Chertoff Says Cyber Threat Increasing

Dec. 18, 2008— -- Following a two-day wargame exercise on cyber-security issues, Homeland Security Secretary Michael Chertoff today said that no one person should be in charge of cyber-security, despite the growing and emerging future threats.

"As we look at this threat, [it] is clearly only intensifying over time," Chertoff said. "A system where one agency sits over everything, military and civilian, is not usually one that has been regarded favorably by the American public."

Chertoff urged that the existing cyber-security strategy developed and shared by the Pentagon, Homeland Security and the FBI be continued by the incoming Obama administration. "I'm sure this is going to be a major area of focus of the new administration," he told the Cyber Strategic Inquiry 2008 Conference in Washington, D.C., which was organized by the government consulting firm Booz Allen Hamilton and Business Executives for National Security. "And we obviously want to work with them to help them get the benefit of what we've done and whatever advice they seek from us."

Chertoff, who's expected to be replaced by Arizona Gov. Janet Napolitano, noted that President George W. Bush pushed for a major agency review of cyber-security threats and is often briefed on the issue. Bush signed a presidential directive last year that charged Homeland Security and the National Security Agency with establishing a computer-security strategy initiative.

"The way we have set up the architecture of our current system, with DOD [the Department of Defense] maintaining its distinct responsibilities, the intelligence maintaining its responsibilities, and DHS [Homeland Security] and DOJ [Department of Justice] doing its piece in the civilian space, I think that works well," he said. "I think it preserves existing authorities, which have been separated ... to protect our civil liberties."

Threats: Intrusions to Financial Destruction

Recent cases and incidents show the multi-faceted world of cyber-security problems. The U.S. Secret Service announced earlier this year that as many as 40 million credit and debit card numbers had been stolen by a criminal network that gathered the numbers at major U.S. retail stores when the group installed "sniffer" programs into the stores' computers. The Justice Department charged 11 people from around the world.

Beware Russians, Chinese

According to U.S. intelligence and homeland security officials, entities in China and Russia pose the greatest threat to U.S. computer systems.

Chertoff today cited Russian involvement in cyber-attacks against Estonia in May 2007 and said episodes during the Russia-Georgia conflict this past summer have shown further Russian involvement. "When Georgia came into armed conflict with Russia, it was preceded by a cyber-attack by people who, shall we say, were sympathetic to the Russian side of that dispute," he said. "And you might say that the cyber-attack was part of preparing the battle field."

In June of 2007, the computers in the office of Defense Secretary Robert Gates were compromised by intrusions that defense and intelligence sources believe originated in China and, more recently, there have been reports that entities in China gained entry into the Obama and McCain election campaigns' computer networks.

Chertoff also discussed the problems computer-security issues pose for the financial sector. "The financial sector, for example, may be very concerned about the integrity of its data," he said.

Citing the possibility that data destruction by malicious hackers could disrupt significant financial information, Chertoff said, "Imagine a circumstance where a terrorist attacked our financial system and simply altered the data in a way that left people with a lack of confidence that they could get accurate information or access to their assets.

"Imagine if the actual information flow that is the underpinning of a financial system were to become compromised and drawn into question."

EINSTEIN: Prevention Programs

The Department of Homeland Security and the FBI have been focused on protecting major computer systems for critical infrastructure programs, the chemical sector and the banking and finance sectors. Although the government has done a lot to protect against cyber attacks, Chertoff said, "We need to have a plan tailored for a cyber-crisis."

To counter the growing range of attacks on government systems, Homeland Security has worked with the National Security Agency to deploy the EINSTEIN Program. The initial system detected intrusions but an updated version allows Homeland Security to potentially see malicious code. Chertoff today said that a new version of the program, to be released in the next six months, might be able to stop deployment of cyber attacks and retaliate, calling it the "anti-missile" of computer security.

'We Need a Cyberspace Race'

After the war-game exercise, Mark Gerencser, a vice president with Booz Allen Hamilton, said the two-day drill showed that, as for government, "There is not really anybody in charge."

He urged the government and the private sector to do more. "When the Soviets launched Sputnik," he said, "we started a space race. ... Now, we need a cyberspace race."