Federal cybersecurity officials are trying to develop an early warning system that alerts authorities to incoming computer attacks targeting critical U.S. infrastructure, Homeland Security Secretary Michael Chertoff said Tuesday.
Chertoff's keynote speech at the RSA security conference, however, was light on details about this and other initiatives, many of which he said were classified. Instead, he focused heavily on his pitch to recruit private-industry security researchers as the government beefs up its cybersecurity staffing.
U.S. officials have acknowledged that hackers have broken into the networks of at least one government research laboratory and even the Pentagon over the past year and are intensifying their attacks. A well-targeted attack could potentially cripple financial institutions or air traffic control systems or expose U.S. secrets to enemies.
Chertoff said there are currently too many openings into government networks for criminals to explore and possibly exploit with viruses or other types of malicious code.
One of the homeland security department's goals is to winnow down the number of Internet access points into government agencies from the thousands that exist today to about 50, Chertoff said. He gave no timetable or details on how the plan would be implemented.
Chertoff also did not say how the government plans to detect and flag computer threats before they sneak into government networks. But he did acknowledge the technical challenge in developing an early warning system that works reliably across a wide range of IT systems.
"It's going to be hard. It's hard technically. It's hard because to some degree it requires working together," Chertoff said in response to a question. "The fact that something's hard doesn't mean, 'Let's not do it because it's going to be difficult.' It means, 'Let's roll up our sleeves and get started.'"
Chertoff said such a system would improve upon the government's current tools for analyzing computer threats, which he said are built on "fundamentally a backward-looking architecture" — that is, they scrutinize threats coming into the networks and work backward to identify the nature and source of the attack.
The system he was referring to is the "Einstein Program" run out of the United States Computer Emergency Readiness Team, or US-CERT, a partnership between the homeland security department, other public agencies and private companies. The Einstein program is an automated process for collecting and sharing security information.
Chertoff said the government needs to recruit more security professionals from private industry because many critical networks are operated by private companies and they need each others' expertise.
He did not say how many new cybersecurity jobs the agency is looking to fill with private-industry professionals, but he said the initiative is a high priority because the power of the government alone is "insufficient" to fully combat the threat.
"The federal government cannot promise to protect every system or every home computer from attack," he said.