MIAMI -- When Cyberstorm III, an exercise that will test the government's readiness to defend against a major cyberattack, commences in September it will have a greater international presence than the two cybersecurity exercises that preceded it.
Speaking to an international group of incident responders at the Forum of Incident Response and Security Teams (FIRST) Conference 2010 Monday, Philip Reitinger, director of the National Cybersecurity Center at the Department of Homeland Security (DHS), said the United States has learned that an international presence is essential in the war against cybercriminals hell-bent on taking down critical infrastructure, disrupting financial markets or penetrating government networks. Reitinger said he expects "significant" international participation in Cyberstorm III.
"Right now it is indisputable that our risk as a community and a community of nations is growing," Reitinger said. "People recognize that we have a problem and we are working as a global economy, a set of nations to address it."
The last major cybersecurity exercise conducted by DHS was held in 2008. Cyberstrom III is slated to include a number of international computer emergency readiness teams
Previous Cyberstorm exercises focused on attacks attempting to take down the Internet or spread malicious software on high priority government systems. Cyberstorm III is expected to test the processes and roles in place while simulating a cyberattack against the underlying control systems of country's critical infrastructure – power grids, dams and systems that protect energy facilities.
Government cybersecurity initiatives:
Privacy protection essential in fight against cybercriminals, experts say: The federal government may need to step in to protect the networks of critical infrastructure facilities, but it must respect the civil rights of its citizens, a panel of experts said at RSA Conference 2010.
Federal CISOs worry they can't effectively secure cloud computing: An (ISC)2 survey finds federal CISOs pleased with the government's efforts to improve network security, but lack support for hiring skilled security pros.
Reitinger was appointed as director of the National Cybersecurity Center last year. He also serves as deputy undersecretary for the National Protection and Programs Directorate (NPPD) at DHS. Reitinger was a senior security strategist with Microsoft's Trustworthy Computing Security Team and also served in the federal government under the Bush Administration as executive director of the Department of Defense's Cyber Crime Center in Linthicum, Maryland. He previously worked at the Department of Justice focusing on computer crime and intellectual property issues.
The Comprehensive National Cybersecurity Initiative (CNCI), a $40 billion classified Bush Administration initiative to improve the federal government's cybersecurity defenses, was a good first start but lacks a focus on the private sector and on international cooperation, Reitinger said.
"We've got to stop talking and begin building out the mechanisms needed to respond to a significant cyber incident," he said. "It's no longer useful to talk about things in such high level generalities and not make a difference."
International cybersecurity teams find a way to work together when problems arise, such as the global spread of the Conficker worm, but mechanisms to disseminate information need to be standardized for a better coordinated response to incidents, Reitinger said.
"We've got set of manual processes and there's a lack of agility in places," he said. "We succeed based on goodwill and hard work of people rather than the innate design of the system."
Some security experts expressed their frustration over the lack of involvement with law enforcement officials. To make any progress, security teams need to figure out a way to improve cooperation with law enforcement agencies in different countries, said a cybersecurity researcher based in Germany who wished to remain anonymous.
"It's always about defending, never going on offense," he said. "There are a lot of problems we need to fix to do a better job."
When pressed on the issue of law enforcement during a question and answer session after his keynote, Reitinger said it is still very difficult to find and prosecute the right people. Law enforcement officials are resource challenged and pulled in many different directions, he said.
"I doubt we're ever going to get to a point where criminal prosecution is as effective of a deterrent as it is in the physical world," he said.
Logging onto the Internet may be less anonymous in the future. The federal government is studying ways to more broadly apply authentication when conducting business online, Reitinger said.
Details were scarce, but Reitinger said government officials are studying ways to roll out secure identities for use on the Internet. Online identity management is a high priority, he said, and could help reduce threats when conducting high risk transactions. He said the federal government was taking a "more people-focused" approach.
"I am not saying that every communication on the Internet needs to be authenticated," he said. "A lot of communications on the Internet are and should be anonymous and is even protected under the law. In cases where communication should be authenticated, it should be easy to apply strong authentication mechanisms."