US-CERT Can’t Secure Fed CyberSpace. Maybe New Cyber Center Can.
The Department of Homeland Security was commanded to secure the federal cyberspace in 2003. Five years later, and the job is still not completed. DHS has the National Cyber Security Division and that division runs US-CERT, which is supposed to be the top incident response agency over all of the federal-civilian agencies.
But US-CERT is actually a partnership with the old Cert running out of Carnegie Mellon University, and they have lots of lawyers, who have friends in Congress, that put the brakes on DHS’s attempts to place network monitors in the Federal Agencies. They whined and cried and worked against their own national mandate both overtly, and behind the scenes, to kill any attempts to gather raw network data from agencies such as the IRS, the FAA, FDIC, HUD, and even DHS itself. Doing that would violate peoples’ privacy they whined. Attempting to stop Chinese hackers by seeing source IP, destination IP and packet payload might accidently allow analysts to see someone’s Instant Messenger chat sessions.
So today the privacy of federal agencies are protected, but the networks are rife with Chicom packet sniffers. And if you work with a federal agency, you are required to report security incidents to US-CERT. When you do that, you receive back a number. No help, no wishes for good luck in dealing with the incident. Just a worthless number.
All of this is about to change. The administration had to do an end-around the privacy weenies, and ordered the NSA and other intel agencies to put network monitors in the Federal agencies.
President Bush signed a directive in January that expands the intelligence community’s role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies’ computer systems.
The directive, whose content is classified, authorizes the intelligence agencies, in particular the National Security Agency, to monitor the computer networks of all federal agencies.
US-CERT was supposed to do this. I guess they have been benched.
Under the new initiative, a task force headed by the Office of the Director of National Intelligence (ODNI) will coordinate efforts to identify the source of cyber-attacks against government computer systems. As part of that effort, the Department of Homeland Security will work to protect the systems and the Pentagon will devise strategies for counterattacks against the intruders.
I think they mean countermeasures, like blacklists, DNS poisoning, web proxy evasion, etc.
The White House is expected to announce as early as Thursday the selection of Rod A. Beckstrom as a top-level adviser based in the Department of Homeland Security. Beckstrom is an author and entrepreneur best known for starting Twiki.net, a company that provides collaboration software for businesses.
According to the sources, the center will be charged with gathering cyber attack and vulnerability information from a wide range of federal agencies, including the FBI, the National Security Agency and the Defense Department. Beckstrom will report directly to Homeland Security Secretary Michael Chertoff.
What about NCSD? Is that agency going away or is it getting pushed under the new office?
DHS only recently appointed Greg Garcia, former head of the Information Technology Association of America, to be assistant secretary for cyber-security and telecommunications, a position fought for and won through tireless lobbying from lawmakers on Capitol Hill who believed DHS wasn’t placing a strong enough emphasis on cyber.
Of course, with the upcoming election, all of these efforts may get shelved as part of a new policy. You tax dollars at work. I’m happy to be going back to the private sector. Lots of thanks to Richard Stiennon’s blog for the news links.