As information technology boomed in the last two decades, the best young minds who grew up along with it flocked to developing the latest and greatest systems, not to protecting data and corporate networks.
Cybersecurity was viewed as a “stepchild” of IT, U.S. Department of Homeland Security Secretary Michael Chertoff told cybersecurity professionals on October 14 at a forum on cybersecurity.
But today that dim view of security is changing, “if it hasn’t changed already,” Chertoff said. As IT systems have become more sophisticated and the practice of cybersecurity has become more cutting edge, computer-savvy teens and twenty-somethings are now aspiring to master protection of electronic systems, Chertoff said.
In his remarks, which preceded a panel of cybersecurity experts from such companies as Boeing, Bank of America, and General Electric, Chertoff made the case that companies should no longer consider IT threats a necessary cost of doing business.
“We’ve entered an era of new threats and vulnerabilities,” he warned, and the consequences of failure are exponentially greater.
Adversaries have matured along with the technology. State actors, criminals, and terrorists alike are increasingly motivated and capable, he said, and attacks are “increasing in frequency, sophistication, and scope.” Chertoff noted that the recent Russian military attacks in Georgia were coupled with Denial of Service (DoS) attacks launched against Georgian networks, which hindered Georgians’ ability to get information off the Web, thus throwing the population into confusion.
Among Chertoff’s solutions on the government side is closing thousands of connection points between civilian government networks and the Internet, and he called for the public-private United States Computer Emergency Readiness Team (US-CERT) to validate security across the federal government’s civilian domains.
He also spoke of the government’s intrusion detection system now being deployed as being part of an effort to develop “leap-ahead” technology. While the first iteration of this tool identified intrusions after the fact, today’s version detects these crimes in real time. Version 3.0 of the tool, in the works now, promises to search for indicators of pending attacks and stop attacks before they occur.
Chertoff emphasized that his solutions involve heavy cooperation with the private sector, especially in technology development, education, recruitment, and development of standards to ensure the integrity of technology.