IAnewsletter

This free quarterly publication features timely articles from the IA community. These articles are solicited from such organizations as OSD/Joint Staff, the Combatant Commands, Services, Systems Commands, Government R&D Labs and Academia. Each issue also features regular columns from the DoD CERT and the JTF-GNO. New products are described and an order form is also included. Go to our Products page for more information. You may subscribe to the newsletter using the Product Request/Technical Inquiry Form. If you would like to contribute to the newsletter click here for more instructions.

Print versions of the IAnewsletter are available directly from IATAC by completing the Product Request/Technical Inquiry Form; it is unlimited distribution.

Keyword search:

Volume 12 Number 3 Title: Overcoming Cyber IA Challenges Through Better IA Policy Development and Implementation Overview: This article explores how the Assistant Secretary of Defense for Networks and Information Integration/DoD Chief Information Office (ASD(NII)/DoD CIO) successfully combined an enlightened IA Certification and Accreditation (C and A) policy and strategy, an active configuration control and management process, and Web 2.0 technology to produce a flexible IA cyber policy that has already proven itself an effective vehicle for meeting, and proactively addressing, the IA C and A challenges of DoD's increasingly complex cyber environment. Also Inside: - Achieving Information Assurance with eMASS - Subject Matter Expert - Ask the Expert - "Cyber-War" Simulation Reveals Need for Collaboration - Wanted: Engaged Information Security Professionals for Compliance and Damage Control - IATAC Spotlight on University - Identifying and Characterizing Instant Messaging Authors for Cyber Forensics - DoDTechipedia Happenings - Anatomy of a Structured Attack     Volume 12 Number 2 Title: DoDTechipedia... A Way to Collaborate Overview: DoDTechipedia is a wiki, designed by the Department of Defense (DoD), that facilitates increased communication and collaboration among DoD scientists, engineers, program managers, acquisition professionals, and operational warfighters. Also Inside: - IATAC Spotlight on Research - AFCYBER (P) Way Ahead - Ask the Expert - There and Back Again - Subject Matter Expert - Using Technology to Combat Data Loss--What It Can Do, What It Can't - Cyber Security and Information Assurance Metrics State-of-the-Art Report - The Evolving Domain of Cyber Warfare: An Update - IATAC Spotlight on University - Paranoid: Global Secure File Access Control System - Information Assurance Risk Assessment (IARA) - Defense in Breadth     Volume 12 Number 1 Title: Making GIG IA Architecture Real with AFG Overview: AFG provides templates, guides, and a methodology, to make GIG IA Architecture v1.1 understandable and actionable at the acquisition program level. AFG is useful to acquisition program Informartion System Security Engineers (ISSEs), other IA professionals, and Program Managers desiring to integrate GIG IA guidance in their solutions. Also Inside: - IATAC Spotlight on Education - Subject Matter Expert - The Insider Threat to Information Systems--An IATAC State-of-the-Art Report - Army, Navy, Air Force, and Cyber--Is it Time for a Cyberwarfare Branch of Military? - Ask the Expert - IA Implications for Software Defined Radio, Cognitive Radio and Networks - "Enabling," Web 3.0 - A Statechart Model of the Cross Domain Implementation Process     Volume 11 Number 4 Title: Phishing Warfare Against Armed Forces Overview: The problems with phishing persist. This scourge shows no sign of abating and will likely increase into the foreseable future. Warfighters are just as likely as any other group of individuals to be victims of a phishing attack. This article suggests that phishing Warfare Against Armed Forces (WAARF) will emerge as a new vector of information warfare. Also Inside: - IATAC Spotlight on Research - IATAC Spotlight on Education - An Innovative Computer Forensic Technique for Recovering Deleted Files from Macintosh Computers - Ask the Expert - The EPOCHS Project - Cyber Defense Branch Takes Part in NSF Workshop in Beijing - Incorporating Flow-Based Behavioral Analysis Inside Agency Networks     Volume 11 Number 3 Title: Guarding the Cybercastle in 2020 Overview: The DoD has recently refocused its formal definition of cyber as "a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers," consistent with Presidential cyber security policy. Also Inside: - IATAC Spotlight on Faculty - Securing the Converged Enterprise, Part 2--Network Defense-in-Depth Architectural Considerations - Common Criteria Testing Continues to Improve of Security of IA Products - IATAC Spotlight on Education - DoD EWIA/CND ESSG Technical Advisory Group (TAG) - So You Say You Want a Penetration Test...     Volume 11 Number 2 Title: Defining the GIG Core Overview: The Global Information Grid (GIG) is a large, complex undertaking that is intended to integrate virtually all information systems, services, and applications in the US Department of Defense (DoD) into one seamless, reliable, and secure network. This article discusses two architectural options for constructing the core of the GIG: striped core and black core. Also Inside: - Tomorrow Night - Electronic Voting Security - IATAC Spotlight on Faculty - Recent Developments in Cyberlaw - IATAC Spotlight on Education - Securing the Converged Enterprise, Part 1 - Ask the Expert     Volume 11 Number 1 Title: Network Risk Assessment Tool (NRAT) Overview: We live in an information-centric age where seemingly every aspect of our existence is inextricably dependent on the services of information systems. These systems provide integral support to financial institutions, commercial enterprises, critical infrastructure systems, medical care, public safety, and military operations. Also Inside: - Ask the Expert - Improving the Cyber Incident Damage and Mission Impact Assessment - Virtual Patching - IATAC Spotlight on Education - IATAC Spotlight on Faculty - NIST Publications: Guidance to Improve Information Security     Volume 10 Number 4 Title: Information Assurance for the Net-Centric Environment: Making the Mission Possible Overview: DoD defines the NCE as a joint force framework for full human and technical connectivity and interoperability?one that allows all DoD users and mission partners to share the information they need, when they need it, in a form they can understand, and act on with confidence. Also Inside: - GIG Performance Assessment Framework - ForNet: Network Forensics for Detecting Stealthy Attacks - Accurate Application-Specific Sandboxing for Win32/Intel Binaries - University of Maryland University College (UMUC) Security Studies Laboratory - IATAC Spotlight on Research: University of Maryland - IATAC Spotlight on Subject Matter Expert (SME): Mary Linda Polydys - Ask the Expert     Volume 10 Number 3 Title: Implementing Internet Protocol Version 6 (IPv6) on an Army Installation Overview: Implementing Internet Protocol Version 6 (IPv6) on an Army Installation - The challenge of implementing IPv6 into an Army network comes from two conditions placed upon the Department of Defense (DoD) by the US Congress: Do No Harm and IPv4 Parity. Also Inside: - Implementing Internet Protocol Version 6 (IPv6) on an Army Installation - A Qualia Framework for Awareness in Cyberspace - US-CERT: America's Cyber Watch and Warning Center - Executing the CND Data Strategy within the NetOps Community of Interest - 8th IEEE Information Assurance Workshop - A Decade of Air Force and Academic Collaboration Toward Assuring Information - IATAC Spotlight on Research: Idaho State University - IATAC Spotlight on Subject Matter Expert (SME): Dr. Corey Schou - Ask the Expert     Volume 10 Number 2 Title: System Engineering for the GIG: An Approach at the Enterprise Level Overview: The GIG is an ambitious undertaking that is fundamental to network-centric warfare. We have established and enterprise process to apply systems engineering discipline to the decisions that need to be made to make the GIG a reality. Also Inside: - Software Agent Technology - Enabling Mission Critical Operations Through Mature Implementation - CyberCIEGE: An Information Assurance Training and Awareness Video Game - DISA Partnership Conference - IATAC Spotlight on Research: George Mason University - IATAC Spotlight on Subject Matter Expert (SME): Dr. XinYuan (Frank) Wang - Ask the Expert     Volume 10 Number 1 Title: Look out! It's the fuzz Overview: Software fuzzing is a relatively new software auditing technique responsible for finding many of the bugs and security vulnerabilities found in utilities, software applications, and network protocols. To understand what fuzzing is, we need to understand how fuzzing originated. Also Inside: - An IATAC/DACS State-of-the-Art-Report on Software Security Assurance - The Morphing of a Cyber Operations Curriculum at the Air Force Institute of Technology (AFIT) - ESSG - Ask the Expert: IANETSEC - 6th Annual Department of Defense (DoD) Cyber Crime Conference - IATAC Spotlight on Research: Purdue University - IATAC Spotlight on Subject Matter Expert (SME): Researchers at CERIAS     Volume 9 Number 4 Title: Phishing: Fraud for the 21st Century Overview: Phishing refers to a new form of cyber crime that is quickly gaining popularity. During the past several years, there has been a steady increase in the use of online financial services for everything from paying utility bills to conducting banking and brokerage transactions. Also Inside: - Verifying Network Intrusion Detection Alerts - Data Integrity and Proof of Service in BitTorrent-Like P2P Environments - An Overview of Voice over Internet Protocol (VoIP) - Countering DDoS Attacks with Multi-Path Overlay Networks - IATAC Spotlight on Research: University of California, Davis (UC Davis) - IATAC Spotlight on Subject Matter Expert (SME): Dr. Matt Bishop     Volume 9 Number 3 Title: Generating Policies for Defense in Depth Overview: In 2002, DARPA challenged the research community to design and demonstrate an unprecedented level of survivability for an existing DoD information system by combining Commercial-Off-The-Shelf (COTS) technologies with those developed by DARPA. Also Inside: - A Virtual Environment for Safe Vulnerability Assessment (VA) - Black Hat and DEFCON - Efficient Path Authentication for Border Gateway Protocol (BGP) Security - 7th Annual IEEE Information Assurance Workshop (IAW) - Significant New Developments in Cyberlaw - ESSG Corner - Digital Forensics Education at the Air Force Institute of Technology (AFIT) - IATAC Spotlight on Research: University of New York at Stony Brook (SUNY-SB) - IATAC Spotlight on Subject Matter Expert (SME): Dr. Tzi-cker Chiueh     Volume 9 Number 2 Title: SAMATE's Contribution to Information Assurance Overview: There is far too much software in today's information world to check manually. Even if people had the time to inspect thousands or millions of lines of code, nobody could remember all the constraints, requirements, and imperatives to make sure the software is secure. Automated tools are a must. Also Inside: - Sensitive Data Anonymization - Removing Security through Obscurity from Software Watermarking - Vulnerability Analysis of J2ME CLDC Security - A Survey of Graphical Passwords - IATAC Spotlight on Research: Georgia State University - IATAC Spotlight on Subject Matter Expert (SME): Dr. Ying Zhu     Volume 9 Number 1 Title: Processing Data to Construct Practical Visualizations for Network Security Overview: Processing Data to Construct Practical Visualizations for Network Security Network vulnerabilities are increasingly rampant despite advances in Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). Even as funding and work by government, industry, and academia to counter these vulnerabilities increases, over 1,000 variants of worms and viruses have been discovered during the past six months, and the level of network traffic increases as capacity increases. Also Inside: - GIG-BE Improving the Warfighter's Information Pipeline - What is Secure Software? - CPOL: High-Performance Policy Evaluation - Creating a Network Warfare Operations Career Force - Cyber Security Dimensions of Critical Infrastructure Protection (CIP) Conference - Privileged Escalation Through Trusted E-mails - Defending Warfighter Networks - IATAC Spotlight on Research: Johns Hopkins University - IATAC Spotlight on Subject Matter Expert (SME): Dr. Aviel "Avi" D. Rubin     Volume 8 Number 4 Title: Impact of International Information Assurance (IA) Standardization Overview: As government, industry, and citizens in the US and abroad rapidly increase their reliance on computers, they face corresponding increases in the cost and difficulty of assuring the protection of information that their computer systems transmit, process, and store. Also Inside: - When Writing Software, Security Counts! - Viruses, Worms, and Trojan Horses Welcome Here! - IATAC New Address, New Look, Continued Service - DOWN with Trusted Devices Network Securty Monitoring: Beyond Intrusion Detection - Air Force Enterprise Defense (AFED) - IATAC Attended Conferences - IATAC Spotlight on Research: Mississippi State University - IATAC Spotlight on Subject Matter Expert (SME): Dr. Rayford Vaughn     Volume 8 Number 3 Title: Net-Centric Assured Information Sharing - Moving Security to the Edge through Dynamic Certification & Accreditation Overview: Across the US Department of Defense (DoD), the goals of net-centricity are transforming the way in which Information Assurance (IA) must be achieved to facilitate assured information sharing, accelerate decision making, improve joint warfighting, and ensure the ability to dynamically exchange system-security credentials. Power to the Edge implies greatly enhanced peer-to-peer communications. Security to the Edge assumes the need to assure a system's security status and to provide security assertions precisely where interoperability and communications must occur. DoD soon-to-be published Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), combined with a suite of supporting capabilities, form an integrated program that proposes to address this emerging environment. DIACAP is generating increasing interest among its represented customers, DoD Components, and many other groups who are affiliated with developing the Global Information Grid (GIG). Also Inside: - IA/CND Enterprise-wide Solutions Steering Group or ESSG - 6th Annual IEEE Information Assurance Workshop - A Honeypot for the Exploration of Spammers' Behavior - Taxonomy Development Methodology - DoD Cyber Crime Center (DC3) - Quarterbacking Information Management - A Content Staging Overview - IATAC Spotlight on Research: Air Force Institute of Technology (AFIT) - IATAC Spotlight on Subject Matter Expert (SME): Dr. Rusty Baldwin     Volume 8 Number 2 Title: Common Technology Needs and Capability Gaps Across DoD's IA and CND Communities Overview: Across the US Department of Defense (DoD), a number of organizations have published strategies, plans, roadmaps, initiatives, and reference-capabilities documents, all in an effort to depict Defense-wide plans, requirements, and outstanding needs for Information Assurance (IA) technologies. These various documents can be said to generally fall into two areas: documents that characterize IA plans and requirements and documents that depict Computer Network Defense (CND) plans and requirements. Even though CND is formally acknowledged as a discipline within IA, as depicted in their strategic and planning documents, the focus and priorities of CND planners often differ significantly from those of broader IA planners. Moreover, even within the IA or CND discipline, there are often conflicts among the visions depicted in different organizations' strategic or planning documents. This multiplicity of documents, all ostensibly containing complementary if not duplicative objects but reflecting different viewpoints, led the Information Assurance Technology Analysis Center (IATAC) Steering Committee to question whether it was possible to analyze the full range of DoD IA and CND plans and requirements contained in those documents to (1) reveal areas of unnecessary duplication and unexpected disjuncture and (2) to identify significant omissions. A team of IATAC IA Subject Matter Experts (SMEs) was tasked by the Steering Committee to perform an analysis of a broad, representative set of DoD IA and CND documents published by several different DoD organizations. Also inside: - Dartmouth College - The Kerf Toolkit for Intrusion Analysis - - Integrating Information Assurance into the DoD Acquisition System - Threats Posed by and to 802.11 Wireless Networks - Careless Keystrokes Can Kill - IATAC Spotlight on Research: Dartmouth College - IATAC Spotlight on Subject Matter Expert (SME): Dr. Sergey Bratus     Volume 8 Number 1 Title: IA Strategy: The Plan and Your Role Overview: The Global Information Grid (GIG), with its potential to empower our warfighters with accurate, secure, timely information, mandates our Information Assurance (IA) community unprecedented implementation efforts. This article discusses the first Goal of the Department of Defense's (DoD) dynamic visions - to protect information - and how the GIG has redefined our approach to managing information. Also inside: - Security and Trust - Protecting Informationn - The GIG IA Architecture - Defending Systems and Networksn - DoD's IIAPn - From Bombs to Bytes - Transforming DoD's IA Programn - An Empowered Workforce - Developing IA Training - Emerging Technologies in IA - IATAC Spotlight on Research: Pennsylvania State University - IATAC Spotlight on Subject Matter Expert (SME): Dr. Peng Liu     Volume 7 Number 4 Title: Total