PHILADELPHIA – Describing threats to the U.S. cyber infrastructure as perhaps the most serious danger facing the nation today, the secretary of the Department of Homeland Security renewed the call for guidelines to facilitate public-private cybersecurity information sharing.
We need to make it easier for companies to share data and information with the Department of Homeland Security when they are attacked.
Janet Napolitano, Secretary, Department of Homeland Security
At the 58th annual ASIS International conference, an event geared largely toward physical security professionals, DHS Secretary Janet Napolitano made an impassioned plea to the private sector audience to help establish new protocols to share cybersecurity-related information with the government in a faster and more collaborative way.
"[Cybersecurity] threats are real and ever-evolving, they are serious, and they go to the heart of the safety and security of our economies," Napolitano said. "We must maintain a cyberspace that's safe and resilient and remains a source of tremendous growth for years to come."
Napolitano stressed the importance of establishing baseline cybsersecurity practices for the nation's core critical infrastructure, most of which is owned by private-sector companies. Napolitano said guidelines are needed to ensure gas companies, water suppliers, and other infrastructure providers, which are at constant risk of cyberattack, have implemented the baseline security measures necessary to ward of such attacks.
Just as important, Napolitano said, is the need for protocols to enable rapid cybersecurity information sharing by the private sector and local and state government agencies when an attack occurs. Sometimes, she said, these groups are unsure if they can share information with the federal government.
"In cyberspace, seconds matter. When information isn't shared quickly, it makes it harder to respond effectively, and delays hurt all of us," Napolitano said. "We need to make it easier for companies to share data and information with the Department of Homeland Security when they are attacked, so we can help prepare others and provide assistance if requested."
Napolitano said the rules governing cybersecurity information sharing reside under a variety of statutes. In August, legislation that sought to ease information sharing and set information security standards for critical infrastructure providers -- the Cybersecurity Act of 2012 -- died in the Senate. Many lawmakers expressed privacy concerns about the bill, but Napolitano renewed the call for action.
"I don’t want to rehash last summer's Senate debate on cybersecurity," Napolitano said. "The plain fact of the matter is we need to address cybersecurity now, not in the years to come."
Underscoring her message, Napolitano noted that cyberattacks have increased steadily over the past decade, and increased significantly during her three-plus years as DHS secretary. She said in 2011 the U.S. Computer Emergency Response Team (US-CERT), which provides response support and defense against cyberattacks affecting the civilian portions of the U.S. government computer network infrastructure, responded to more than 106,000 reports and released more than 5,000 actionable alerts to its public and private sector partners. She also noted a 2011 Symantec report that calculated the cost of global cybercrime to be $114 billion annually, and as much as $388 billion when accounting for financial and time losses, which is more than the combined global black market for marijuana, cocaine and heroin.
"My friends, we are all in this together," Napolitano added. "We need a place where all of us have an opportunity to make a positive impact. [Cybersecurity] is the most active, the most dynamic, and potentially the most threatening area of risk we all confront today."
Information sharing aside, Napolitano said DHS is taking broad action today to limit the risk posed by cyberattacks by working with owners and operators of critical infrastructure providers to conduct risk assessments, provide mitigation assistance and incident response capabilities.
It is also deploying new technology to detect and respond to intrusions at federal civil agencies, working closely with the National Security Agency and the Department of Defense, and working with the Department of Justice and the FBI to investigate, attribute and prosecute those who commit Internet crimes.
Napolitano also cited the important role the general public plays and the need for "situational awareness" to ensure the integrity of cyberspace. She noted DHS' support of the "Stop. Think. Connect." campaign, a national public awareness effort led by the Anti-Phishing Working Group and the National Cyber Security Alliance to encourage young Americans to engage in and promote safe online practices.
"We know cyberthreats can encompass a broad range of activities, from denial of service to theft of IP and intrusions into secure government networks and systems that control our critical infrastructure," Napolitano said. "These crimes have real-life victims and real-life human consequences."