iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > The DHS Not Providing CyberSecurity
Search:
[ insider_reports_insider ]

The DHS Not Providing CyberSecurity



John Stith
Staff Writer
2005-07-28

SecurityProNews: Insider Reports Insider Reports RSS Feed


The Internet is both a wonder and a curse. It has the ability to connect people around the world instantaneously. It's the universal marketplace. A soldier in Iraq can see his little girl in Kentucky and talk to her. The entire world, China, Iran, the U.S. Norway, everywhere connected all the time. It's both enlightening and frightening when you think about it. It is bringing people closer together from around the world.

The DHS Not Providing CyberSecurity
Should The DHS Provide CyberSecurity?

The curse part comes in because, since everyone is connected, everyone opens themselves up, to viruses, adware, spam, identity theft, credit fraud and many other forms of electronic vandalism and theft. The problem is when you can talk to everyone, they can lob you over the head and take your wallet. The same rule applies to the Internet.

On Monday, the General Accounting Office (GAO) pointed this fact out to the Senate Committee on Homeland Security and Governmental Affairs. They brought up the failure by the Department of Homeland Security (DHS) to adequately protect the electronic infrastructure of the U.S. and to a lesser extent the world.

The GAO told the committee the DHS needs to actually work out and develop cybersecurity because until it does, the Internet itself is vulnerable to a major assault. They need leadership and an Internet recovery plan. The GAO said the DHS doesn't even have a threat assessment system.

In a SecurityProNews story a few weeks ago, Jason Miller talked about hackers cracking the Department of Defense (DoD). Right now, there's a gentleman in Britain wanted by the U.S. government because he hacked, easily according to him, in the DoD networks. He said he was looking for UFO information. What he found was technology information of some things the DoD was working on but he also found a lot of other people from around the world wandering the DoD network. Skynet still sound impossible?

David Powner, director of IT management at the GAO addressed the committee and said "Until DHS addresses its many challenges ... it cannot function as a cybersecurity focal point for coordinating federal law and policy. The result is increased risk. Large portions of our critical infrastructure are unprepared to effectively handle a cybersecurity attack."

According to Senator Tom Coburn, R - Okla., "The United States does not have a robust ability to detect a coordinated attack on our critical infrastructure, nor does it have a measurable recovery and reconstitution plan for key mechanisms of the Internet and telecommunications system." Which mean we'll never even see it coming.

Back in May, the GAO completed an assessment of the cyber infrastructure and telecommunications in the U.S. They determined the DHS needed to address 13 areas and they haven't done it. Much of Powner's remarks restated what the report said. Those include developing and enhancing analysis and warning, provide and coordinate incident response, and recover and identifying and assessing cyber threats and vulnerabilities just to name a few.

Interestingly enough, when the threats were assessed, good old-fashioned, Uzi wielding terrorists were the bottom of the list. The list included bot-network operators, criminal groups, foreign intelligence services, hackers, insiders, phishers, spammers, spyware/malware authors and last was terrorists. So what does this tell us? The DoD needs to be more worried about the guy in Britain hacking in its computers looking for UFOs than they do Al Quaida hacking into their computers.

Some progress is being made however. One of the first major steps was Secretary of Homeland Security Michael Chertoff recognizing cybercrime and cyberterrorism were certainly areas that needed to be addressed. To that end, he's creating a position with a little more bureaucratic clout. The Assistant Secretary of Cyber and Telecommunications Security will have a tough job ahead of them.

The report said and Powner reiterated DHS has a long way to go in protecting the American electronic infrastructure. Right now, the strongest point in this cyber security effort remains private industry. Many companies out there work to improve security at various points along the way. Some build software to install on the computers. Some hardware companies include some protection in their routers and their modems. Others simply look to identify vulnerabilities in Windows or browsers and then you have companies like Microsoft and Mozilla who seek to protect their product and are constantly combing over look for holes. But as things go, this is not enough. It's truly a war in most respects.

Despite all these efforts, banks still get ripped by insiders. Spam and malware still make it on to computers. Small business websites still get held for ransom by denial of service attacks. Viruses still surface and shutdown government and private industry networks for hours costing them millions of dollars in some cases.

Some groups like CIDDAC, SANS and CSIA work to help bridge gaps between government and private industry but there needs to be a coordinated effort. The DHS's job with cyber and telecommunications security will have to coordinated and orchestrate all those efforts. They've got to be able with teenage hackers who want to be cool as much as any corporate espionage effort or concentrate phishing attack to get personal information.

The protection of the cyber infrastructure in the U.S. and world won't be easy. It will be terribly complicated and incredibly vast but with a coordinated effort it can be done. Cyber security is crucial to the protection of the U.S. not so much from a traditional security view point, no guns will be involved. It's more from the viewpoint that so much of the U.S. is networked together in one form or another with much of the rest of the world. This means that cyber security isn't something we can wait on, it's an absolute necessity and it's needed very soon.

By the time Skynet became self-aware it had spread into millions of computer servers across the planet. Ordinary computers in office buildings, dorm rooms; everywhere. It was software; in cyberspace. There was no system core; it could not be shutdown. The attack began at 6:18 PM, just as he said it would.





About the Author:
John is a staff writer for SecurityProNews covering cyber security.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds