Cyber Security Awareness Month

Today marks the beginning of National Cyber Security Awareness Month, which is a good opportunity to remind our readers of the importance of protecting yourselves and your businesses against the growing threat of cyber attacks.

Worldwide, cyber attacks are increasing in sophistication and frequency every day. We have seen stories in the news recently of countries engaging outright in cyber warfare. Over the summer, authorities also uncovered the largest case of identity theft in U.S history, involving the theft of more than 40 million credit card numbers stolen from the computer systems of several major U.S. retailers. These acts have very real consequences for ordinary Americans, as any victim of identity theft can attest.

We take the threat of cyber attacks seriously at the Department. Working with other agencies, we have embarked on a major effort across the government to protect federal systems and networks. This includes reducing the number of external access points to our systems and improving our intrusion detection capabilities. We’ve established a new National Cyber Security Center to improve coordination and information sharing. We are expanding our 24-hour watch and warning system – the U.S. Computer Emergency Readiness Team – and hiring new cyber professionals. And we’re taking steps to prevent compromised computer products and electronics from entering the global supply chain and reaching our country.

But the reality is we can’t meet these challenges by ourselves. We don’t own the Internet or our nation’s IT or communications infrastructure. Most of our nation’s cyber assets are in private sector hands. Protecting them will require a new level of partnership with businesses and companies of all sizes, as well as individual citizens.

What can you do to help? Start by making sure you are practicing good cyber security in your home or office. This means ensuring your antivirus software is properly functioning and up-to-date. Change your computer passwords regularly, and when you do, make sure you don’t write them down or leave them near your computer where someone can easily exploit them. Don’t open suspicious e-mail or visit suspicious websites. And make sure you know exactly what you’re downloading.

These are all common-sense recommendations, but unfortunately too many Americans fail to take even these basic steps. I hope over the next month you’ll do your part to increase our nation’s cyber defenses from the ground up and help us mitigate the impact of a major cyber attack. The alternative could be a very serious disruption of a vital part of our society and our nation’s economy. Like other areas of homeland security, the time to prepare is now.

Michael Chertoff

Our Newest Cyber Threat

"Every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tried to meet any new situation by reorganizing, and a wonderful method it was for creating the illusion of progress whilst producing confusion, inefficiency and demoralization." Petronius (AD 166)

This week the House Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology and the House Permanent Select Committee on Intelligence held hearings on cyber security recommendations for the next Administration. In that hearing and in the follow-on press DHS came under criticism for not doing enough to protect our nation's cyber networks. There were even calls for DHS's role in cyber security to be pulled away.

A reorganization of roles and responsibilities is the worst thing that could be done to improve our nation's security posture against very real and increasingly sophisticated cyber threats. In January 2008, the current Administration developed Homeland Security Presidential Directive 23, which established the Comprehensive National Cyber Initiative (CNCI). Since then and for the first time in the Nation's history, DHS along with its partners at the Department of Defense (DoD), FBI, and Intelligence Community have an integrated strategy and action plan to improve cyber security across federal, military and civilian networks. We have moved beyond words on paper and debate, and are now driving real improvements to our security. We cannot afford to lose that momentum and interagency unity of effort.

Within DHS, I manage the National Protection and Programs Directorate (NPPD), which has the mission to reduce security risks across both physical and cyber infrastructure as well as telecommunications and lead the Department's efforts for the CNCI. Specifically, we lead federal civilian (i.e., ".gov") and private sector network defense. Without question, it is a monumental task - one that requires interagency coordination and focus. As a nation, we cannot afford to be distracted from this mission.

In the past six months we have made great progress in this role. We have begun deployment of EINSTEIN 2 ( pdf), which will give us comprehensive, real-time intrusion detection capabilities and one point of situational awareness across all executive branch agencies. We have engaged the private sector to develop partnerships and to improve information sharing. And we have built the core of a management team with the experience and expertise to continue to lead this effort into the future. We have accomplished much in a relatively short amount of time. Securing our nation's cyber networks is a complex and expansive problem, and it took years of growing cyberspace dependence to put us in this position - it will take a solid plan and resolve to accomplish results.

I respect the strong resumes and experience of many of the people that are publicly weighing in on these issues, and, in fact, many of them were previously in key posts that had an opportunity to impact our nation's cyber security. I encourage them to actually spend some time with DHS discussing our plan before they finalize their conclusions and go public with their recommendations.

I certainly agree that we can still do much to continue to improve cyber security in our nation, but calls for reorganization at this point simply makes no sense. We have a plan and are on a path that will address these serious national cyber vulnerabilities. We must stay the course.

Robert D. Jamison
Under Secretary National Protection & Programs