Volume 11, Number 3: Guarding the Cybercastle in 2020

The DoD has recently refocused its formal definition of cyber as "a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers," consistent with Presidential cyber security policy.

Also Inside:

• IATAC Spotlight on Faculty
• Securing the Converged Enterprise, Part 2—Network Defense-in-Depth Architectural Considerations
• Common Criteria Testing Continues to Improve of Security of IA Products
• IATAC Spotlight on Education
• DoD EWIA/CND ESSG Technical Advisory Group (TAG)
• So You Say You Want a Penetration Test...

Volume 11, Number 2: Defining the GIG Core

The Global Information Grid (GIG) is a large, complex undertaking that is intended to integrate virtually all information systems, services, and applications in the US Department of Defense (DoD) into the seamless, reliable and secure network. This article discusses two architectural options for constructing the core of the GIG: striped core and black core.

Also Inside:

• Tomorrow Night
• Electronic Voting Security
• IATAC Spotlight on Faculty
• Recent Developments in Cyberlaw
• IATAC Spotlight on Education
• Securing the Converged Enterprise, Part I
• Ask the Expert

Volume 11, Number 1: Network Risk Assessment Tool (NRAT)

We live in an information-centric age where seemingly every aspect of our existence is inextricably dependent on the services of information systems. These systems provide integral support to financial institutions, commercial enterprises, critical infrastructure systems, medical care, public safety, and military operations.

Also Inside:

• Ask the Expert
• Improving the Cyber Incident Damage and Mission Impact Assessment
• Virtual Patching
• IATAC Spotlight on Education
• IATAC Spotlight on Faculty
• NIST NVD & SCAP: Modernizing Security Management
• NIST Publications: Guidance to Improve Information Security

Volume 10, Number 4: Information Assurance for the Net-Centric Environment: Making the Mission Possible

DoD defines the NCE as a joint force framework for full human and technical connectivity and interoperability—one that allows all DoD users and mission partners to share the information they need, when they need it, in a form they can understand, and act on with confidence.

Also Inside:

• Ask the Expert
• GIG Performance Assessment Framework
• Subject Matter Experts
• ForNet: Network Forensics for Detecting Stealthy Attacks
• IATAC Spotlight on Education
• Accurate Application-Specific Sandboxing for Win32/Intel Binaries
• University of Maryland University College Security Studies Laboratories

Volume 10, Number 3: Implementing Internet Protocol Version 6 (IPv6) on an Army Installation

The challenge of implementing IPv6 into an Army network comes from two conditions placed upon the Department of Defense (DoD) by the US Congress: Do No Harm and IPv4 Parity.

Also Inside:

• Ask the Expert
• A Qualia Framework for Awareness in Cyberspace
• IATAC Spotlight on Education
• US-CERT: America's Cyber Watch and Warning Center
• Executing the CND Data Strategy within the NetOps Community of Interest
• 8th IEEE Information Assurance Workshop
• Subject Matter Experts
• A Decade of Air Force and Academic Collaboration Toward Assuring Information

Volume 10, Number 2: System Engineering for the GIG: An Approach at the Enterprise Level

The GIG is an ambitious undertaking that is fundamental to network-centric warfare. We have established and enterprise process to apply systems engineering discipline to the decisions that need to be made to make the GIG a reality.

Also Inside:

• Software Agent Technology
• Enabling Mission Critical Operations Through Mature Implementation
• CyberCIEGE: An Information Assurance Training and Awareness Video Game
• DISA Partnership Conference
• IATAC Spotlight on Research
• IATAC Spotlight on Education
• Ask the Expert

Volume 10, Number 1: Look out! It's the fuzz

Software fuzzing is a relatively new software auditing technique responsible for finding many of the bugs and security vulnerabilities found in utilities, software applications, and network protocols. To understand what fuzzing is, we need to understand how fuzzing originated.

Also Inside:

• ESSG
• IATAC Spotlight on Education
• IATAC Spotlight on Research
• Ask the Expert: IANETSEC
• A Snapshot of Some Current CERIAS Research
• 6th Annual Department of Defense (DoD) Cyber Crime Conference
• An IATAC/DACS State-of-the-Art-Report on Software Security Assurance
• The Morphing of a Cyber Operations Curriculum at the Air Force Institute of Technology (AFIT)

Volume 9, Number 4: Phishing: Fraud for the 21st Century

Phishing refers to a new form of cyber crime that is quickly gaining popularity. During the past several years, there has been a steady increase in the use of online financial services for everything from paying utility bills to conducting banking and brokerage transactions.

Also Inside:

• Verifying Network Intrusion Detection Alerts
• Data Integrity and Proof of Service in BitTorrent-Like P2P Environments
• An Overview of Voice over Internet Protocol (VoIP)
• Countering DDoS Attacks with Multi-Path Overlay Networks
• Ask the Expert
• IATAC Spotlight on Education
• IATAC Spotlight on Research

Volume 9, Number 3: Generating Policies for Defense in Depth

In 2002, DARPA challenged the research community to design and demonstrate an unprecedented level of survivability for an existing DoD information system by combining Commercial-Off-The-Shelf (COTS) technologies with those developed by DARPA.

Also Inside:

• A Virtual Environment for Safe Vulnerability Assessment (VA)
• Black Hat and DEFCON
• Efficient Path Authentication for Border Gateway Protocol (BGP) Security
• 7th Annual IEEE Information Assurance Workshop (IAW)
• Significant New Developments in Cyberlaw
• ESSG Corner
• Digital Forensics Education at the Air Force Institute of Technology (AFIT)
• IATAC Spotlight on Education
• IATAC Spotlight on Research

Volume 9, Number 2: SAMATE's Contribution to Information Assurance

There is far too much software in today's information world to check manually. Even if people had the time to inspect thousands or millions of lines of code, nobody could remember all the constraints, requirements, and imperatives to make sure the software is secure. Automated tools are a must.

Also Inside:

• Sensitive Data Anonymization
• Removing Security through Obscurity from Software Watermarking
• Vulnerability Analysis of J2ME CLDC Security
• A Survey of Graphical Passwords
• IATAC Spotlight on Education: Georgia State University
• IATAC Spotlight on Research: Professor Ying Zhu

Volume 9, Number 1: Processing Data to Construct Practical Visualizations for Network Security

Processing Data to Construct Practical Visualizations for Network Security Network vulnerabilities are increasingly rampant despite advances in Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). Even as funding and work by government, industry, and academia to counter these vulnerabilities increases, over 1,000 variants of worms and viruses have been discovered during the past six months, and the level of network traffic increases as capacity increases.

Also Inside:

• GIG-BE\Improving the Warfighterfs Information Pipeline
• What is Secure Software?
• CPOL: High-Performance Policy Evaluation
• Creating a Network Warfare Operations Career Force
• Cyber Security Dimensions of Critical Infrastructure Protection (CIP) Conference
• Privileged Escalation Through Trusted E-mails
• Defending Warfighter Networks
• IATAC Spotlight on Education
• IATAC Spotlight on Research

Volume 8, Number 4: Impact of International Information Assurance (IA) Standardization

As government, industry, and citizens in the US and abroad rapidly increase their reliance on computers, they face corresponding increases in the cost and difficulty of assuring the protection of information that their computer systems transmit, process, and store.

