Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats

Homeland Security secretary Michael Chertoff says federal government and industry need to do more

SAN FRANCISCO -- RSA Conference 2008 -- Michael Chertoff, secretary of the U.S. Department of Homeland Security, is a long way from feeling secure.

In a keynote address and press conference yesterday here, Chertoff discussed the threats faced by government and business, the progress of federal cyber security efforts, and the state of current security technology. And he believes a lot more work needs to be done on all of those fronts.

"What we saw in Estonia last year proves that a single individual can do the same amount of damage that could only be done previously by dropping bombs," Chertoff said. "The threat of cyber attacks is only going to grow more serious as time passes."

There is a real danger that foreign governments, small groups, or even individuals may attempt to harm American infrastructure, not only by attacking government sites as was done in Estonia, but by stealing information or launching denial of service attacks on the country's bedrock institutions, Chertoff said.

"These are the sorts of attacks that could shake global trust in our core systems, such as financial or banking systems," he said. "What if an attacker broke into our air traffic control system, and manipulated it so that we couldn't trust the data we were seeing there? We might have to ground all flights."

Available warning systems, typified by US-CERT, may no longer be sufficient in an era of rapidly-evolving attacks, Chertoff said. "What we need is a quantum leap in detecting and preventing these attacks," he said. "A game-changer."

In January, the federal government introduced the National Cyber Security Initiative, which includes an early warning system for federal systems nicknamed Einstein. But Einstein has been "limited in its effectiveness," partly because it relies primarily on analysis of anomalies that have already occurred, and partly because there are too many possible entry points to monitor.

"We need to reduce the number of access points to federal systems so that there is a finite number of entryways," he said. While there are uncounted ways to access federal systems today via the Internet, the federal government would like to reduce the number of those access points to about 50, he said.

There is real money behind the effort to build out an early warning system and improve federal cyber security, Chertoff noted. The cyber security budget at DHS alone was approximately $115 million, and will increase to $192 million next year. Other agencies will also be increasing their cyber security efforts, he observed, although he conceded that federal agencies have been "uneven" in their approaches to the IT security problem.

"The President has directed that this [cyber security initiative] take place," Chertoff noted. "We've put real money into the process, and we've asked for more. It's going to be hard, but that doesn't mean don't do it."

One of the tricky parts about building a federal cyber security effort is learning to make longer-term investments, Chertoff said. "We tend to be biased in favor of present gain, rather than future loss," he observed. "The largest problem we face in government is that we tend to focus on present, rather than future benefits."

In addition to building up security on government systems, the federal government hopes to work with industry to develop early warning systems and defenses, and even share in the effort to protect consumers, Chertoff said. (See video.)

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.