Water Resources Information Technology Security Infrastructure

In Reply Refer To: 
Office of Information 
Mail Stop 440 

                                                                         
                                              January 29, 2001 

                                                                           
                            Memorandum 


To:    See Distribution 

From:  Robert M. Hirsch /signed/ 
       Associate Director for Water 

Subject:  Water Resources Information Technology Security Infrastructure 

This memorandum identifies newly assigned authority to the Water Resources 
Discipline (WRD) Information Technology (IT) Security Manager and requests 
your commitment and assistance in further securing our IT infrastructure. 

You are all aware of the threat computer hackers pose to computer systems 
around the world.  Reports of major disruptions of Federal and commercial 
computer systems are now common in the news.  The USGS has become a 
frequent victim of attacks from hackers.  USGS systems are constantly 
subjected to scans and probes at the rate of hundreds per week in attempts 
to gain unauthorized access.  Many of these have resulted in successful 
intrusions and compromises.  Intrusions can take the form of Web page 
defacements or actual penetrations into critical scientific and 
administrative systems.  As a result, we have lost the use of valuable 
systems for extended periods of time and spent thousands of dollars 
restoring systems and data.  Outside threats to USGS systems are serious 
problems and we all need to work together to maintain the integrity of our 
services and information. 

The WRD IT Security Team, under the direction of the WRD IT Security 
Manager, was formed to ensure the confidentiality, availability, and 
integrity of our computers and the data stored on them.  The WRD IT 
Security Team, in conjunction with the Bureau Incident Response Team, 
works to ensure that systems are configured to limit threats, provide 
intrusion detection and scanning software, and responds to events caused 
by unauthorized use.  Plans for IT security direction for WRD, the Bureau 
and a list of current WRD IT Security Team members are documented in the 
Distributed Information System Infrastructure Direction Memorandum #13, 
located on the web at: 

          http://wwwqvarsa.er.usgs.gov/it/memo-13.html

The WRD makes every effort to comply with recommended Federal, 
Departmental and Bureau security policies and procedures.  Despite these 
efforts several WRD computer systems were compromised in recent months.  
During the process of responding to these security breaches, it became 
apparent that the WRD IT Security Manager, and the Deputy WRD IT Security 
Manager need system network removal authority in order to effectively 
assess and respond to future incidents. 

Due to the probability that a future security breach could result in a 
compromise to our most sensitive data, I am authorizing the WRD IT 
Security Manager and the Deputy WRD IT Security Manager to act in an 
emergency situation with the full authority of the Discipline to 
temporarily remove compromised or exploited systems from the network.  
This action is necessary to contain the threat of further damage to the 
affected system and its data.  It is also necessary to ensure that the 
threat is limited to the exploited system.  Whenever possible, 
notification will be sent to the respective office chief, the system 
administrator, and the regional computer specialist before the affected 
system is removed from the network.  Every effort will be made by the WRD 
IT Security Team and the Bureau Incident Response Team to aid system 
administrators of compromised systems in assessment and restoration. 

System administrators should refer to the "Activities" link on the WRD IT 
Security web page for preliminary information about actions they can take 
now to improve security at individual WRD offices: 

         http://wwwqvarsa.er.usgs.gov/security/         

Another memorandum will be sent in the near future to provide you with 
information about additional actions individual WRD offices can take to 
improve security.  This memo will also provide you with information about 
IT security investments being made at the Bureau and Discipline levels. 

I am pleased with the efforts made to date by WRD staff in the area of 
critical IT infrastructure protection and trust with your continued 
cooperation that even more progress will be made toward the goal of a 
fully secure and reliable network of systems.

DISTRIBUTION: A, B, DC, SA

**********************************************************
* Robert M. Hirsch   
* Associate Director for Water     
* 409 National Center                  rhirsch@usgs.gov
* U.S. Geological Survey                    703-648-5215
* Reston, VA 20192                         fax 703-648-7031
************************************************************