SAN FRANCISCO -- The government needs to refocus its efforts on closing the holes that attackers are using to infiltrate its networks or risk a future cybsersecurity incident on a scale that has never been seen before.
That was the message Michael Chertoff, secretary of the Department of Homeland Security, gave to security professionals attending RSA Conference 2008. The speech marked the first talk by a high-level DHS official at the event.
"You own the Internet; the federal government cannot be everywhere," Chertoff said. "We can't be serious about cybersecurity without engaging with the private sector."
Chertoff pointed to the attacks on the Baltic nation of Estonia which brought the country to a standstill, as an example of what could happen if terrorists cripple essential systems in the United States. A serious cyberattack on major financial systems or the nation's air traffic control system could have disastrous consequences that last for years, he said.
"A cyberattack of that magnitude or worse could have cascading affects across the country and around the world," Chertoff said.
Chertoff said the federal government wants to "take a quantum leap forward," beginning with the National Cyber Initiative, which was announced in January. The initiative comprises a number of separate proposals. It includes a $115 million overhaul of the government's intrusion detection system, known as Einstein. It also calls for putting in place a standard to force all government agencies to meet a minimum "baseline" level of security.
The government also needs to reduce the number of its access points from thousands of domains to a target of about 50 to help get a handle on the attack vectors available to intruders, Chertoff said.
The government also needs to revamp its detection and analysis methods to detect and analyze anomalies in minutes rather than days, he said. Eventually it would be retooled to analyze traffic in real time to look for malicious code and attacks.
"Our vision is to have an early warning system of what might be launched even before it comes," Chertoff said.
Chertoff said the National Cyber Security Center at DHS would work to foster partnerships with the private sector. He said the recent appointment of Rod Beckstrom as director of the DHS center would to encourage better communication and information-sharing among the various components of the federal government that handle cybersecurity. The government hopes to tap some of the talent in the private sector to help secure its networks, he said.