RSA:DHS Project Will Secure Feds’ Computers

U.S. Homeland Security Secretary Michael Chertoff said his agency is working on a “reverse Manhattan Project” to help secure the federal government’s computer systems.

A Presidential Directive signed in January gave the U.S. Department of Homeland Security (DHS) the go-ahead to beef up computer system security throughout the government. Federal systems have frequently fallen short of the mark in security audits, and have been hit with a series of online attacks over the past few years.

While the Manhattan Project in World War II sought to build the world’s most powerful weapon — the atomic bomb — this latest project is designed to create a powerful defense system for the U.S., according to Chertoff, who said he takes cyber threats as seriously as threats in the physical world.

“We’re operating in a domain where traditional military power or the power of government is insufficient to address the full nature of the threat,” Chertoff said Tuesday at the RSA Conference in San Francisco. “We need to have a networked response to deal with a networked attack.”

One of the goals of the project is to reduce the points where outsiders can access government systems from a number that is in the “thousands” to something more like 50, Chertoff said. He also wants federal agencies to bring their threat detection and response capabilities to a minimum baseline level. “The network is only as strong as its weakest link,” he said.

According to a report in January in the Washington Post, this directive also authorizes the National Security Agency (NSA) to monitor computers in all federal agencies. The effort is expected to cost billions of dollars in the fiscal 2009 budget.

Chertoff said he would like to see the federal government develop an early warning system that could mitigate cyber attacks before they occur. “The best way to deal with an attack on a system is to prevent it before it happens,” he said. “We have the capability now to detect what might be the signature of an attack before it is launched.”

The DHS has created a National Cyber Security Center to do this work. It will be headed by Rod Beckstrom, an Internet entrepreneur who founded Cats Software and Twiki.net.

While the DHS has had problems retaining executive staff since its inception, Chertoff said he hoped to be able to attract more talent from the private sector. “We’re not at the point of issuing stock options with government agencies,” he said. “What can motivate people is the desire to serve,” he said in a press conference after his address.

Chertoff himself was lured out of private law practice into public service, he said. “I’m optimistic that people who are in the IT area are going to be as selfless as lawyers and investment bankers and others who have done this.”

Conference attendee Ron Hale said that many in the private sector underestimate the benefits of a public sector career, especially early on. “I think you get more experience and more responsibility in your career than you might get in the public sector,” said Hale, director of information security practices with the Information Systems Audit and Control Association, a professional organization of information system auditors.

Hale got his start as a police crime scene investigator in Cook County, Illinois, before branching out into private work. He said that while some agencies like the U.S. Internal Revenue Service or U.S. Social Security Administration might not have the cachet to attract top talent, that’s not the case with other agencies, such as the U.S. Federal Bureau of Investigation.

“Saying you work for the DHS and you’re working with the FBI, that’s pretty sexy,” he said. “That’ll get you dates.”