The MS-ISAC Darknet Sensor system, which is expected to be implemented by late 2007 or early 2008, will monitor and gather information for all traffic directed through the nationwide darknet, which is considered malicious since no legitimate services are available at dark address spaces. New York's internal and public networks will be analyzed, which is expected to provide invaluable insight into the security of New York's networks and help predict impending network attacks.

Pelgrin is also the founder and chair of the MS-ISAC, whose mission is to raise the level of cyber-security readiness and response for state and local governments nationwide. Although the MS-ISAC Darknet Sensor system will be centered in New York, Pelgrin said the system will benefit other states too.

"I'm a big believer in sharing information and a collaborative and cooperative approach to my job," Pelgrin said. "I knew from the beginning that geographic borders make no sense in state cyber-security. A cyber-attack in California can have an effect in New York." 

A MS-ISAC volunteer member will see what information on dark space should be shared with other states to prevent cyber-attacks. Alaska and Montana have agreed to join New York's Darknet sensor system, and Pelgrin expects others to join once the program is running. States participating in the program will set up a monitoring system with sensors placed in strategic places on the network to create an early warning system. A monitoring center will interpret and evaluate warnings, which will eventually help accurately evaluate cyber-attacks.

"I think it's a very valiant effort and it's a very useful approach," said Jose Nazario, senior security researcher of Arbor Networks, a network security provider. "I liken the approach of darknet monitoring to throwing a petri dish out there or sticking your finger in wind; it's a tremendous way to measure all the junk on the Internet and discover both in terms of known and existing threats, 'Where is it coming from, who's launching them, and who do we need to block or shut down?'"

Dark space monitoring is valuable for protecting municipalities since more government infrastructure and resources are being made available online, Nazario said.

"Clearly it's very valuable for federal governments," Nazario said. "I would argue that state governments depend just as much on infrastructure not only for their own infrastructure but for their resources, whether business or educational institutions, or other research statewide networks."

Nazario said his firm tracks between 2,000 and 3,000 major DoS attacks every day, all of which come from forged addresses.

Although the U.S.-CERT program often warns states of potential cyber-attacks, the program is oriented primarily at the federal level, and states often don't have adequate defense against DoS attacks, according to Pelgrin. With the shared connectivity of the Internet, cyber-attacks can come from anywhere in the world, therefore, a collaborative approach is the best defense for states and organizations worldwide, he added.

"Whatever we learn from states and across the world will help New York state, and hopefully what we do will help other states as well," Pelgrin said.


Chandler Harris is a regular contributor to Government Technology magazine. He also writes for Public CIO, a bimonthly journal, and Emergency Management and Digital Communities magazines.

Chandler Harris  |  Contributing Writer