CERT to Ease Sharing

Project will enlist ArcSight to deliver real-time security data.

In an effort to jump-start various bedraggled security information-sharing efforts in the IT industry, the CERT Coordination Center and several universities this week will announce a project that will allow for real-time data sharing and analysis among remote organizations.

If the project is successful, it could be used as a model for data-sharing initiatives in the government and private sector.

Known as the Cyber Security Information Sharing Project, the new collaboration is a sharp departure from the way unaffiliated organizations now share information.

Currently, businesses or individuals wanting to inform CERT of a security incident or vulnerability have to fill out a form on the centers Web site or call an 800-number and then wait for an answer. This can lead to slow responses to situations that require urgent action. CERT officials said they hope that will all soon change.

"Were trying to move beyond talking and do something that identifies what the issues are and provides solutions to problems," said Richard Pethia, manager of the Software Engineering Institutes Survivable Systems Initiative and director of the CERT CC. "We want to promote the use of standards to share data. The future of widespread information sharing will depend on this."

A key part of the project is ArcSight Inc.s namesake security event management software, which will be installed at each participating site. Which universities will participate in the CSISP has yet to be determined, CERT officials said.

The ArcSight softwares new distributed architecture will enable each participating school to act as a data-collection end point and funnel attack data directly to the CERT CC at Carnegie Mellon University, in Pittsburgh.

CERT specialists will then be able to dissect and analyze the data. The CERT team will also have the advantage of being able to correlate information coming from all three end points, giving team members the ability to look for similar attacks or other patterns across the participating organizations. That data can then go into the CERT database and be made available to other organizations.