House legislators rip Bush's Cyber Initiative plan

By Dennis Fisher, Executive Editor 28 Feb 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Congressional leaders on Thursday questioned the Department of Homeland Security's past and present efforts to secure the government's networks and dismissed its new plan to improve security as inadequate and behind the times.

We are not being serious about our response to threats. How is it that we're going to have in real time a response to a significant threat? I just don't see it. Rep. Jane Harman, D-Calif.

"It's hard to believe that this administration believes it has the answers to securing our networks and critical infrastructure," said Rep. Bennie Thompson (D-Miss.) during an often contentious hearing on President Bush's so-called Cyber Initiative before the House Committee on Homeland Security Thursday morning. "I have enormous questions about this initiative. Thus far, I have been extremely disappointed in this administration's efforts in cybersecurity."

The initiative is a long-range plan to upgrade the security of the federal government's networks and comprises a number of separate proposals, most notably an overhaul and expansion of the government's intrusion detection system, known as Einstein. Currently, Einstein is simply a passive traffic-monitoring system that records basic data such as the originating IP address of a packet, its size and where the packet came from and where it is headed. But the data that the system captures is not analyzed in real time, so attacks and other anomalies aren't caught until well after the fact. And, Einstein is a voluntary program and is not in place at all of the federal agencies right now.

DHS officials have proposed expanding Einstein to the entire federal government on a mandatory basis and enabling security analysts to analyze traffic in real time to look for malicious code and attacks. The expansion would cost $115 million, department officials said.

"Einstein currently handles a very, very, very small percentage of government traffic," Robert Jamison, under secretary of the National Protection and Programs Directorate at DHS, told the committee. "We want to build it up to one hundred percent. We want to be able to detect malicious code. It will have coverage of external points and will be informed by our current knowledge of the threat. Right now, we don't have that situational awareness. Right now, our capability is passive. We're not doing it in real time."

Several committee members, including Thompson, Rep. Jane Harman (D-Calif.) and Rep. Bob Etheridge (D-N.C.), were surprised by how little information DHS and other agencies involved in cybersecurity share with each other about current threats, past attacks and other critical issues.

"I have been sitting here with my mouth open. This hearing reminds me of the FEMA trailers. The fact that you don't have threat information is shocking," Harman said. "We are not being serious about our response to threats. How is that we're going to have in real time a response to a significant threat? I just don't see it."

Federal cybersecurity news: Cybersecurity commission to set security recommendations for next administration: The Commission on Cyber Security for the 44th President, to be announced Tuesday, will look for ways to improve cybersecurity under the next presidential administration. Schmidt: Cybersecurity a private affair In this Q&A, Howard Schmidt talks about why the private sector has a bigger role to play than the government in defending cyberspace. Cybersecurity czar signals government cooperation at RSA Conference: Cybersecurity chief, Greg Garcia told RSA Conference attendees that government, enterprises and academia need to work together to fight growing Internet threats. Richard Clarke: Don't ignore data risks, deploy encryption At a recent keynote with CISOs during the Gartner IT Security Summit, former White House cybersecurity czar Richard Clarke warned that firms are doing little to prevent data theft.

Jamison defended the proposed expansion, saying that the new real-time capability is a must-have for federal agencies.

"We're not looking at content now. We propose to do that," he said. "Our adversaries are very adept at hiding attacks in normal traffic/. The only true way to protect our networks is to have an intrusion detection system."

Jamison and Scott Charbo, deputy under secretary of the National Protection and Programs Directorate, also defended the broader Cyber Initiative as a necessary step and said that the Einstein expansion is only one piece of the plan. However, the committee members remained skeptical about Einstein's privacy controls and the administration's overall commitment to cybersecurity. Both Harman and Rep. Paul Broun (R-Ga.) questioned the propriety of allowing detailed inspections of all government data traffic.

"This looks almost like the fox guarding the henhouse," Broun said. "I'm not convinced that privacy is going to be protected in developing these systems."

Jamison said that a full privacy impact assessment of the new system would be completed before its deployment.

Karen Evans, administrator for electronic government and information technology at the Office of Management and Budget, cited the government-wide effort to reduce the number of connections to the Internet as a key component of the Cyber Initiative and said the effort should be complete by the summer. All government agencies had to report all of the external network connections, whether they are to contractors, other agencies or to the public Internet, and the total number came to about 4,000 external connections.

The government is projecting that it can reduce the number of Internet connections to about 50, under its Trusted Internet Connections program.

Tags: Information Security Laws, Investigations and Ethics,  FISMA,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity FISMA GAO report cites government weaknesses, data leakage DHS fills National Cybersecurity Center post Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance White House cybersecurity czar faces major hurdles Feds should get private sector advice on cybersecurity ICE Act would create White House cybersecurity post Experts alarmed over U.S. electrical grid penetration Group identifies top 20 security controls to thwart cyberattacks FISMA compliance made easier with OpenFISMA FISMA Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary CALEA  (SearchSecurity.com) cyberstalking  (SearchSecurity.com) FERPA  (SearchSecurity.com) HSPD-7  (SearchSecurity.com) I-SPY Act  (SearchSecurity.com) Information Awareness Office  (SearchSecurity.com) intelligence community  (SearchSecurity.com) lawful interception  (SearchSecurity.com) lifestyle polygraph  (SearchSecurity.com) vulnerability disclosure  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary