Wednesday, April 09, 2008

U.S. Starts "Manhattan Project" on Cyber Security (Finally)

And it only took the resignation of four Cyber-Security Czars for them to get around to taking the threat seriously...

From Wired:

U.S. Has Launched a Cyber Security 'Manhattan Project,'
Homeland Security Chief Claims

SAN FRANCISCO -- The federal government has launched a cyber security "Manhattan Project," U.S. homeland security secretary Michael Chertoff said Tuesday, because online attacks can be a form of "devastating warfare", and equivalent in damage to "physical destruction of the worst kind."

Speaking to hundreds of security professionals at the RSA security conference, Chertoff cited last year's denial-of-service attacks against Estonia, and hypothetical hack attacks on financial networks and air traffic control systems, as proof that a federal strategy was needed.

"Imagine, if you will, a sophisticated attack on our financial systems that caused them to be paralyzed," Chertoff said. "It would shake the foundation of trust on which our financial system works."

...

The Bush administration's Cyber Initiative has gotten $150 million in funding for this year, and the administration is requesting $192 million for 2009.

Chertoff hopes that the government's new cyber security efforts will lead to technology breakthroughs that it can share with the private sector. Silicon Valley entrepreneur Rod Beckstrom was recently named to head that effort.

In fact, Chertoff imagines the government's cyber security center will transform its current intrusion detection system, named Einstein, into a pre-computer crime detector.

"We might have the ability to understand the signature of an attack before it is launched," Chertoff said. "I think it could become an early warning system that might be able to detect an attack before it is coming. Giving an adversary one bite at the apple before we understand the attack's meta data, or the code, is one bite too many."

One side-benefit of better cyber security is less identity and intellectual property theft...

I've been harping about the need for this for a long time. Its good to see DHS and the administration taking this seriously. The attack on Estonia as well as increased hacking by China into govt and private networks probably greatly contributed to the DHS finally taking network security seriously. I just wish that they had been more proactive in implementing this initiative. Given the amount of time it'll take the R&D people to come up with solutions our networks will continue to be vulnerable for a long while. In theory had we taken up a similar initiative shortly after 9/11 we could have already had security solutions in place by now.

However internet security tends to be reactive rather than proactive. So while I'm glad to see them finally getting the ball rolling on this I'm hoping they'll get everything up and running before the Zombies get us all.