Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats

Homeland Security secretary Michael Chertoff says federal government and industry need to do more

SAN FRANCISCO -- RSA Conference 2008 -- Michael Chertoff, secretary of the U.S. Department of Homeland Security, is a long way from feeling secure.

In a keynote address and press conference yesterday here, Chertoff discussed the threats faced by government and business, the progress of federal cyber security efforts, and the state of current security technology. And he believes a lot more work needs to be done on all of those fronts.

"What we saw in Estonia last year proves that a single individual can do the same amount of damage that could only be done previously by dropping bombs," Chertoff said. "The threat of cyber attacks is only going to grow more serious as time passes."

There is a real danger that foreign governments, small groups, or even individuals may attempt to harm American infrastructure, not only by attacking government sites as was done in Estonia, but by stealing information or launching denial of service attacks on the country's bedrock institutions, Chertoff said.

"These are the sorts of attacks that could shake global trust in our core systems, such as financial or banking systems," he said. "What if an attacker broke into our air traffic control system, and manipulated it so that we couldn't trust the data we were seeing there? We might have to ground all flights."

Available warning systems, typified by US-CERT, may no longer be sufficient in an era of rapidly-evolving attacks, Chertoff said. "What we need is a quantum leap in detecting and preventing these attacks," he said. "A game-changer."

In January, the federal government introduced the National Cyber Security Initiative, which includes an early warning system for federal systems nicknamed Einstein. But Einstein has been "limited in its effectiveness," partly because it relies primarily on analysis of anomalies that have already occurred, and partly because there are too many possible entry points to monitor.

"We need to reduce the number of access points to federal systems so that there is a finite number of entryways," he said. While there are uncounted ways to access federal systems today via the Internet, the federal government would like to reduce the number of those access points to about 50, he said.

There is real money behind the effort to build out an early warning system and improve federal cyber security, Chertoff noted. The cyber security budget at DHS alone was approximately $115 million, and will increase to $192 million next year. Other agencies will also be increasing their cyber security efforts, he observed, although he conceded that federal agencies have been "uneven" in their approaches to the IT security problem.

"The President has directed that this [cyber security initiative] take place," Chertoff noted. "We've put real money into the process, and we've asked for more. It's going to be hard, but that doesn't mean don't do it."

One of the tricky parts about building a federal cyber security effort is learning to make longer-term investments, Chertoff said. "We tend to be biased in favor of present gain, rather than future loss," he observed. "The largest problem we face in government is that we tend to focus on present, rather than future benefits."

In addition to building up security on government systems, the federal government hopes to work with industry to develop early warning systems and defenses, and even share in the effort to protect consumers, Chertoff said. (See video.)

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Jessica Smith, Senior Vice President, The Crypsis Group,  2/25/2020
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-28
A denial of service issue was addressed with improved input validation.
PUBLISHED: 2020-02-28
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects versions before 12 definitions 200114-0 of Antivirus Pro, Antivirus Pro Plus, and Antivirus for Linux.
PUBLISHED: 2020-02-28
OpenVPN Connect on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.
PUBLISHED: 2020-02-28
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux...
PUBLISHED: 2020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.