Michael Chertoff, secretary of the U.S. Department of Homeland Security, said his agency is ready to launch a Manhattan Project for cybersecurity. Speaking at the RSA Conference in San Francisco on Tuesday, Chertoff said cyberwarfare and cyberterrorism are huge threats.
"Imagine what would happen if a sophisticated attack on our financial systems caused them to be paralyzed. It would be a shaking of the foundation of trust on which commercial intercourse depends," Chertoff said.
He called on Silicon Valley and other technology hubs to send their "best and brightest" to Washington.
"The time has come to take a quantum leap forward, what I would call a game-changer, in how we deal with attacks on the federal government and in working with the private sector," he said.
The initiative started in January when President Bush signed a directive to improve network security throughout the government. The directive permits the National Security Agency to monitor all federal computers. As reported in The Washington Post, the administration is expected to ask for billions of dollars for the initiative in the 2009 budget but, of course, that budget is likely to be rewritten by the new president elected in November.
Because cyberattacks by nature are distributed, "we need to have a network response to a network attack," Chertoff said.
A key aspect of the initiative is the creation of a new assistant secretary for cybersecurity.
Reducing Access Points
"I will look carefully at who he selects" as assistant secretary, said David Stephenson, a homeland security consultant, in a telephone interview. "On the one hand you want somebody very well-versed in the technology," Stephenson said, "but that kind of person is often so left-brain and analytical they can't address the nature of the networked threat and networked response" that Chertoff referred to.
"The risk is tremendous if you can't grasp the whole situation and alter tactics on a very fluid basis -- an aspect that's often missed," Stephenson said.
While no names have been mentioned, Silicon Valley entrepreneur Rod Beckstrom was recently hired to head an interagency group to share information about cyberattacks and might be a logical choice. Before joining the government, Beckstrom started Twiki.net, so he would appear to understand the Web 2.0 aspects of network security.
One early target for the initiative is to reduce the number of access points to federal systems from thousands to about 50, Chertoff said.
Stephenson emphasized that real cybersecurity means making a cultural change throughout the federal workforce. "It requires both empowering individuals and making them responsible. It's a fantastic, interesting challenge, but it requires somebody who is very well-grounded and something of a visionary," Stephenson said. "Remember, we're talking about networks. It requires an integrated approach in all aspects."