Electronic Migration System Overview: The recently launched Total Electronic Migration System (TEMS) represents a long-term approach to providing access to electronic documents. The implementation of TEMS allows DTIC's eleven IACs to store, search, retrieve, and use Scientific and Technical Information (STI) to carry out their missions. Also inside: - Social Engineering-The Mother of All Trojan Horses - An Overview and Example of the Buffer-Overflow Exploit - Commodity Absence and Data Security - IATAC Spotlight on Research: Naval Postgraduate School (NPS) - IATAC Spotlight on Subject Matter Expert (SME): Dr. J. Bret Michael     Volume 7 Number 3 Title: The Cyber Conflict Studies Association Overview: Founded in 2003, the Cyber Conflict Studies Association (CCSA), is a not-for-profit, national membership organization devoted to the study of issues related to conflict in the Information Age. Also inside: - Preventing Widespread Malicious Code - The Future of Network Intrusion Detection - IPv6-The Next Generation Internet Protocol - The Importance of High Quality IA Metrics - DEFCON 12 Security Conference - Evidence-based Health Care and IA     Volume 7 Number 2 Title: Ontology Development Challenges and Applications Using the DARPA Agent Markup Language (DAML) Overview: The challenges and various steps involved in developing ontologies for use by software applications will be discussed in this article, as well as how the DARPA Agent Markup Language (DAML) can be leveraged as a knowledge representation language. Also inside: - Special Reports: Agent-Based Software System, Autonomic Computing, Computer Immunology, the Semantic Web - Computer Investigation Markup Language (CIML) - DoD's Changing InformationOperations Landscape - Detecting Early Indications of a Malicious Insider - International Cyber Awareness     Volume 7 Number 1 Title: The National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide Overview: The potential impact to an organization from a single incident can be incredibly high. A formal incident response capability is invaluable in quickly identifying and mitigating incidents, reducing their impact. Also inside: - The NIST Computer Security Incident Handling Guide - Web Application Security - DoD's Changing InformationOperations Landscape - Information Assurance - Are You Prepared? - Special Report: Grid Computing     Volume 6 Number 4 Title: Information Assurance (IA) and Peer-to-Peer File Sharing Overview: While many organizations have existing policies that prohibit the use of P2P, the P2P applications have evolved to bypass security countermeasures imposed by system administrators in order for the applications to get out and share files on the Internet. Also inside: - DoD Enterprise-Wide IA/CND Solutions Steering Group - Distributed Cyber Forensics - Attack-Graph Simulation Approach to Vulnerability Management - Next-Generation Enterprise Architecture Framework - Special Report: Cognitive Computing and Machine Learning - DoD BMO Assumes New Leadership     Volume 6 Number 3 Title: A New Strategy - A New USSTRATCOM Overview: The 'strategic' in U.S. Strategic Command (USSTRATCOM) is no longer synonymous with the term 'nuclear.' Rather, the new command offers a wider range of strategic and globally oriented warfighting options - both conventional and non-conventional within a compact period of time. Also inside: - The road Ahead for Computer Network Defense Service Providers - Zen and the Art of Scanning Networks - A Tour of Scanrand 2.0 - INFOSEC Research Council - What is the INFOSEC Research Council? - SARS, Tylenol, and Malicious Code - USSTRATCOM/JTF-CNO 1st Semi-Annual JTF-CNO Computer Network Defense (CND) Community of Interest (COI) Conference - A Framework for Information Assurance     Volume 6 Number 2 Title: The Peter Kiewit Institute (PKI) Overview: Student oriented, industry driven, the Peter Kiewit Institute (PKI) merged students, faculty, business, and government to launch the international launch of the Lewis and Clark bicentennial database server and event welcome Web site. Also inside: - New International Partnership--Assisting PKI Students and Faculty With Next Generation Computer Graphics - If Seeing is Believing--Success is Evident at PKI! - Building a Parallel Password Cracking Environment--A Case Study - The Department of Defense (DoD) Information Assurance Scholarship Program (IASP) - State-of-the-Art Information Warfare (IW) Training - USPACOM Annual Information Assurance (IA) Conference - Vulnerability Assessments - NETWARCOM     Volume 6 Number 1 Title: Training and Preparing for Net-Centric Warfare Overview: Among the many efforts underway at NPS to support NCW initiatives, the faculty of the Department of Computer Science have created specialty courses and tracks in addition to redesigning some existing courses to help prepare officers for the task of acquiring high-quality software-intensive systems. Also inside: - Aggregation and Inference-Invisible Threats to Information Security - Transforming the U.S. Air Force Enterprise Network - The 1st Federal PKI Deployment Workshop-A Success Story - The DoD-Industry IA Interface-Improving the Relationship - National Security Agency-IA Training Opportunities - OMB Praises Security Assessment Tool     Volume 5 Number 4 Title: Growing Up With Guns" A Cultural Education and the Information Age Overview: During a decade of working with information operations and infrastructure protection issues, I have observed a pattern that I feel has critical implications for America's technological future. I am convinced our culture must recognize its need to supply citizens with a common framework for discourse, debate, and decisions about technology. Meeting this need is essential for our country to meet the challenges of the Information Age. Also inside: - US, UK, CAN, AUS, and NZ Computer Network Defense (CND) Technical Conference - Computer and Telecommunication Infrastructure-How People and Organizations Interrelate - IEEE 802.11 Countermeasures - Anatomy of Cyberterrorism-Is America Vulnerable? - Center of Education Excellence: Understanding the Role of Biometrics and Information Assurance Within the DoD     Volume 5 Number 3 Title: Security Benchmarks: A Gold Standard Overview: On July 17, the NSA, DISA, NIST, FBI's NIPC, GSA, SANS Institute, and the Center for Internet Security jointly announced minimum standards for securing computers using Microsoft Windows 2000 Professional. The unprecedented announcement, led by Presidential Cyber Security Advisor Richard Clarke, is an effort to stop most com-mon attacks against computer networks both inside and outside the Government. The new benchmark provides detailed configuration specifications for computers run-ning Windows 2000 Professional and that are to be connected to networks. Also inside: - The Importance of Consensus Security Benchmarks - Measuring the Value of Security Guides - Enterprise Security Enabled by CVE - Operationalizing Critical Infrastructure Protection: A Combatant Command Perspective - The South Florida Honeynet Project: Yesterday, Today, and Tomorrow - Guard Technologies: Connecting the Dots     Volume 5 Number 2 Title: Trust in Cyberspace? Overview: The concept of trust is intuitive, but there are challenges involved in defining, measuring, specifying, and computing trust. We all seem to know what trust is. If you ask a person whether he trusts another person, you are likely to get a 'yes' or 'no' answer. Ask the same person whether he trusts another person with his life, car, finances, or electronic business, and you are likely to receive quite different responses for each of these contexts of trust. Also inside: - GIG Interconnection Approval Process (GIAP) - An Overview of the Evolving Law Related to Computer Network Defense - The College Cyber Defenders - Information Security Incident Response, Part II: Creating and Incident Response Team - Space-Based Blue Force Tracking - BlackBerry Security in a Military Environment     Volume 5 Number 1 Title: Information Systems Security Incident Response Overview: Many companies today have spent time and money on their Internet sites by investing in defenses against computer security incidents. Despite the best planning, incidents do happen and defenses are overrun. When that occurs an incident response capability may be all that stands between an enterprise's computing environment and an incident that can threaten even the viability of the enterprise. Also inside: - IATF: At Five Years Old: A Wealth of Knowledge, and Still Growing! - Phoenix Challenge: Information Operations Concepts and Solutions Exploration in the 21st Century - Software Decoys for Software Counterintelligence - FIWC IO Technology Workshop - Continuity of Operations (COOP)     Volume 4 Number 4 Title: Cyber Terror: Potential for Mass Effect Overview: With the tragic events of 9-11, the ensuing anthrax spread, and the war on terrorism DoD and Government are faced with an ever increasing new threat-Cyber Terror. While terrorists' plans have traditionally involved physical attacks, DoD's increasing reliance on a highly interconnected information grid translates into a growing possibility that terrorists could elect to employ computer network attacks. As the Internet has expanded and DoD's reliance on it increased, protests and political activism have entered a new realm. Political activism on the Internet has already generated a wide range of activity, from using E-mail and Web sites to organize, to Web page defacements and denial-of-service attacks. This edition of the IAnewsletter features two articles which address this evolving threat. Also inside: - DoD IA Acquisition Initiatives - PACOM TCCC Update - Building the LE/CI COP - Biometrics & Smart Card Integration     Volume 4 Number 3 Title: CERT/CC: Tracking, Preventing & Resolving Computer Security Incidents Overview: In past editions of the IAnewsletter we have featured many of DoD's premier network security organizations including the DoD CERT, the Joint Task Force for Computer Network Operations and each Service's security incident response teams. CERT/CC is one of the many organizations strongly aligned with DoD's network security commands. For this reason, this edition of the IAnewsletter features three articles from the security professionals at CERT/CC. Additional articles include- - DIAP Reorganizes Reflecting the DoD Defense-in-Depth Strategy - Tactical Decision Exercises-Preparing the JTF-CNO for Mission Readiness - A Metric for Availability - Configuration Management Compliance Validation     Volume 4 Number 2 Title: Modeling & Simulation Overview: This issue showcases IATAC's newest SOAR on Modeling & Simulation for IA. This report was co-authored with MSIAC. Also in this edition- - Developing ATM Intrusion Detection Systems to Support the High Performance Computing Modernization Program - International Technology Watch Partnership - Virtual Technology Exposition - Life Cycle Security and the DITSCAP - Today's Information Security Challenge - CyberWolf     Volume 4 Number 1 Title: SPACECOM Overview: This issue's feature article is from SPACECOM on "Revising the DoD INFOCON System" and specifically addresses the activities and processes upon which SPACECOM has focused. Following this is a EUCOM article summarizing Combined Endeavor 2000. From the Allied perspective, is an article on CND in a Coalition Environment. Several other information articles follow on topics such as Biometrics Technology, Information Operations in the Army Reserve and an overview of FIPS 140-2     Volume 3 Number 4 Title: USPACOM Theater Network Operations Overview: The largest to-date feature article from USPACOM former director for C4 on Theater Network Operations. Followed by a retrospective on Computer Network Defenses by Maj Gen John Campbell. Also included are articles from: - U.S. Naval Forces in Europe - JTF-CND - Law Enforcement and Counterintelligence Support to CND - IA Training at the US Army's Computer Science School - PKI Help Desk - Marine Corps CND - IO/IA Visualization Technologies SOAR released - IATAC's newest product-the Collection Acquisitions CD-ROM-introduced     Volume 3 Number 3 Title: Warfighter Support in a Coalition Environment Overview: This issue contains an article from Joint Forces Command (JFCOM) on their Coalition Interoperability Solution, The Hexagon. Also covered is EUCOM's Information Assurance Conference. At 36 pages, this issue is our largest to date and boasts such great articles as: - JTF-CND Intelligence Support - ZENITH STAR 99-1 - Distributed Denial of Service Tools from DoD CERT - Air Force Materiel Command's Information Defense-Information Assurance - The Army Prepares for the Next Generation of Warfare - The Burning Zone-Containing Contagion in Cyberspace - Computing on the Virtual Border-.mil meets .edu - In Pursuit of the "Trustworthy" Enterprise     Volume 3 Number 2 Title: Defense in Depth Overview: The physical analogy for this strategy is the formidable layered defenses of the medieval castle. The Fall 1999 cover article discusses this strategy. This issue features a slew of great articles, such as- - Matrix Mission Planning in Information Operations - DoD Computer Security Tips for Y2K - SHERLOCK: A Third Generation Log Analysis Tool Plus a Special Section on the: - JTF-CND Component Commands - ACERT/ARFOR-CND - MARFOR-CND - Navy Computer Network Defense - Monitoring and Protecting the Global Network     Volume 3 Number 1 Title: USSOUTHCOM Overview: This feature article is on the U.S. Southern Command's Information Sharing Projects. Also in this issue is an article on the Law of Computer Network Defense. DISA'S DoD CERT covers the DoD IAVA Process. FIWC covers the Naval IO Wargame '99 and the U.S. Air Force Research Lab discusses the Automated Intrusion Detection Environment. This issue includes an article on Raytheon's SilentRunner, and highlights the updated Intrusion Detection Tools Report as well as DISA's New Infosec Training Products.     Volume 2 Number 4 Title: Coalition IA Overview: The feature article on Coalition IA is from the U.S. Army Signal Command. Also in this issue is an article on IA Red Teaming from OASD(NII). DISA's DoD CERT covers "Meeting the Melissa Virus Head On." HQCECOM covers "I2WD's Role in Securing the Digitized Force" and the U.S. Army Research Lab speaks out on "Using Operations Security Methods to Protect DoD Information." This issue includes an article on face recognition technology, JMU's Internet-based Information Security Master's Program, and highlights the latest IATAC reports released!     Volume 2 Number 3 Title: JTF-CND Overview: This issue includes a feature article on the Joint Task Force for Computer Network Defense. Also in this issue are articles from USACOM on their IA Certification Program, U.S. Army ODISC4 on "The New Arms Race for the Information Age," NAWCAD on "Risk-Based Decision Making," Sandia National Laboratories on "The Next Generation of Security Engineering Tools," Purdue University on "Educating the Next Generation of Security Specialists," and a vulnerability assessment tool from Harris     Volume 2 Number 2 Title: N/A Overview: This issue highlights Information Assurance (IA) initiatives at various levels within the Department of Defense and the IA Vendor Community. The newsletter features "The Defense-Wide Information Assurance Program" from OASD(NII)/IA and an NIPC article entitled "protecting Our Critical Infrastructures Through Public-Private Partnership." Also included is an "Intrusion Detection System Evaluation" article from the Lincoln Laboratory at MIT, "Detecting Intrusions Cooperatively Across Multiple Domains" from the University of Idaho and Lucent Technologies, Inc. The newsletter also features a selection of Firewalls tools maintained in the IA Tools Data Base. (Available in electronic copy only)     Volume 2 Number 1 Title: N/A Overview: This issue features an article from the U.S. Strategic Command on "Incorporating IA into Global Guardian" and an article from the Navy INFOSEC Program Office on "Security Tools for Network Centric Warfare." From the R&D community comes an article from the Army Research Laboratory entitled "ARL Primes Army Information Assurance Capability." Also included is an article from AXENT Technologies, Inc. and a selection of Vulnerability Analysis tools maintained in the IA Tools Database as well as a summary of DIA's Information Warfare Course.     Volume 1 Number 3 Title: N/A Overview: This issue highlights ongoing Information Assurance initiatives within the Department of Defense. The newsletter includes a feature article by the Joint Command and Control Warfare Center (JC2WC) on "Defending Against C2W and IW Attack" and a summary article highlighting the recent Information Assurance Seminar Game hosted by the U.S. Army War College. The newsletter also features a selection of Intrusion Detection tools found in the Information Assurance Tools Database, as well as an overview of available products.     Volume 1 Number 2 Title: N/A Overview: The feature article for this issue encircles the Defense Intelligence Agency's (DIA) commitment to information operations by establishing the DIA Information Warfare Support Office. Also included is a commentary by then Director of IATAC, Dr. John I. Algers, title "Information Assurance Evolves from Definitional Debate" that considers the rise and importance of information assurance to the warfighter.     Volume 1 Number 1 Title: N/A Overview: The Information Assurance Technology Analysis Center's inaugural issue includes an introduction to the establishment of IATAC and a brief description of core operations and the technical area task program. Also included is a feature article by the Joint Staff on JV2010 and the OSD initiatives by ASD/C3I.