By Alice Lipowicz
The Homeland Security Department has drafted a set of key scenarios
for possible cyberattacks against the Internet and critical IT
systems, and is seeking comments from the private sector on how to
best prepare and respond to such attacks, according to Andy Purdy,
acting director of DHS' National Cybersecurity Division.
DHS officials and the White House also are putting the finishing
touches on a new national cybersecurity research and development plan,
Purdy said earlier this week at a seminar on Capitol Hill. The event
was sponsored by Nortel Networks Corp., a global telecommunications
equipment manufacturer based in Brampton, Ontario.
"At DHS we recognize the importance of cybersecurity risks and we are
energized by that risk," Purdy said.
Homeland Security Secretary Michael Chertoff also is preparing to name
an assistant secretary for cybersecurity and telecommunications, he
Purdy outlined several initiatives undertaken by his division to
bolster cybersecurity and to prepare for a national cyberattack
exercise known as Cyber Storm in November.
As part of their planning for disaster recovery for IT systems, DHS
officials are looking at key dependency elements, such as maintaining
adequate electrical power supplies, as critical parts of the recovery,
The department is working with advisers to prepare plans for
maintaining Internet operation following a catastrophe, and also
focusing on Internet-based control and process systems, which are IT
systems that control the daily operations and interrelations of many
plants and utilities.
"Control and process systems are one of our major priority
efforts - it's a huge challenge and a significant cybersecurity risk,"
DHS also is meeting with software industry groups to promote shared
responsibility for cybersecurity. "It's not just the responsibility of
end users. The hardware and software makers need to do a better job to
reduce vulnerabilities so we can all be safer," he said. For example,
the industry needs to develop tools to make sure that software does
not include secret back doors and malicious code, he said.
Also at the event, Nortel CEO Bill Owens warned that a catastrophic
cyberattack against the Internet could create a "virtual [Hurricane]
Katrina" that would reverberate throughout the U.S. economy.
Owens said the growing threat over the next two or three years is
coming from new viruses that may attack wireless devices and mobile
phones, which can then infect broadband networks, government computers
and mission-critical IT systems. He said China, India and South Korea
take the risks more seriously than does the United States.
"I am frightened as hell about this issue of cybersecurity because we
see it in spades around the world," Owens said.
InfoSec News v2.0 - Coming Soon!