The Energy Research Community's Requirements of CIAC Bob Aiken (DOE/OER/SCS) November 26, 1990 - ER requires workshops, to be scheduled as needed, for all interested ER program managers and field technical representatives, especially the ESCC and ESSC. The initial workshop will cover the topics of incident handling and sound system management, vis a vis security, for VMS and UNIX systems. A brief overview of recent viruses, trojan horses, worms , and other attacks should be presented along with any known patches or fixes. This initial workshop should be scheduled and held within the first quarter of 1990. Subsequent meetings will address any new incidents and information pertaining to securing the sites' hosts and networks. Since the ESCC meets three times a year it would make sense to have CIAC attend these meetings and conduct the workshops either before, after, or during the ESCC meetings, depending on ESCC preference. - ER requires immediate notification for all ESCC, ESSC and EDWG members (plus all other ER people who wish) of any incidents. This includes the situation where the attack is currently aimed at non-DOE systems and/or a single 1 DOE site. The notification process should be established jointly by the CIAC and the ESCC membership. ER requires timely notification of the Scientific Computing Staff when attacks on Internet or ESnet sites is expected or in progress. - ER requires an advising capability to the ESCC Security working group which is currently tasked with generating both a DECNET and IP site security document. ER also requires that pertinent security related information, such as information gleaned from LISTSERVers and security conferences, be forwarded to interested ER personnel. - The ER community requires assistance to determine and validate tools for the detection and deterrence of attackers. Software produced and/or concepts realized from a liaison with an ER site must credit that ER site and adhere to all pertinent patents, copyrights, and U.S. and DOE guidelines on technology transfer. ER SCS concurrence is required on potential technology transfer ventures involving ER sites. - ER requires access to a database of all known security problems and appropriate patches. Such a database should be made available to ESCC members via internet network connections. The information cannot be classified or protected such that the ER community cannot easily access it via standard network protocols. - ER requires adequate documentation of Incident Handling Guidelines and other pertinent security incident materials for all ESSC,ESCC, other ER technical and program managers as requested. - ER requires technical security incident handling assistance, as requested, during perceived or apparent attacks. This may include a liaison activity with appropriate law enforcement agencies (eg. FBI) such that the site or center technical representatives may determine to monitor the attacks or block access to the intruder. - ER requires that the CIAC activities and accomplishments be reviewed by the ESCC at a minimum of once per year. The ESCC will use an appropriate working group for this task. The form of the review will be worked out by CIAC and the ESCC.