Garcia specifically highlighted threats such as advanced malware programs, so-called botnets, and various forms of identity fraud, including phishing schemes, as particularly challenging threats to security of the nations increasingly centralized IP backbone. "Our adversaries wont stop, and their attacks on infrastructure assets are growing in sophistication and frequency," said Garcia. "The [IT]security sector shares in this mission to serve the country; there are lots of plans in Washington, but this one will stickwe need a framework for industry and the government to assess infrastructure vulnerabilities, evaluate risks and take steps to mitigate problems based on a common risk management model."Botnet stalkers share their takedown methods. Click here to read more. Later this year, the DHS will coordinate a second iteration of its Cyber-Storm backbone attack exercise, which will provide a better idea of how much progress has been made in defending computing and telecommunications networks. If every private organization that controls substantial network assets would agree to more actively police the security of their own infrastructure, there could be "dramatic and measurable" improvement in national efforts to ward off hackers, and even terrorist activity, Garcia submitted. He also called on his former colleagues in Congress to create financial incentives that would reward organizations that commit to making such improvements. "Security is a network of defenders. Join the groups that have already stepped up; they are integral partners to [Homeland Security]. Were all vulnerable and need to partner," said the cyber-security chief. "Were all in this together, and there is another network out there that is technologically sophisticated and well-organized and out to get your money and disrupt operations. Together we can strengthen defenses, reduce vulnerabilities and help maintain our way of life."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis.
In a nod to the existing impact of IT threats on infrastructure assets, and the growing awareness of his offices work, Garcia noted that while the U.S. Computer Emergency Readiness Team, or CERT, received only 23,000 major incident reports from organizations during 2006, it matched that total during the first quarter of 2007 alone. The Homeland Security officer estimated that there are currently more than 3,000 active botnetsor clusters of infected computers used by hackers and other criminals to carry out their workthat control millions of hijacked devices.