Government elaborates, slightly, on cybersecurity plan

After ducking questions this year from both Congress and the private sector about its National Cyber Security Initiative, the Department of Homeland Security finally revealed a little more on Monday.

Paul Schneider, deputy secretary for DHS, along with other senior federal officials, offered more information at a forum hosted by the Information Technology Association of America. Plans for the initiative include enhancing the current cyberintrusion detection system, working more closely with the private sector (a longstanding federal mantra), and focusing on foreign threats.

"Cybersecurity really is one of the top priorities of the Department of Homeland Security and the federal government," Schneider said at the event in Washington, D.C. He called the National Cyber Security Initiative "probably unprecedented in terms of the amount of coordination within the federal government and between the federal government and the private sector."

The DHS is upgrading its intrusion detection system, called Einstein, beyond its currently limited, reactive capabilities.

"We'll be deploying a much more aggressive system that will allow us to look for patterns of malicious code--to shut them down before they do real harm," Schneider said. (It was unclear exactly what Schneider meant. "Shutting down" a botnet conducting malicious activity would mean invading infected PCs around the world; or it could simply mean DHS reconfiguring its own network to ignore certain malicious activity.)

Robert Jamison, DHS undersecretary for national protection and programs, said the department is currently working closely with three different vendors to test "Einstein 2" in different environments. He declined to say which contractors the department is considering for the deploying the new system.

DHS has the lead responsibility to protect the federal civilian domains, which basically means anything with a .gov address, Schneider said. The DHS is also responsible for synchronizing efforts for all networks, including .gov and .mil.

One of Homeland Security's initial goals for the cyberinitiative is to create real-time, situational awareness across all federal domains, Schneider said. While all federal agencies currently maintain situational awareness of their own networks, there is no centralized hub for such information.

"We need to ensure government offices share information regarding malicious data," said Marie O'Neill Sciarrone, special assistant to the president and the Homeland Security Council's senior director for cybersecurity and information-sharing policy. "Intelligence is one of our best preventive tools."

The federal government also plans to limit the number of potential cyberattacks by eliminating many of the external points of access to the federal government networks; it has so far managed to reduce the number of access points from more than 8,000 to about 2,700 as of July, said Karen Evans, administrator of e-government and information technology for the Office of Management and Budget.

'Unprecedented bipartisan support'
While Congress has expressed its concern (PDF) to DHS over the direction of the cyberinitiative, Melissa Hathaway, senior adviser in the Office of the Director of National Intelligence, said there is "unprecedented bipartisan support" for the initiative.

Hathaway herself has appeared before Congress 151 times since last November, either to provide testimony or briefings regarding cybersecurity, she said. There will be more discussions on Capitol Hill this week on the topic, starting with a hearing before the House Homeland Security Committee on Wednesday called "Cybersecurity Recommendations for the Next Administration."

Hathaway said the initiative must remain a focus of the next administration.

"We have already briefed one of the (presidential) candidates and intend to brief the other candidate," she said.

Schneider said the transition from the current administration to the next should be seamless.

"The majority of the people running these programs will be running these programs on January 21," Schneider said. While "any administration can come in with new policies," he said the elements of the Cyber Security Initiative, like common situational awareness, "are foundation pieces of any cybersecurity strategy."

Schneider said the initiative must remain a priority because cyberthreats are "increasing in frequency, sophistication, and scope, whether it's criminal (activity), an extension of state power, espionage, or just plain, old, routine hacking."

One of the goals of the initiative, he said, is to "create a governmentwide cyberintelligence plan specifically focused on foreign state cyberthreats."

Schneider cited the conflict between Russia and Georgia, during which Georgia's networks faced denial-of-service attacks, as "perhaps the first instance of military actions containing a clear cyberelement."

Regardless of the source of threats, officials said the federal government will have to work closely with the private sector to ensure U.S. networks do not suffer because of its vulnerabilities in the global marketplace.

"We need to make sure the products we import are not seeded with malicious hardware or software," Schneider said. "This is a real concern--these products essentially function as Trojan horses."

The government plans to increase its information sharing with the private sector under the cyberinitiative via the National Infrastructure Protection Plan, which works across 18 sectors.

The DHS also plans to "build the next generation of our cybersecurity workforce," Schneider said, by committing resources to educating and training current employees, as well as recruiting new talent and encouraging rotation between the public and private sectors.

Schneider said privacy and civil liberty concerns are at the center of DHS efforts.

"This is not about sitting over the Internet and controlling what people see, nor is it about reading people's e-mails," he said. "We're talking about protecting the federal networks."