Outgoing Department of Homeland Security chief Michael Chertoff says the Bush administration's work on cyber-security leaves President-elect Barack Obama well-positioned for progress on securing the nation's IT infrastructure.
Almost a year after launching a cyber-security "Manhattan Project"
and less than a month before President-elect Barack Obama takes office,
outgoing Department of Homeland Security Secretary Michael Chertoff says the
Bush administration is leaving Obama with "some momentum" on cyber-security.
Speaking Dec. 18 at the conclusion of a two-day cyber-warfare exercise in
Washington, Chertoff said, "I think we've done an awful lot in a
relatively short period of time, as, you know, government work goes and while
there's much more to be done, I think we've teed up, so the next administration
has some momentum and I will encourage them in any way I can to continue to
move it forward."
In January, Bush signed a classified presidential order ordering the DHS and
the National Security Agency to expand their cyber-security efforts. Chertoff
said that initiative has been successful, at least as a starting point.
Obama earns a 100 percent pro-tech score.
"Obviously, this is a work in progress, but it is one which builds upon
a shared relationship of trust and experience, which we have seen work in the
physical realm and one of the reasons we have to work across the entire domain
of our relationships with the private sector is because the needs of each
sector differ in terms of what their concerns are from a cyber-security
standpoint," Chertoff said.
Chertoff added that historically there has been a "radical"
division between the U.S.
intelligence agencies and the private sector in involving the government in
civilian networks for fear of the legal consequences. That, he said, needs to
"The cyber-security threat isn't only one that occurs at the level of
traditional nation states and traditional conflicts," Chertoff said.
"It occurs with respect to terrorism, where we know that a cyber-terrorist
attack could have a potentially very, very serious impact on the safety and
well-being of our citizens. And even common criminals have done an
enormous amount of damage using the cyber-system to exploit our vulnerabilities
in order to make money."
Noting that while the most publicized threats to U.S.
cyber-security are from people hacking into systems, Chertoff said the country
needs to be prepared to deal with a full spectrum of threats, including
individuals compromising systems from within and the security of supply chains.
Chertoff identified three specific types of cyber-security threats: hackers
who steal information, threats that would degrade or destroy the ability to
actually engage in activities over the Internet, and inside corruption of the
"Not an attack that necessarily destroys a system, but that simply
corrupts it or changes it in a way that makes it unusable and undermines
confidence and trust," Chertoff said. "And here, although it hasn't
happened to my knowledge, imagine a circumstance where a terrorist attacked our
financial system and simply altered the data in a way that left people with a
lack of confidence that they could get accurate information or access to their
DHS, in collaboration with a number of partners, has established a
cross-sector Cyber Security Working Group. The group meets monthly and
includes industry and government representatives from 18 critical
infrastructure and key resource sectors. Chertoff said the idea is to
exchange information on vulnerabilities and strategies for mitigation, hold
briefings in both directions about what cyber-threats are emerging, and to
participate in specific projects.
In particular, Chertoff said, "we're focused on chemical, IT, and
banking and finance sectors because we know those are sectors where there's a
particular concern about the collateral consequences of a cyber-attack."