December 6, 2010
US Lags Behind Safeguarding Against Cyberattacks
Experts say that it will take several more years for the government to fully install high-tech systems to block cyber-attacks, which is a drawn-out timeline that enables criminals to become better at stealing sensitive data.
Experts suggest that technology already may be passing Department of Homeland Security moves to secure approximately 2,400 network connections used every day by millions of federal workers around the globe.
The department that is responsible for securing government systems other than military sites is slowly moving all the government's' Internet and e-mail traffic into secure networks that eventually will be guarded by intrusion detection and prevention programs.
However, progress has been slow and officials are trying to complete complex contracts with network vendors, work out technology issues and address privacy concerns that involve how monitoring affects employees and public citizens.
"This is a continuing arms race and we're still way behind," Stewart Baker, former Homeland Security undersecretary for policy, told the Associated Press (AP).
WikiLeaks releasing over a quarter-million sensitive U.S. documents highlights the coming challenges. Officials believe an Army intelligence analyst who downloaded them onto a CD stole the sensitive documents from secure Pentagon computer networks.
The changes sought by Homeland Security on the government's nonmilitary computers would be wider and more systemic than the immediate improvements ordered recently by the Department of Defense and State as a result of the WikiLeaks releases.
"There are very few private sector actors who depend on information security who think that installing intrusion prevention systems is sufficient protection against the kinds of attacks that we're seeing," Baker said.
Navy Rear Admiral Michael Brown, Homeland Security's director for cybersecurity coordination, told AP that over half of the government's 2,400 network connections are already protected by an automated system that monitors federal Internet and e-mail traffic for malicious activity.
However these cover fewer than 20 of the 110 federal agencies.
The automated system, also known as Einstein 2, is installed and working at 13 of the 19 agencies that plan to police their own networks. Brown said the remaining 91 departments will go through one of four major communications companies for the monitoring.
All network traffic will eventually flow through 72 sites called Trusted Internet Connections, including eight operated by the four communications companies and 64 operated by individual agencies.
Brown said that a more sophisticated system known as Einstein 3 will detect and automatically block intrusions. He said that it has just completed testing and will take several years to fully be implemented.
Brown insisted that the government is not lagging behind private industry in its efforts to secure computer networks. He also said that each agency is responsible for setting up safe cybersecurity practices.
Criminals these days "are more targeted, are more professional, and have greater sophistication and capabilities," he said.
Jerry Dixon, former director at Homeland Security's Computer Emergency Readiness Team, told AP that Einstein will add a valuable safeguard to government agencies but "there still is not a magic bullet" to defeat the increasingly sophisticated threats.
"We're always playing catch-up or reacting to the last major cyberincident or event but not doing a lot to think about what the future might hold," said Dixon, who is now director of analysis at the Internet security firm Team Cymru.
On the Net: