By Ryan Naraine
The U.S. government is working on a project to defend federal networks
from large-scale cyber-attacks.
SAN FRANCISCO - Secretary of Homeland Security Michael Chertoff says the
U.S. government is working on the equivalent of the "Manhattan Project"
to defend federal networks and national security interests from
During a keynote presentation at RSA Conference, Chertoff painted a
gloomy picture of the government's readiness for a determined attack on
critical communication networks and said the recent creation of a new
National Cyber Security Center would be crucial to finding early signs
of hacker activity.
"The human and economic sacrifices from a cyber-attack can be
devastating ... on par with what this country experienced on September
11," Chertoff said, calling on the private sector and computer security
professionals to partner with the federal government on creating a
valuable early warning system for major network attacks.
He referred to the 2007 denial-of-service attacks against Estonia as
proof that large-scale cyber-attacks can have far-reaching consequences
and cascading effects across the world.
"That botnet attack in Estonia shut down the government there for a
period of time. It affected their financial system and government Web
sites and lasted for about two weeks. It affected the ability of the
Estonian government to govern. That's just one example of what any
country or government can face if determined terrorists or
mischief-makers decide to do damage," Chertoff said.
"A single individual, a small group or a nation state can exact damage
and destruction similar to dropping a bomb or explosives," he warned.
During his presentation, Chertoff said much of the day-to-day operations
of the Cyber Security Center remain classified but he insisted that the
federal government's mission is to use early-warning technology to
detect anomalies linked to malicious attacks.
"The best way to deal with an attack is to prevent it before it happens.
Giving an adversary one bite of the apple is one bite too much," he
However, because there are "thousands of entry points to federal
domains," Chertoff said the government was "limited in our ability to
deal with cyber-attacks."
Chertoff said the U.S. CERT (Computer Emergency Readiness Team), using
an intrusion detection program called Einstein, can actively monitor
entry points to domains and automate the process of collecting,
correlating, analyzing and sharing computer security information across
the federal government.
Einstein has been used on federal networks since 2004, but because it's
not fully deployed, there are still major gaps in the government's
ability to monitor all its domains.
"We still can't monitor it in real time effectively. The federal
agencies are uneven in the way they protect their own assets," Chertoff
said, noting that some agencies have round-the-clock watch and warn
systems while others are without that level of visibility.
Another problem with Einstein, Chertoff said, is its "backwards-looking
architecture," which slows down the monitoring process. "The monitoring
doesn't happen instantly and that's a weakness. We can't afford to have
time delays in a world where attacks come in microseconds from all
points of the globe," he added.
Chertoff said the government was working on reducing the number of
access points to federal domains. The long-term plan is to identify a
finite number of entry points to allow better, more effective monitoring
"We now have thousands of these entry points and we're looking to bring
it down to about 50," he said.
Subscribe to InfoSec News