9-11 Commission keeps network secure

The National Commission on Terrorist Attacks Upon the United States

Officials from the 9-11 Commission investigating the terrorist attacks of Sept. 11, 2001, recently wrapped up two days of high-profile public hearings, but researchers working for the commission continue to gather information to prepare a complete account of the events surrounding the attacks.

To enable researchers at remote sites and various offices to collaborate and conduct research via the Internet, technology managers with the commission have set up a virtual private network that offers secure communications and quick access to data.

The 9-11 Commission, officially known as the National Commission on Terrorist Attacks Upon the United States, is an independent, bipartisan commission chartered by Congress in November 2002. The agency is responsible for preparing a report on the events leading up to and during the attacks.

Starting with just four staffers in February 2003, the commission now employs nearly 70 people, 50 of whom are researchers. The commission has teams in two offices in Washington, D.C., and one in New York City, and staffers working at remote sites. The researchers need access to data, including WAV files, images and newspaper clippings, according to Garth Wermter, director of technology for the 9-11 Commission and director of technology at the University of Virginia.

So technology managers installed two networks: a private network to handle classified information, which is not connected to the Internet, and another network for unclassified but sensitive materials.

"We settled on the idea that we needed a virtual private network and firewall because we wanted the folks who are mobile to connect back into the unclassified network," Wermter said.

Commission officials needed a network that could be set up quickly, would be easy for staff and researchers to connect to, and would be flexible enough to handle the growth and changing nature of the staff. That search led the commission to deploy Watchguard Technologies Inc.'s integrated Firebox 700 firewall and VPN at each office, with remote VPN users connecting to the main office in Washington, D.C. Technology managers set up T1 Internet connections for each office and gave mobile and home-office users VPN client software.

The commission also subscribed to Watchguard's LiveSecurity service, which protected the network from the onslaught of computer viruses and worm attacks during the summer of 2003 that infected many corporate and some federal networks.

"We avoid worms completely, including recent threats and last summers'" worms, Wermter said. Because the Firebox 700 performs application layer inspections, viruses and worms are caught before they infect machines. Such inspections examine the content of network packets, allowing the firewall to block malicious code found in executable files or Java applets, for example. Wermter added that the firewall has protected researchers from malicious code that could be placed on Web sites they might go to for research purposes.

The LiveSecurity service, which comes bundled with the Fireboxes, offers additional protection. LiveSecurity includes software updates for Watchguard products to protect against specific attacks, technical support, security alerts on emerging threats and online self-help tools.

LiveSecurity is an important service for any company relying on Internet connections, said Charles Kolodgy, research manager for Internet security at IDC. The service "does the security research for you. If you don't have a dedicated staff for security, you can [still] get a feel for what's going on" regarding threats and attacks, he said.

"We don't go into work worrying about the security of the network" anymore, Wermter said. Technology managers are now working on interactive applications that pull together researcher reports and analysis, he added.

For instance, researchers have radar data that can help in analyzing the movement of the hijacked airplanes, but that data is not synchronized with text or other documents, Wermter said. Another researcher might have a Microsoft Corp. Excel spreadsheet that tracks various individuals' movements that day, but it would be helpful to have something visual to accompany it.

Pulling this together requires a great deal of data sharing. Two teams are working to create visual presentations, Wermter said. So a likely scenario could be an application with radar data, tracking plane activity, with a map of the United States layered over it. It would be even better if there was audio from traffic controllers or telephone conversations to go with it.

"We want to make the report as understandable to the public" as possible "and help tell the story" of Sept. 11, 2001, Wermter said.

Originally scheduled to deliver the final report to Congress and the public by May 2004, the commission was recently granted a two-month extension by President Bush. The final report is now due July 26.