Goverment IT News Security

US Call For Public-Private Alliance To Fight Cyber-Threat

US DHS Secretary calls for the public, government and private industry to work together against cyber-attacks

The United States government needs to collaborate with academia and businesses to fight cyber-attacks, the Secretary of Homeland Security Janet Napolitano said in a speech to engineering students at the University of California at Berkeley.

Napolitano outlined some of the cyber-security challenges the federal agency regularly faces while protecting the nation’s critical security infrastructure. Some of the more serious recent threats, she said, included the spread of the Stuxnet worm, the attacks on NASDAQ, the emails stolen from Epsilon and the data breach at RSA Security.

Cyber-Crime A Fact Of Life

While the country is more secure and better prepared than it was a few years ago, the rapid evolution of cyber-space and threats to its security mean “we all have a role to play” in cyber-defence, according to Napolitano. Just as all cities experience some crime, cyber-crime is now part of being online.

While it is the responsibility of the Department of Home Security (DHS) to protect critical infrastructure and cyber-space, “this is not something we can do by ourselves”, but requires a “full range of partners”, according to Napolitano. The “shared security” is only possible if other government agencies, the private sector and individual Internet users all became engaged in the fight, she said.

“Terrorist threats have not gone away… they have evolved,” Napolitano said.

Attacks are becoming increasingly more sophisticated and using “very novel” attack vectors, so it is important to be able to respond to a threat quickly. After the breach at RSA Security where SecurID information was stolen, the DHS worked with RSA, law enforcement authorities and the intelligence community to minimise the damage.

“We took our understanding of the tools, tradecraft and techniques used by these malicious actors and converted it into actionable information that all 18 critical infrastructure sectors could use,” Napolitano said.

The DHS has spearheaded the development of the first-ever National Cyber Incident Response Plan, which enables the agency to co-ordinate the response of multiple agencies, state and local governments, and the private sector in the event of a cyber-attack, Napolitano said.

While the US Science and Technology Directorate is also working on developing and deploying more secure Internet protocols to protect consumers and businesses online, the private sector needs to “redouble its efforts in the quality of products” it offers to fend off hacking, spamming, spoofing and the like, according to Napolitano.

Identity Ecosystem

In her speech, the DHS secretary also addressed the recently finalised “National Strategy for Trusted Identities in Cyberspace” report, an effort to create an identity ecosystem to protect online consumers from fraud. Instead of having usernames and passwords that are different for every Website, Napolitano said a better approach would be to rely on a single set of credentials that would be accepted across all Websites. “Dozens of companies could offer this,” she said.

Even though the cyber-security department at the DHS has “tripled” from 2009 to 2010, it’s not growing fast enough to keep up with the attackers. “We still need more people. We need a strong and innovative group to take on this incredible challenge that protections of cyber-space demand,” Napolitano said.

Napolitano cited recent statistics from Symantec that found cyber-attacks increased 93 percent in 2010, compared with 2009. “We’re dealing with multiple risks at the same time,” she said.

During the question and answer session with the students, Napolitano dodged a question about the infamous Internet kill switch that would allow the government to disconnect critical infrastructure from the Internet in an emergency. Napolitano said that Congress is likely to address the issue this year as part of its cyber-security legislation.

Napolitano has been making the rounds at major universities since the beginning of the year, including MIT and George Washington University, to talk about cyber-security and to encourage students to think about careers in the federal government.

“We need technologists who understand policymaking,” Napolitano said.