The U.S. government is working on a project to defend federal networks from
large-scale cyber-attacks.SAN FRANCISCO—Secretary of Homeland Security
Michael Chertoff says the U.S. government is working on the equivalent of the
"Manhattan Project" to defend federal networks and national security
interests from large-scale cyber-attacks.
During a keynote presentation at RSA
Conference, Chertoff painted a gloomy picture of the government's readiness for
a determined attack on critical communication networks and said the recent creation
of a new National Cyber
Security Center
would be crucial to finding early signs of hacker activity.
"The human and economic sacrifices from a cyber-attack can be devastating ...
on par with what this country experienced on September 11," Chertoff said,
calling on the private sector and computer security professionals to partner
with the federal government on creating a valuable early warning system for
major network attacks.
He referred to the 2007 denial-of-service attacks against Estonia
as proof that large-scale cyber-attacks can have far-reaching consequences and
cascading effects across the world.
"That botnet attack in Estonia
shut down the government there for a period of time. It affected their
financial system and government Web sites and lasted for about two weeks. It
affected the ability of the Estonian government to govern. That's just one
example of what any country or government can face if determined terrorists or
mischief-makers decide to do damage," Chertoff said.
"A single individual, a small group or a nation state can exact damage and
destruction similar to dropping a bomb or explosives," he warned.
During his presentation, Chertoff said much of the day-to-day operations of the
Cyber Security
Center remain classified but he
insisted that the federal government's mission is to use early-warning
technology to detect anomalies linked to malicious attacks.
"The best way to deal with an attack is to prevent it before it happens.
Giving an adversary one bite of the apple is one bite too much," he said.
However, because there are "thousands of entry points to federal
domains," Chertoff said the government was "limited in our ability to
deal with cyber-attacks."
Chertoff said the U.S. CERT (Computer Emergency Readiness Team), using an
intrusion detection program called Einstein, can actively monitor entry points
to domains and automate the process of collecting, correlating, analyzing and
sharing computer security information across the federal government.
Einstein has been used on federal networks since 2004, but because it's not
fully deployed, there are still major gaps in the government's ability to
monitor all its domains.
"We still can't monitor it in real time effectively. The federal agencies
are uneven in the way they protect their own assets," Chertoff said,
noting that some agencies have round-the-clock watch and warn systems while
others are without that level of visibility.
Another problem with Einstein, Chertoff said, is its "backwards-looking
architecture," which slows down the monitoring process. "The
monitoring doesn't happen instantly and that's a weakness. We can't afford to
have time delays in a world where attacks come in microseconds from all points
of the globe," he added.
Chertoff said the government was working on reducing the number of access
points to federal domains. The long-term plan is to identify a finite number of
entry points to allow better, more effective monitoring of traffic.
"We now have thousands of these entry points and
we're looking to bring it down to about 50," he said.
/ 4 
