Internet2 Network Security SIG

["Beadles, Mark A." <>]

Looks like my signature cert was invalid – sorry about that. I assure you that it was me though, you can trust me. Right?

 

Mark Beadles

Chief Information Security Officer

OARnet, an Ohio Technology Consortium Member

A division of the Ohio Department of Higher Education

 

www.oar.net www.oh-tech.org

 

direct 614.292.8217

mobile 614.327.8046

 

From: [mailto:] On Behalf Of Beadles, Mark A.
Sent: Friday, February 09, 2018 10:58 AM
To:
Subject: RE: [Security-WG] Strange request from Air Force

 

We have not been approached by the AF itself on this – but we did receive a request exactly like the one WVNET received a couple years ago from another TLA. We did *not* want to put it on the Higher Ed/Research network for numerous reasons and were quite firm on that. The eventual outcome of that was that the State government agreed to implement the boxes on their side of the network, so that the State’s traffic is monitored by the boxes but the Higher Ed/Research traffic is not.

 

The AF angle is interesting and I will keep an eye on that, since we serve a lot of AF-related things in the Dayton area.

 

Mark Beadles

Chief Information Security Officer

OARnet, an Ohio Technology Consortium Member

A division of the Ohio Department of Higher Education

 

www.oar.net www.oh-tech.org

 

direct 614.292.8217

mobile 614.327.8046

 

From: [] On Behalf Of Rick Haugerud
Sent: Friday, February 09, 2018 10:53 AM
To:
Subject: RE: [Security-WG] Strange request from Air Force

 

We have experienced a situation like this a couple of years ago.  We were contacted by a member of US Air Force Incident Command.  They had identified a series of servers and accounts in one of our colleges that had been compromised, and were being used as a jumping point to go elsewhere.  They asked us to install a “black box” that would allow them to monitor the activity.

 

They actually flew to Lincoln (3 of them) and met with us and described some of the activity.  We allowed them to install the “black box” on our network for about 18 months.  Information sharing was minimal, and ultimately we disconnected the box and shipped it back.

 

Rick

 

Rick Haugerud

Office of Cybersecurity & Identity|ITS|

211 Nebraska Hall, 68588-0522

University of Nebraska |nebraska.edu

Kearney|Lincoln|Omaha

402-472-2135 (o)

 

Information Technology Services
Connecting people, ideas and technology for a better University, a better you.

 

From: [] On Behalf Of John Dundas, III
Sent: Friday, February 9, 2018 9:33 AM
To:
Subject: Re: [Security-WG] Strange request from Air Force

 

On 2/8/18 1:09 PM, Karl Newell wrote:

Hi all,

 

One of our members experienced the following, I’m wondering if anyone has heard of something similar or what your thoughts are.

 

The Air Force contacted the member’s DNS registrar saying they had information to share about the member’s network.  This request made it to the CISO who called back.  The Air Force wanted to install a device on the member’s network to monitor traffic.  It was assumed there would be information sharing but the member did not agree to work with the Air Force.

 

Thanks,

Karl

Karl,

Thanks for posting this.  To my knowledge, CENIC has not been approached by any agency with such a request.

Also thank you for declining the "offer."  Numerous red flags are at full-mast.

John