informa
News

Senate Hears Testimony From Federal Cybersecurity Pros

National Cyber Incident Response plan should be ready by December or January
In wide ranging testimony before the Senate Judiciary Committee on Tuesday, some of the federal government's top cybersecurity authorities said that the status quo in federal cybersecurity is not sufficient. They discussed plans to improve cyber defenses, including a new comprehensive National Cyber Incident Response Plan to delineate duties in case of a major cyber attack.

"There is a comprehensive strategy, but it's not a one-pronged strategy," said Philip Reitinger, deputy under secretary of the national protection and programs directorate and director of the National Cyber Security Center at the Department of Homeland Security. "There's no silver bullet. Broadly, we need to up our defensive game."

DHS is leading an inter-agency initiative to create a National Cyber Incident Response plan that should be cpmpleted by December or January, and will be tested during next September's annual Cyber Storm exercise, Reitinger said.

The plan will aim to provide federal agencies, state and local governments, and the private sector with clear roles and responsibilities in case of a major attack. Reitinger gave assurances that the private sector has been consulted.

The Department of Homeland Security has recently taken a strong central role in cybersecurity, particularly in protecting civilian federal IT infrastructure and coordinating cooperation with the private sector to secure the nation's critical infrastructure. In his testimony, Reitinger laid out a number of the agency's plans, including growing DHS' cybersecurity staff by more than 50%.

For example, DHS is architecting Einstein 3, an intrusion prevention system, for use in federal networks (Einstein 1 is a network flow monitoring system, and Einstein 2 is an intrusion detection system). "This more robust version of Einstein would provide the federal government with early warnings, enhanced situational awareness, the ability to automatically detect malicious activity, and the capability to prevent malicious intrusions before harm is done," Reitinger said.

Reitinger noted a number of other efforts as well, including the development of a supply chain risk management framework, consolidation of agencies' external Internet connections, the ramp up of a national cybersecurity center, the launch of an incident response facility this month, and the beginning of a pilot project to share more information on cyber attacks with the financial sector.

Recommended Reading: