U.S. to Develop an Early Warning System for Hacks
Chertoff compares the effort to the Manhattan Project; security experts are skeptical.
The U.S. government has launched a cybersecurity initiative that its top homeland security official compares to government efforts to build the atom bomb during WW-II.
Calling it a modern day "Manhattan Project," Michael Chertoff, secretary of the Department of Homeland Secretary, told the RSA Conference that the new cybersecurity center will try to limit the number of entry points for hackers to slip malicious code into government networks and wreak havoc. Thousands of entry points currently exist. The center's goal is to get that number down to 50, so intrusion detection systems can scan the network more quickly.
Chertoff acknowledged that hackers have broken into one U.S. government research laboratory as well as the Pentagon in the last year, according to the Associated Press .
The efforts Chertoff spoke about are part of President Bush's Cyber Initiative, launched at the beginning of the year. Wired's Ryan Singel reports :
In January, President Bush signed a presidential order expanding the role of DHS and the NSA in government computer security. Its contents are classified, but the U.S. Director of National Intelligence has said he wants the NSA to monitor America's internet traffic and Google searches for signs of cyber attack.
The initiative received $150 million in funding this year, while the Bush Administration is requesting an additional $192 million for next year.
Chertoff said that a successful cyberattack against the United States could be as devastating as the physical attacks of 9-11, crippling the financial system and shutting down the air traffic control system.
More controversially, Chertoff said the U.S. will develop an early warning system that would notify cybersecurity officials of an emerging attack. Acknowledging the difficulty of producing such a system, he told the conference, "It's going to be hard - it's hard technically .... (But) the fact that something's hard doesn't mean, 'Let's not do it because it's going to be difficult.' It means, 'Let's roll up our sleeves and get started.'"
According to Singel, one prominent security expert that wouldn't go on the record ridiculed the idea by calling it the "clairvoyance machine." Robert Graham, chief executive of Atlanta-based Errata Security, told the Associated Press that security breaches occur too quickly for early detection.
In an effort to develop such an early warning detection system, however, Chertoff made a pitch to Internet security companies to send the center its best and brightest. He said the government does not have the expertise to combat the threat and told the conference it was it their interest to help the center because any detection technology developed by the government would be shared with private industry, reports the San Francisco Chronicle.