Streamlining the US Army network incident reporting system

Abstract

Every day unauthorized users from around the world probe and infiltrate the army data network. In response to this growing threat, the Army implemented a system of computer emergency response teams (CERTs) to address network security concerns. Located in six secure facilities around the world, Regional Computer Emergency Response Teams (RCERTs) protect the hundreds of thousands of computers on the Army network from malicious attacks. The RCERTs are responsible for reporting their findings, in a format called an dasiaincident reportpsila, to the Army CERT (ACERT), where they collect and organize them into a database for further analysis. While highly effective, a problem exists in that each of the six regional CERTs reports its findings in a different manner, creating an inefficient system requiring weekly maintenance. In search of a solution for these issues, the Army asked four cadets from the United States Military Academy to analyze the problem as their senior capstone project. The team of cadets used West Pointpsilas Systems Decision Process (SDP) to define the problem, create alternatives, and implement what the decision maker referred to as ldquophases of the operation.rdquo A diagram of the SDP can be found in Appendix A. As a result of this project, the recommended solution will streamline the incident reporting process by standardizing not only the incoming data, but also the reporting medium and time frame that each CERT was using. The implementation of the solution should have a positive impact upon the global Army computer network and national security.