Highlights
– DHS Secretary announces need of a “Manhattan Project” to bolster cyber security
– Plans include reducing government owned Internet gateways and developing a robust government-wide early warning system
– Experts question feasibility of a cyber attack early warning system
At the RSA Conference, a popular information security conference, Secretary of the Department of Homeland Security Michael Chertoff stated, “the human and economic sacrifices from a cyber-attack can be devastating on par with what this country experienced on September 11.” Chertoff noted although “we are not likely to see airplanes crashing into buildings” the damage caused by a sophisticated cyber attack from an economic standpoint may well be just as costly.
Cyber “Manhattan Project”
During his presentation, Chertoff discussed the broad contours of the federal government’s planned response to the panoply of cyber threats attacking our nations critical infrastructure. He stated that DHS was engaged in a “Manhattan Project” styled effort to secure computer networks owned by the federal government.
As part of this effort, the federal government is first working to shrink its available attack surface by reducing the number of Internet gateways used by the federal government. Federal officials have previously testified before Congress that the federal government currently utilizes approximately 4,000 gateways to the Internet. Chertoff stated that DHS’s goal was to reduce this number to approximately 50 gateways. DHS hopes that reducing the number of federally owned Internet gateways will enable the government to more effectively monitor Internet traffic on government owned networks.
Chertoff also discussed an intrusion detection program used by the federal government known as Einstein. While Einstein isn’t fully deployed across the entire government and is not currently designed to provide for real time network monitoring, Chertoff hopes that reducing the number of government operated Internet gateways along with improvements in the Einstein program will allow the federal government detect and deter cyber attacks before they occur.
Early Warning System; A Worthwhile Endeavor
In theory, improved monitoring would allow the government to detect and stop cyber attacks in real-time as well as deter future attacks from occurring. Some cyber security experts claim that the construction of a cyber attack early warning system is a fool’s errand. Robert Graham, CEO of Errata Security, has said, “technologically, all we can do is a post-warning system – you’ve been hacked. It’s instantaneous. It’s not like a hurricane or missile coming at you that you can track coming towards you.” According to this rationale, cyber attacks can take nearly any shape and may well exploit previously unknown “zero-day” vulnerabilities and are therefore impossible to develop signatures for.
While “zero-day” attacks are difficult to detect as they occur, the creation of a cyber attack early warning system is still a worthwhile endeavor for the following reason. Many of the reported attacks against government systems have not been technically sophisticated. Rather, a good deal of attacks rely on social engineering techniques that dupe the unsuspecting users into downloading malware onto a government owned computer.
In many cases, the downloaded malware has loaded previously know exploits or exploited other known vulnerabilities. In these cases, an early warning system may well be able to detect these types of attacks and effectively harden systems from routine external attack.