DHS Secretary Calls for Public-Private Alliance to Battle Cyber-Attacks

In a speech to California college students, Department of Homeland Security Secretary Janet Napolitano discussed how the public, government and private industry can work together to contain rapidly evolving cyber-threats.

The United States government needs to collaborate with academia and businesses to fight cyber-attacks, the Secretary of Homeland Security said in a speech to engineering students at the University of California at Berkeley.

In the April 25 speech, Homeland Security Secretary Janet Napolitano outlined some of the cyber-security challenges the federal agency regularly faces while protecting the nation's critical security infrastructure.

Some of the more serious recent threats, she said, included the spread of the Stuxnet worm, the attacks on NASDAQ, the emails stolen from Epsilon and the data breach at RSA Security.

While the country is more secure and better prepared than it was a few years ago, the rapid evolution of cyber-space and threats to its security mean "we all have a role to play" in cyber-defense, according to Napolitano. Just as all cities experience some crime, cyber-crime is now part of being online.

While it is the DHS' responsibility to protect critical infrastructure and cyber-space, "this is not something we can do by ourselves," but requires a "full range of partners," according to Napolitano. The "shared security" is only possible if other government agencies, the private sector and individual Internet users all became engaged in the fight, she said.

"Terrorist threats have not gone away. ... They have evolved," Napolitano said.

Attacks are becoming increasingly more sophisticated and using "very novel" attack vectors, so it is important to be able to respond to a threat quickly. After the breach at RSA Security where SecurID information was stolen, the DHS worked with RSA, law enforcement authorities and the intelligence community to minimize the damage.

"We took our understanding of the tools, tradecraft and techniques used by these malicious actors and converted it into actionable information that all 18 critical infrastructure sectors could use," Napolitano said.

The DHS has spearheaded the development of the first-ever National Cyber Incident Response Plan, which enables the agency to coordinate the response of multiple agencies, state and local governments, and the private sector in the event of a cyber-attack, Napolitano said.

While the Science and Technology Directorate is also working on developing and deploying more secure Internet protocols to protect consumers and businesses online, the private sector needs to "redouble its efforts in the quality of products" it offers to fend off hacking, spamming, spoofing and the like, according to Napolitano.

In her speech, the DHS secretary also addressed the recently finalized "National Strategy for Trusted Identities in Cyberspace" in an effort to create an identity ecosystem to protect online consumers from fraud. Instead of having usernames and passwords that are different for every Website, Napolitano said a better approach would be to rely on a single set of credentials that would be accepted across all Websites. "Dozens of companies could offer this," she said.

Even though the cyber-security department at the DHS has "tripled" from 2009 to 2010, it's not growing fast enough to keep up with the attackers. "We still need more people. We need a strong and innovative group to take on this incredible challenge that protections of cyber-space demand," Napolitano said.

Napolitano cited recent numbers from Symantec that found cyber-attacks increased 93 percent in 2010, compared with 2009. "We're dealing with multiple risks at the same time," she said.

During the question and answer session with the students, Napolitano dodged a question about the infamous Internet kill switch that would allow the government to disconnect critical infrastructure from the Internet in an emergency. Napolitano said that Congress is likely to address the issue this year as part of its cyber-security legislation.

Napolitano has been making the rounds at major universities since the beginning of the year, including MIT and George Washington University, to talk about cyber-security and to encourage students to think about careers in the federal government.

"We need technologists who understand policymaking," Napolitano said.