Web-enabling an early warning and tracking system for network vulnerabilities

Abstract

The Information Assurance Vulnerability Alert (IAVA) process was established to provide an early warning and tracking capability for protecting Department of Defense (DoD) networks against identified system vulnerabilities. The Navy initially used record message traffic for the information distribution required by the process. This approach was heavily administrative and prone to significant delays in an already time critical process. Additionally, it lacked support for automated data validation, resulting in unreliable vulnerability tracking information. As a result, the process was ineffective, and Navy networks remained highly susceptible to exploitation, even for welldocumented system vulnerabilities. For this thesis, web-enabling technology is used to build and deploy an early warning and tracking system for Navy network vulnerabilities. The research sponsor, the Navy Component Task Force for Computer Network Defense (NCTF-CND), has named it the Online Compliance Reporting System (OCRS). It is now being used by all Navy commands and has proven efficient and highly effective in defending Navy networks against known vulnerability exploitations. As a result, the system has gained significant interest from other organizations and the research sponsor is now planning to fund maintenance and future enhancements by the Space and Naval Warfare Systems Center in Charleston, South Carolina.