions to address the issues and other follow-on actions relating to the assigned topic area. The planned topic areas are the following: - Incident Handling - general and specific procedures and other requirements to ensure effective handling of incidents and reported vulnerabilities. - Vendor Relations - the role and responsibilities of vendors in incident prevention and follow-up, software flaw correction, and other areas. - Clearinghouse Activities - role, responsibilities, requirements, and methods for the collection, control, and dissemination of various types of information designed to help prevent or respond to computer and network security problems. - Communications - requirements, implementation, and operation of emergency and routine communications channels among cooperating response centers. - Legal and Criminal Investigative Issues - issues driven by legal considerations and the requirements or constraints resulting from the involvement of criminal investigative organizations during an incident. - Constituency Relations - response center support services and methods of interaction with constituents, including training and awareness, configuration management, and authentication. - Research Agenda and Interaction - identification of existing research activities and requirements and rationale for needed research relating to response center activities. - Model of the Threat - development of a basic model that characterizes the threat and risk to help focus risk-reduction activities and progress in those activities. - External Issues - factors which are outside the direct control of individual response centers (e.g., legislation or policy and procedural requirements), but which could affect the operation and effectiveness of response center activities. Nomination Procedure: Participants will be selected by the Planning Committee. Persons interested in participating should be able to contribute to the problem-solving orientation of the workshop. Each candidate must submit a short statement of qualifications and a position statement (1-2 pages) discussing the issues relevant to one or more of the problem areas and the candidate's approach to addressing these issues. Nominations should be sent to: Lisa Carnahan Kumar NIST (301) 975-3362 A-216 Technology csir@csmes.ncsl.nist.gov Gaithersburg, MD 20899 Upon selection, participants will be sent a confirmation package with registration and other information. Each participant will be assigned to a working group, and each will be expected to contribute to the preparation of the final report on the group's activities for the proceedings. Costs: A charge of $65 per participant will be made to cover the cost of administration, printing, mailings, breaks and lunches each day, and a dinner on July 31. Key Dates: June 19 Applications for participation, including position statements due. July 3 Notice of Acceptance Mailed to Participants July 19 Participant Registration Cutoff July 31 Workshop Workshop Chairs Dennis D. Steinauer Richard D. Pethia N.I.S.T. Software Engineering Inst. A-216 Technology Carnegie Mellon University Gaithersburg, MD 20899 Pittsburgh, PA 15213-3890 (301) 975-3359 (412) 268-7739 steinauer@ecf.ncsl.nist.gov rdp@sei.cmu.edu