Chertoff Describes `Manhattan Project` for Cyber-defenses

Chertoff Describes `Manhattan Project` for Cyber-defenses
Chertoff Describes `Manhattan Project` for Cyber-defenses 

By Ryan Naraine

The U.S. government is working on a project to defend federal networks 
from large-scale cyber-attacks.

SAN FRANCISCO - Secretary of Homeland Security Michael Chertoff says the 
U.S. government is working on the equivalent of the "Manhattan Project" 
to defend federal networks and national security interests from 
large-scale cyber-attacks.

During a keynote presentation at RSA Conference, Chertoff painted a 
gloomy picture of the government's readiness for a determined attack on 
critical communication networks and said the recent creation of a new 
National Cyber Security Center would be crucial to finding early signs 
of hacker activity.

"The human and economic sacrifices from a cyber-attack can be 
devastating ... on par with what this country experienced on September 
11," Chertoff said, calling on the private sector and computer security 
professionals to partner with the federal government on creating a 
valuable early warning system for major network attacks.

He referred to the 2007 denial-of-service attacks against Estonia as 
proof that large-scale cyber-attacks can have far-reaching consequences 
and cascading effects across the world.

"That botnet attack in Estonia shut down the government there for a 
period of time. It affected their financial system and government Web 
sites and lasted for about two weeks. It affected the ability of the 
Estonian government to govern. That's just one example of what any 
country or government can face if determined terrorists or 
mischief-makers decide to do damage," Chertoff said.

"A single individual, a small group or a nation state can exact damage 
and destruction similar to dropping a bomb or explosives," he warned.

During his presentation, Chertoff said much of the day-to-day operations 
of the Cyber Security Center remain classified but he insisted that the 
federal government's mission is to use early-warning technology to 
detect anomalies linked to malicious attacks.

"The best way to deal with an attack is to prevent it before it happens. 
Giving an adversary one bite of the apple is one bite too much," he 

However, because there are "thousands of entry points to federal 
domains," Chertoff said the government was "limited in our ability to 
deal with cyber-attacks."

Chertoff said the U.S. CERT (Computer Emergency Readiness Team), using 
an intrusion detection program called Einstein, can actively monitor 
entry points to domains and automate the process of collecting, 
correlating, analyzing and sharing computer security information across 
the federal government.

Einstein has been used on federal networks since 2004, but because it's 
not fully deployed, there are still major gaps in the government's 
ability to monitor all its domains.

"We still can't monitor it in real time effectively. The federal 
agencies are uneven in the way they protect their own assets," Chertoff 
said, noting that some agencies have round-the-clock watch and warn 
systems while others are without that level of visibility.

Another problem with Einstein, Chertoff said, is its "backwards-looking 
architecture," which slows down the monitoring process. "The monitoring 
doesn't happen instantly and that's a weakness. We can't afford to have 
time delays in a world where attacks come in microseconds from all 
points of the globe," he added.

Chertoff said the government was working on reducing the number of 
access points to federal domains. The long-term plan is to identify a 
finite number of entry points to allow better, more effective monitoring 
of traffic.

"We now have thousands of these entry points and we're looking to bring 
it down to about 50," he said.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods