National Cyber Alert System Stumbles on Warning

By Larry Seltzer  |  Posted 2004-02-10 Print this article Print

The Feds new cyber alert service aims to be the authoritative source for computer security issues. Too bad its first alert proved such a blunder.

When your team fumbles the opening kickoff its tough to be psyched about the game. Thats what our security team—the new National Cyber Alert System—did last week. You may recall that, with MyDoom.A at its peak, the Department of Homeland Security announced a new security alert system. The system includes four security notification services, including Technical Alerts, which appears to provide more technical information than the others. These services were partly created as part of a partnership between DHS and the CERT Coordination Center (CERT/CC) at the Carnegie Mellon University and are now part of the US-CERTs Technical Cyber Security Alerts.

I recall wondering during the press conference announcing the National Cyber Alert System exactly what would be new and valuable about the Dept. of Homeland Security taking charge of this duty? After all here are a large number of private alert services from security software companies, analyst firms and various non-governmental organizations.
My philosophy is to subscribe to a lot of these services; since if one is quicker on a particular attack than the others, Im covered. After the press conference I subscribed to all the groups new lists. After all, one would think that with DHS backing as well as new funding and lab facilities, we could expect authoritative results.

Indeed, the announcement promised "more information about more topics than before" while "we will maintain the same high quality control standards, edit content for security and privacy, and work to ensure technical accuracy as well as timeliness."

None of this was on my mind when, on February 2, I received a message with the subject line "US CERT Technical Alert TA04-028A MyDoom.B Rapidly Spreading." I glanced at the sender and found that it was the first message from the National Cyber Alert System.

Some of you may have noticed the main problem that caught my attention: "MyDoom.B Rapidly Spreading". Huh? Rapidly? By the time I received this message it was already abundantly clear, as I reported in a column at that time, that MyDoom.B wasnt spreading anywhere. To this day I havent found an antivirus vendor that claims to have found more than a trivial amount of this worm. MessageLabs reports "about 200 cases," while Trend Micro still counts just 10.

So what was CERT/DHS talking about? Clearly they realized the mistake they made, because later versions of the alert, including the current one, dont make the claim about rapid spread of the worm. From my conversations with US-CERT officials, it sounds to me as if the group was misinformed by one of its sources. Next Page: Stick to the Facts, Please

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel