'We're all at risk' of attack, cyber chief says

Liza Porteus Viana — Tue, 11 Dec 2007 00:00:00 -0500

NEW YORK -- Private industry and governments need to make cyber security a priority, no matter what the cost, in order to defeat hackers and terrorists and to keep operations running during a crisis, a federal official said here Tuesday.

Private industry owns and operates more than 85 percent of the country's critical infrastructures. "That means the federal government cannot address these cyber threats alone," said Greg Garcia, the Homeland Security assistant secretary who heads the national cyber-security division.

Garcia addressed the New York City Metro InfraGard Alliance blocks from the World Trade Center site attacked by terrorists Sept. 11, 2001. InfraGard is a partnership between the FBI, local law enforcement and the private sector aimed at protecting critical infrastructures, including technology systems.

"You all know our adversaries will stop at nothing to destroy the infrastructures we all work so hard to protect. ... We're all at risk, we're all responsible. and there's much more we have to do to protect our critical systems," Garcia said. "New York is the world's financial nucleus. ... As Wall Street goes, so does the rest of the economy."

About $5.5 trillion to $6 trillion runs through the U.S. financial system each day, including paycheck delivery and withdrawals from automatic teller machines. Still, Garcia said, large household-name companies are leaving their networks exposed to infiltration and data theft.

The federal government relies heavily on organizations like InfraGard and information-sharing and analysis centers for specific economic sectors to force industry to take cyber precautions. He said that partnership is particularly important given that hackers are becoming more sophisticated, and that malicious codes and software are now sold cheaply over the Internet.

Garcia said there is a $100 billion market for cyber crime -- more than the illegal drug market. From fiscal 2006 to fiscal 2007, the U.S. Computer Emergency Readiness Team handled more than 37,000 incidents, compared with about 24,000 in fiscal 2006.

"Unfortunately, none of this is going to dissipate if we don't have the same level of coordination and organization our adversaries have against us," Garcia said.

On the government side, the Homeland Security Department's Einstein network monitors systems for abnormalities or intrusions and circulates threat information within hours. Einstein is used by 13 agencies, but Garcia wants all to subscribe.

"There's strength in numbers," the assistant secretary said. "Just like beat cops, out-of-the-ordinary events or activities can tip off cyber responders to potential trouble."

Industry also needs to consider physical threats that could affect networks, such as a pandemic flu outbreak, Garcia said. Companies must ensure that their businesses can operate via telecommuting during a crisis and that their networks don't become bottlenecked, he said. They should boost network security ahead of time to ensure continuity of operations.

If the businesses don't do this, Garcia said, "our economy -- in fact, our very way of life -- is going to be at stake."

Garcia toured the city's wireless network operations and emergency management centers, and spoke with city leaders about how they are managing and securing communications systems designed to operate across jurisdictions.

In March, the department will conduct an exercise to practice coordinated responses to simulated strings of cyber attacks affecting all levels of government and industry.

]]>

Data program for port security to be launched

Liza Porteus Viana — Wed, 28 Nov 2007 00:00:00 -0500

NEW YORK -- The Homeland Security Department in "very few weeks" will issue a request to industry for a proposal to create a pilot program for a data warehouse aimed at boosting cargo security, an agency official said Tuesday.

"Our enemies are always looking for ways to exploit us," Jayson Ahern, deputy commissioner of Customs and Border Protection, said at the Maritime Security Conference and Expo here. He added that increased transparency in the supply chain can reduce risk.

The Global Trade Exchange, or the GTX, would fuse together a range of nontraditional cargo-movement information. It is one element of the three-part Secure Freight Initiative, which also calls for international container scanning and the collection of advanced data about cargo heading for U.S. ports.

The scanning initiative, known as the International Container Security project, calls for scanning technology to be deployed at seven overseas ports to determine its capability.

The third element of SFI is known as the Security Filing Project. It calls for the implementation of advanced electronic filing requirements to give U.S. port officials more information about cargo movement before vessels are loaded overseas.

The White House Office of Management and Budget is reviewing a draft rule that would require importers or cargo owners to file 10 more data elements with the U.S. customs agency 24 hours before loading vessels overseas, and two more data streams to be filed by ocean carriers at least 48 hours before arriving in the United States.

Homeland Security Secretary Michael Chertoff earlier this month compared GTX with logging on to Amazon.com, where the online retailer asks for information to determine how to better serve its customers. He said the concept provides "better security at lower cost to the shipper and at less inconvenience."

Several technologies are in the works to enhance SFI, including the Advanced Spectroscopic Portal radiation-detection technology to enable faster and more accurate identification of radiological isotopes in containers. The monitor, currently being field tested in Southampton, Britain, can determine if the isotopes are dangerous or naturally occurring.

That device could increase efficiency and rule out "nuisance alarms" caused by, for instance, a truck-driving chemotherapy patient, Ahern said.

Asa Hutchison, the former Homeland Security undersecretary for border and transportation security, also addressed the conference and said increasing the role of the private sector in third-party verification of cargo overseas is key to keeping commerce flowing.

He cited a 2007 cargo security law, which would develop protocols and standards for hazardous cargo and includes a provision that foreign ports be allowed to use third-party verifiers.

Adm. Thad Allen, commandant of the U.S. Coast Guard, said a satellite prototype for long-range ship tracking will be tested "shortly." He said industry has made progress in complying with maritime security rules since the September 2001 terrorist attacks, but "I don't believe ... we've arrived at the time of a universally agreed upon maritime security structure around the world."

]]>

Government Executive - Authors - Liza Porteus Viana

'We're all at risk' of attack, cyber chief says

Data program for port security to be launched