The U.S. National Communications System (NCS) plans to develop a Global Early Warning Information System (GEWIS) to monitor the performance of the Internet and provide warnings to government and industry users of threats that could degrade service, such as denial-of-service attacks against the Domain Name Servers that control Internet traffic.
Brenton Greene, deputy director of the NCS, speaking at a meeting here of the Federal Wireless User's Forum (FWUF), said the agency wants to use GEWIS (pronounced "gee-whiz") to monitor the "whole performance of the Internet," starting with the 13 high-level Domain Name Servers (DNS), and provide early warnings not only to government Internet users, but also to operators of e-commerce Web sites.
The NCS was established in 1962 in the wake of the Cuban missile crisis to improve communications coordination among federal agencies. In 1984, President Reagan expanded the mission of the NCS to include management of national security and emergency preparedness communications among federal agencies and state and local authorities.
The NCS is co-managed by the White House and the head of the Defense Information Systems Agency, who is currently Air Force Lt. Gen. Harry D. Raduege Jr.
The communications agency wants to use GEWIS to "monitor the health of the Internet globally, looking for degradations in performance" and then providing warnings if necessary, Greene said in an interview. In remarks to the FWUF conference, Greene specifically cited the performance of e-commerce sites as one of the parameters that GEWIS will monitor.
Given the growing reliance of the U.S. economy on the Internet, any degradation in service -- or outright attack -- is seen as a potential economic problem that could seriously affect e-commerce-related businesses.
Greene said the NCS plans to build GEWIS around existing Internet performance tools integrated into a cohesive suite that can provide a top-level view of system performance. The Internet has become an increasingly important communications tool for federal agencies, with even the Defense Department funneling much of its unclassified traffic over the same network used by individuals to send e-mail and surf Web sites.
Greene emphasized that GEWIS won't be designed to monitor specific traffic on the Internet, but rather to check on its overall performance and status. That includes status checks on overall topology and peering between servers.
He called GEWIS a "cyberwarning" tool, which could provide early indications of DNS flooding attacks and potentially catch viruses such as the Nimda worm or the Code Red virus, whose quick spread in 2001 plagued government and commercial Internet users. Greene said he believes GEWIS could have detected both Code Red and Nimda sooner if it had been in place.
John Pescatore, a security analyst at Gartner Inc. in Stamford, Conn., said that in his view "GEWIS is a good idea, and NCS should be able to pull it off."
"GEWIS will be useful for early warning of attacks against the Internet's underlying structure, like DNS and big core routers and the like, which is a good thing, and needed," Pescatore said.
He predicted that GEWIS would eventually allow for prioritization of traffic to protect parts of the Internet if there is an attack against the entire network.
"The Internet is very resilient, but when parts start to die there is no real rhyme or reason to how they go, and GEWIS could lead to a capability to try to keep important parts up while less important parts fail," Pescatore said. He doubts, however, that GEWIS could provide extra protection against virus proliferation, which is already well handled by companies such as Symantec Corp. and McAfee.com Corp.
Warren Suss, an analyst at Suss Consulting in Jenkintow, Pa., who closely follows federal programs, agreed with Pescatore that in an era of growing cyberattacks against both government and commercial Internet systems, GEWIS "is absolutely needed."
Said Suss, "It will provide broader and more robust protection against attacks that could bring the nation to its knees."