"With decades of IT infrastructure built to support changing technologies, there is little ability to baseline the entire infrastructure within the United States," said Randy Vickers, director of the United States Computer Emergency Readiness Team (US-CERT), in an interview Wednesday. "This variety of platforms and applications provides many possible vectors by which to attack infrastructure."
Vickers is scheduled to join other IT leaders from government agencies for a panel to discuss the threat of cyber war and how to deter it at the Black Hat security conference in Las Vegas on Thursday.
US-CERT is a division of the Department of Homeland Security (DHS) responsible for responding to and defending against cyber attacks for the federal government's IT infrastructure. It also is in charge of sharing information and collaborating with state and local governments as well as the private sector to protect critical infrastructure in the U.S.
Vickers said that critical infrastructure is not likely to become less prone to attacks anytime soon. He cited ongoing changes in the IT landscape -- such as cloud computing and an increasingly mobile workforce -- as conditions that only open up infrastructure to more threats.
"The environment is only going to increase in complexity, and as more threat capabilities are developed the risk to our information infrastructure that we are so heavily dependent upon also increases," he said.
To achieve its goal to keep an eye on federal networks, the DHS is currently deploying an intrusion-detection and security system called EINSTEIN 2, Vickers said. The system is currently operational at 12 of 19 federal agencies, providing US-CERT with, on average, visibility into more than 278,000 indicators of potentially malicious activity per month, he said.
EINSTEIN 2 should be fully deployed at the federal government by the end of the year, after which the DHS will take security to the next level with EINSTEIN 3, Vickers said.
EINSTEIN 3, developed by the National Security Agency, is the third phase of the Comprehensive National Cybersecurity Initiative (CNCI), and will provide intrusion prevention on top of EINSTEIN 2's intrusion-detection capability, he said. The first phase of the system -- EINSTEIN 1 -- is currently in deployment as system that gathers information about network traffic.
US-CERT first revealed details about EINSTEIN 3 in March. At the time, the DHS said the system will do real-time, deep packet inspection and make decisions based on threats by examining network traffic at the edge of federal agency networks.
This activity will redirect agency Internet traffic to DHS cybersecurity systems, which will determine which traffic might be associated with cyber threats and how to respond, they said. The DHS worked with a commercial Internet service provider to do a test deployment of EINSTEIN 3 earlier this year. Vickers said these types of private-public partnerships will continue as the federal government continues to work to secure its network infrastructure against cyber attacks.
"At the end of the day, the architecture for the dot-gov's cyber perimeter defense will be hybrid of government and private technologies," he said.