Chertoff Describes `Manhattan Project` for Cyber-defenses

SAN FRANCISCO—Secretary of Homeland Security Michael Chertoff says the U.S. government is working on the equivalent of the "Manhattan Project" to defend federal networks and national security interests from large-scale cyber-attacks.

During a keynote presentation at RSA Conference, Chertoff painted a gloomy picture of the government's readiness for a determined attack on critical communication networks and said the recent creation of a new National Cyber Security Center would be crucial to finding early signs of hacker activity.

"The human and economic sacrifices from a cyber-attack can be devastating ... on par with what this country experienced on September 11," Chertoff said, calling on the private sector and computer security professionals to partner with the federal government on creating a valuable early warning system for major network attacks.

He referred to the 2007 denial-of-service attacks against Estonia as proof that large-scale cyber-attacks can have far-reaching consequences and cascading effects across the world.

"That botnet attack in Estonia shut down the government there for a period of time. It affected their financial system and government Web sites and lasted for about two weeks. It affected the ability of the Estonian government to govern. That's just one example of what any country or government can face if determined terrorists or mischief-makers decide to do damage," Chertoff said.

"A single individual, a small group or a nation state can exact damage and destruction similar to dropping a bomb or explosives," he warned.

During his presentation, Chertoff said much of the day-to-day operations of the Cyber Security Center remain classified but he insisted that the federal government's mission is to use early-warning technology to detect anomalies linked to malicious attacks.

"The best way to deal with an attack is to prevent it before it happens. Giving an adversary one bite of the apple is one bite too much," he said.

However, because there are "thousands of entry points to federal domains," Chertoff said the government was "limited in our ability to deal with cyber-attacks."

Chertoff said the U.S. CERT (Computer Emergency Readiness Team), using an intrusion detection program called Einstein, can actively monitor entry points to domains and automate the process of collecting, correlating, analyzing and sharing computer security information across the federal government.

Einstein has been used on federal networks since 2004, but because it's not fully deployed, there are still major gaps in the government's ability to monitor all its domains.

"We still can't monitor it in real time effectively. The federal agencies are uneven in the way they protect their own assets," Chertoff said, noting that some agencies have round-the-clock watch and warn systems while others are without that level of visibility.

Another problem with Einstein, Chertoff said, is its "backwards-looking architecture," which slows down the monitoring process. "The monitoring doesn't happen instantly and that's a weakness. We can't afford to have time delays in a world where attacks come in microseconds from all points of the globe," he added.

Chertoff said the government was working on reducing the number of access points to federal domains. The long-term plan is to identify a finite number of entry points to allow better, more effective monitoring of traffic.

"We now have thousands of these entry points and we're looking to bring it down to about 50," he said.