Also Inside:

• When Writing Software, Security Counts
• Viruses, Worms, and Trojan Horses Welcome Here!
• IATAC Spotlight on Research
• IATAC New Address, New Look, Continued Service
• DOWN with Trusted Devices Network Securty Monitoring: Beyond Intrusion Detection
• Air Force Enterprise Defense (AFED)
• IATAC Spotlight on Education
• IATAC Attended Conferences

Volume 8, Number 3: Net-Centric Assured Information Sharing - Moving Security to the Edge through Dynamic Certification & Accreditation

Across the US Department of Defense (DoD), the goals of net-centricity are transforming the way in which Information Assurance (IA) must be achieved to facilitate assured information sharing, accelerate decision making, improve joint warfighting, and ensure the ability to dynamically exchange system-security credentials. Power to the Edge implies greatly enhanced peer-to-peer communications. gSecurity to the Edgeh assumes the need to assure a systemfs security status and to provide security assertions precisely where interoperability and communications must occur. DoD soon-to-be published Department of Defense Information Assurance Certification and Accreditation Process (DIACAP), combined with a suite of supporting capabilities, form an integrated program that proposes to address this emerging environment. DIACAP is generating increasing interest among its represented customers, DoD Components, and many other groups who are affiliated with developing the Global Information Grid (GIG).

Also Inside:

• Dr. Rusty Baldwin
• IA/CND Enterprise-wide Solutions Steering Group or ESSG
• Air Force Institute of Technology (AFIT)
• 6th Annual IEEE Information Assurance Workshop
• A Honeypot for the Exploration of Spammers' Behavior
• Taxonomy Development Methodology
• DoD Cyber Crime Center (DC3)
• Quarterbacking Information Management - A Content Staging Overview

Volume 8, Number 2: Common Technology Needs and Capability Gaps Across DoD's IA and CND Communities

Across the US Department of Defense (DoD), a number of organizations have published strategies, plans, roadmaps, initiatives, and reference-capabilities documents, all in an effort to depict Defense-wide plans, requirements, and outstanding needs for Information Assurance (IA) technologies. These various documents can be said to generally fall into two areas: documents that characterize IA plans and requirements and documents that depict Computer Network Defense (CND) plans and requirements. Even though CND is formally acknowledged as a discipline within IA, as depicted in their strategic and planning documents, the focus and priorities of CND planners often differ significantly from those of broader IA planners. Moreover, even within the IA or CND discipline, there are often conflicts among the visions depicted in different organizationsf strategic or planning documents. This multiplicity of documents, all ostensibly containing complementary if not duplicative objects but reflecting different viewpoints, led the Information Assurance Technology Analysis Center (IATAC) Steering Committee to question whether it was possible to analyze the full range of DoD IA and CND plans and requirements contained in those documents to (1) reveal areas of unnecessary duplication and unexpected disjuncture and (2) to identify significant omissions. A team of IATAC IA Subject Matter Experts (SMEs) was tasked by the Steering Committee to perform an analysis of a broad, representative set of DoD IA and CND documents published by several different DoD organizations.

Also Inside:

• IATAC Spotlight on Research–Dartmouth College
• The Kerf Toolkit for Intrusion Analysis
• IATAC Spotlight on Subject Matter Expert (SME)–Dr. Sergey Bratus
• Integrating Information Assurance into the DoD Acquisition System
• Threats Posed by and to 802.11 Wireless Networks
• Careless Keystrokes Can Kill

Volume 8, Number 1: IA Strategy: The Plan and Your Role

The Global Information Grid (GIG), with its potential to empower our warfighters with accurate, secure, timely information, mandates our Information Assurance (IA) community unprecedented implementation efforts. This article discusses the first Goal of the Department of Defensefs (DoD) dynamic visions - to protect information - and how the GIG has redefined our approach to managing information.

Also Inside:

• Security and Trust–Protecting Information
• The GIG IA Architecture–Defending Systems and Networks
• DoD's IIAP
• From Bombs to Bytes–Transforming DoD's IA Program
• An Empowered Workforce–Developing IA Training
• Emerging Technologies in IA

Volume 7, Number 4: Total Electronic Migration System

The recently launched Total Electronic Migration System (TEMS) represents a long-term approach to providing access to electronic documents. The implementation of TEMS allows DTIC’s eleven IACs to store, search, retrieve, and use Scientific and Technical Information (STI) to carry out their missions.

Also Inside:

• Social Engineering-The Mother of All Trojan Horses
• IATAC Spotlight on Research-Naval Postgraduate School (NPS)
• Commodity Absence and Data Security
• IATAC, Spotlight on Subject Matter Expert (SME)-Dr. J. Bret Michael
• An Overview and Example of the Buffer-Overflow Exploit

Volume 7, Number 3: The Cyber Conflict Studies Association

Founded in 2003, the Cyber Conflict Studies Association (CCSA), is a not-for-profit, national membership organization devoted to the study of issues related to conflict in the Information Age.

Also Inside:

• Preventing Widespread Malicious Code
• The Future of Network Intrusion Detection
• IPv6-The Next Generation Internet Protocol
• The Importance of High Quality IA Metrics
• DEFCON 12 Security Conference
• Evidence-based Health Care and IA

Volume 7, Number 2: Ontology Development Challenges and Applications Using the DARPA Agent Markup Language (DAML)

The challenges and various steps involved in developing ontologies for use by software applications will be discussed in this article, as well as how the DARPA Agent Markup Language (DAML) can be leveraged as a knowledge representation language.

Also Inside:

• Special Reports: Agent-Based Software System, Autonomic Computing, Computer Immunology, the Semantic Web
• Computer Investigation Markup Language (CIML)
• DoD's Changing InformationOperations Landscape
• Detecting Early Indications of a Malicious Insider
• International Cyber Awareness

Volume 7, Number 1: The National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide

The potential impact to an organization from a single incident can be incredibly high. A formal incident response capability is invaluable in quickly identifying and mitigating incidents, reducing their impact.

Also Inside:

• The NIST Computer Security Incident Handling Guide
• Web Application Security
• DoD's Changing InformationOperations Landscape
• Information Assurance - Are You Prepared?
• Special Report: Grid Computing

Volume 6, Number 4: Information Assurance (IA) and Peer-to-Peer File Sharing

While many organizations have existing policies that prohibit the use of P2P, the P2P applications have evolved to bypass security countermeasures imposed by system administrators in order for the applications to get out and share files on the Internet.

Also Inside:

• DoD Enterprise-Wide IA/CND Solutions Steering Group
• Distributed Cyber Forensics
• Attack-Graph Simulation Approach to Vulnerability Management
• Next-Generation Enterprise Architecture Framework
• Special Report: Cognitive Computing and Machine Learning
• DoD BMO Assumes New Leadership

Volume 6, Number 3: A New Strategy - A New USSTRATCOM

The 'strategic' in U.S. Strategic Command (USSTRATCOM) is no longer synonymous with the term 'nuclear.' Rather, the new command offers a wider range of strategic and globally oriented warfighting options - both conventional and non-conventional within a compact period of time.

Also Inside:

• The road Ahead for Computer Network Defense Service Providers
• Zen and the Art of Scanning Networks - A Tour of Scanrand 2.0
• INFOSEC Research Council - What is the INFOSEC Research Council?
• SARS, Tylenol, and Malicious Code
• USSTRATCOM/JTF-CNO 1st Semi-Annual JTF-CNO Computer Network Defense (CND) Community of Interest (COI) Conference
• A Framework for Information Assurance

Volume 6, Number 2: The Peter Kiewit Institute (PKI)

Student oriented, industry driven, the Peter Kiewit Institute (PKI) merged students, faculty, business, and government to launch the international launch of the Lewis and Clark bicentennial database server and event welcome Web site.

Also Inside:

• New International Partnership--Assisting PKI Students and Faculty With Next Generation Computer Graphics
• If Seeing is Believing--Success is Evident at PKI!
• Building a Parallel Password Cracking Environment--A Case Study
• The Department of Defense (DoD) Information Assurance Scholarship Program (IASP)
• State-of-the-Art Information Warfare (IW) Training
• USPACOM Annual Information Assurance (IA) Conference
• Vulnerability Assessments
• NETWARCOM

Volume 6, Number 1: Training and Preparing for Net-Centric Warfare

Among the many efforts underway at NPS to support NCW initiatives, the faculty of the Department of Computer Science have created specialty courses and tracks in addition to redesigning some existing courses to help prepare officers for the task of acquiring high-quality software-intensive systems.

Also Inside:

• Aggregation and Inference-Invisible Threats to Information Security
• Transforming the U.S. Air Force Enterprise Network
• The 1st Federal PKI Deployment Workshop-A Success Story
• The DoD-Industry IA Interface-Improving the Relationship
• National Security Agency-IA Training Opportunities
• OMB Praises Security Assessment Tool

Volume 5, Number 4: Growing Up With Guns" A Cultural Education and the Information Age

During a decade of working with information operations and infrastructure protection issues, I have observed a pattern that I feel has critical implications for AmericaÕs technological future. I am convinced our culture must recognize its need to supply citizens with a common framework for discourse, debate, and decisions about technology. Meeting this need is essential for our country to meet the challenges of the Information Age.

Also Inside:

• US, UK, CAN, AUS, and NZ Computer Network Defense (CND) Technical Conference
• Computer and Telecommunication Infrastructure-How People and Organizations Interrelate
• IEEE 802.11 Countermeasures
• Anatomy of Cyberterrorism-Is America Vulnerable?
• Center of Education Excellence: Understanding the Role of Biometrics and Information Assurance Within the DoD

Volume 5, Number 3: Security Benchmarks: A Gold Standard

On July 17, the NSA, DISA, NIST, FBIÕs NIPC, GSA, SANS Institute, and the Center for Internet Security jointly announced minimum standards for securing computers using Microsoft Windows 2000 Professional. The unprecedented announcement, led by Presidential Cyber Security Advisor Richard Clarke, is an effort to stop most com-mon attacks against computer networks both inside and outside the Government. The new benchmark provides detailed configuration specifications for computers run-ning Windows 2000 Professional and that are to be connected to networks.

Also Inside:

• The Importance of Consensus Security Benchmarks
• Measuring the Value of Security Guides
• Enterprise Security Enabled by CVE¨
• Operationalizing Critical Infrastructure Protection: A Combatant Command Perspective
• The South Florida Honeynet Project: Yesterday, Today, and Tomorrow
• Guard Technologies: Connecting the Dots

Volume 5, Number 2: Trust in Cyberspace?

The concept of trust is intuitive, but there are challenges involved in defining, measuring, specifying, and computing trust. We all seem to know what trust is. If you ask a person whether he trusts another person, you are likely to get a ÒyesÓ or ÒnoÓ answer. Ask the same person whether he trusts another person with his life, car, finances, or electronic business, and you are likely to receive quite different responses for each of these contexts of trust.

Also Inside:

• GIG Interconnection Approval Process (GIAP)
• An Overview of the Evolving Law Related to Computer Network Defense
• The College Cyber Defenders
• Information Security Incident Response, Part II: Creating and Incident Response Team
• Space-Based Blue Force Tracking
• BlackBerry Security in a Military Environment

Volume 5, Number 1: Information Systems Security Incident Response

Many companies today have spent time and money on their Internet sites by investing in defenses against computer security incidents. Despite the best planning, incidents do happen and defenses are overrun. When that occurs an incident response capability may be all that stands between an enterpriseÕs computing environment and an incident that can threaten even the viability of the enterprise.

Also Inside:

• IATF: At Five Years Old: A Wealth of Knowledge, and Still Growing!
• Phoenix Challenge: Information Operations Concepts and Solutions Exploration in the 21st Century
• Software Decoys for Software Counterintelligence
• FIWC IO Technology Workshop
• Continuity of Operations (COOP)

Volume 4, Number 4: Cyber Terror: Potential for Mass Effect

With the tragic events of 9-11, the ensuing anthrax spread, and the war on terrorism DoD and Government are faced with an ever increasing new threat-Cyber Terror. While terrorists' plans have traditionally involved physical attacks, DoDÕs increasing reliance on a highly interconnected information grid translates into a growing possibility that terrorists could elect to employ computer network attacks. As the Internet has expanded and DoD's reliance on it increased, protests and political activism have entered a new realm. Political activism on the Internet has already generated a wide range of activity, from using E-mail and Web sites to organize, to Web page defacements and denial-of-service attacks. This edition of the IAnewsletter features two articles which address this evolving threat.

Also Inside:

• DoD IA Acquisition Initiatives
• PACOM TCCC Update
• Building the LE/CI COP
• Biometrics & Smart Card Integration

Volume 4, Number 3: CERT/CC: Tracking, Preventing & Resolving Computer Security Incidents

In past editions of the IAnewsletter we have featured many of DoD's premier network security organizations including the DoD CERT, the Joint Task Force for Computer Network Operations and each Service's security incident response teams. CERT/CC is one of the many organizations strongly aligned with DoD's network security commands. For this reason, this edition of the IAnewsletter features three articles from the security professionals at CERT/CC.

Additional articles include-

• DIAP Reorganizes Reflecting the DoD Defense-in-Depth Strategy
• Tactical Decision Exercises-Preparing the JTF-CNO for Mission Readiness
• A Metric for Availability
• Configuration Management Compliance Validation

Volume 4, Number 2: Modeling & Simulation

This issue showcases IATAC's newest SOAR on Modeling & Simulation for IA. This report was co-authored with MSIAC. Also in this edition-

• Developing ATM Intrusion Detection Systems to Support the High Performance Computing Modernization Program
• International Technology Watch Partnership
• Virtual Technology Exposition
• Life Cycle Security and the DITSCAP
• Today's Information Security Challenge - CyberWolf

Volume 4, Number 1: SPACECOM

This issue's feature article is from SPACECOM on "Revising the DoD INFOCON System" and specifically addresses the activities and processes upon which SPACECOM has focused. Following this is a EUCOM article summarizing Combined Endeavor 2000. From the Allied perspective, is an article on CND in a Coalition Environment. Several other information articles follow on topics such as Biometrics Technology, Information Operations in the Army Reserve and an overview of FIPS 140-2

• Combined Endeavor
• DIAP Update
• Virtual Technology Exposition
• Biometrics Technology

Volume 3, Number 4: USPACOM Theater Network Operations

The largest to-date feature article from USPACOM former director for C4 on Theater Network Operations. Followed by a retrospective on Computer Network Defenses by Maj Gen John Campbell. Also included are articles from:

• A Retrospective on Computer Network Defense
• Where There's Smoke, There's Fire...
• Keys to the Kingdom
• Law Enforcement & Counterintelligence Support to CND

Volume 3, Number 3: Warfighter Support in a Coalition Environment

This issue contains an article from Joint Forces Command (JFCOM) on their Coalition Interoperability Solution, The Hexagon. Also covered is EUCOM's Information Assurance Conference. At 36 pages, this issue is our largest to date and boasts such great articles as:

• JTF-CND Intelligence Support
• ZENITH STAR 99-1
• Distributed Denial of Service Tools from DoD CERT
• Air Force Materiel Command's Information Defense-Information Assurance
• The Army Prepares for the Next Generation of Warfare
• The Burning Zone-Containing Contagion in Cyberspace
• Computing on the Virtual Border-.mil meets .edu
• In Pursuit of the "Trustworthy" Enterprise

Volume 3, Number 2: Defense in Depth

The physical analogy for this strategy is the formidable layered defenses of the medieval castle. The Fall 1999 cover article discusses this strategy. This issue features a slew of great articles, such as-

• Matrix Mission Planning in Information Operations
• DoD Computer Security Tips for Y2K
• SHERLOCK: A Third Generation Log Analysis Tool

Volume 3, Number 1: USSOUTHCOM

This feature article is on the U.S. Southern Command's Information Sharing Projects. Also in this issue is an article on the Law of Computer Network Defense. DISA'S DoD CERT covers the DoD IAVA Process. FIWC covers the Naval IO Wargame '99 and the U.S. Air Force Research Lab discusses the Automated Intrusion Detection Environment. This issue includes an article on Raytheon's SilentRunner, and highlights the updated Intrusion Detection Tools Report as well as DISA's New Infosec Training Products.

• Naval IO Wargame '99
• Computer Network Defense Law
• DoD's IAVA Process
• Automated Intrusion Detection Environment

Volume 2, Number 4: Coalition IA

The feature article on Coalition IA is from the U.S. Army Signal Command. Also in this issue is an article on IA Red Teaming from OASD(NII). DISA's DoD CERT covers "Meeting the Melissa Virus Head On." HQCECOM covers "I2WD's Role in Securing the Digitized Force" and the U.S. Army Research Lab speaks out on "Using Operations Security Methods to Protect DoD Information." This issue includes an article on face recognition technology, JMU's Internet-based Information Security Master's Program, and highlights the latest IATAC reports released!

• IA Red Teaming
• The Melissa Virus
• IA &JV 2010
• Securing the Digitized Force
• Protecting DoD Information Systems

Volume 2, Number 3: JTF-CND

This issue includes a feature article on the Joint Task Force for Computer Network Defense. Also in this issue are articles from USACOM on their IA Certification Program, U.S. Army ODISC4 on "The New Arms Race for the Information Age," NAWCAD on "Risk-Based Decision Making," Sandia National Laboratories on "The Next Generation of Security Engineering Tools," Purdue University on "Educating the Next Generation of Security Specialists," and a vulnerability assessment tool from Harris

Volume 2, Number 2: Information Assurance Technology

This issue highlights Information Assurance (IA) initiatives at various levels within the Department of Defense and the IA Vendor Community. The newsletter features "The Defense-Wide Information Assurance Program" from OASD (NII)/IA and an NIPC article entitled "protecting Our Critical Infrastructures Through Public-Private Partnership." Also included is an "Intrusion Detection System Evaluation" article from the Lincoln Laboratory at MIT, "Detecting Intrusions Cooperatively Across Multiple Domains" from the University of Idaho and Lucent Technologies, Inc. The newsletter also features a selection of Firewalls tools maintained in the IA Tools Data Base. (Available in electronic copy only)

Volume 2, Number 1: Information Assurance Technology

This issue features an article from the U.S. Strategic Command on "Incorporating IA into Global Guardian" and an article from the Navy INFOSEC Program Office on "Security Tools for Network Centric Warfare." From the R&D community comes an article from the Army Research Laboratory entitled "ARL Primes Army Information Assurance Capability." Also included is an article from AXENT Technologies, Inc. and a selection of Vulnerability Analysis tools maintained in the IA Tools Database as well as a summary of DIA's Information Warfare Course.

Volume 1, Number 3: Information Assurance Technology

This issue highlights ongoing Information Assurance initiatives within the Department of Defense. The newsletter includes a feature article by the Joint Command and Control Warfare Center (JC2WC) on "Defending Against C2W and IW Attack" and a summary article highlighting the recent Information Assurance Seminar Game hosted by the U.S. Army War College. The newsletter also features a selection of Intrusion Detection tools found in the Information Assurance Tools Database, as well as an overview of available products.

Volume 1, Number 2: Information Assurance Technology

The feature article for this issue encircles the Defense Intelligence Agency's (DIA) commitment to information operations by establishing the DIA Information Warfare Support Office. Also included is a commentary by then Director of IATAC, Dr. John I. Algers, title "Information Assurance Evolves from Definitional Debate" that considers the rise and importance of information assurance to the warfighter.