functions provided by SRI through the Network Information Center (NIC) that has served Milnet users but was not set up to address security problems. Interestingly, the SSC was launched after DARPA's CERT in recognition of the fact that there was no central clearing-house to coordinate and disseminate security-related fixes to Milnet users (DCA, 1989).

  • The Computer Incident Advisory Capability (CIAC): This capability was established by Lawrence Livermore National Laboratory to provide CERT-type services for classified and unclassified computing within the Department of Energy (DOE). The scale of DOE computer operations and attendant risks provided a strong motivation for an agency-specific mechanism; the DOE community has over 100,000 computers located at over 70 classified and unclassified sites. Like the Defense Communications Agency, DOE saw that a "central capability for analyzing events, coordinating technical solutions, ensuring that necessary information is conveyed to those who need such information, and training others to deal with computer security incidents is essential." DOE was able to draw on an established research capability in the computer security arena, at Lawrence Livermore National Laboratory (Schultz, 1990).

Because of the rapidity with which computer pest programs can spread both within the United States and worldwide, it is vital that such efforts be well informed, coordinated with one another, and ready to mobilize rapidly in emergencies. Note that none of these systems has yet been tested with a full-scale emergency on the scale of the Internet worm.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement