The United States needs the help of both the private sector and individual Americans to tackle cybersecurity, Janet Napolitano, Secretary of the U.S. Department of Homeland Security, said at the RSA Conference 2010 in San Francisco on Wednesday.
“We need to have an ongoing two-way conversation and effort between the private and public sectors, and we need to have an ongoing multifaceted effort with the public at large,” she said.
The DHS is seeking to recruit skilled staff from the private sector, Napolitano announced, and she asked attendees at the show who work in the computer security field to make their products more secure and reliable.
The department is also working on various technological projects to improve U.S. cybersecurity while respecting civil liberties and privacy.
Making Nice With the Private Sector
Napolitano repeatedly stressed the need for government to partner with the private sector on cybersecurity, in line with the Obama administration’s overarching theme of private-public sector cooperation.
“The Department of Homeland Security will have the lead for the civilian side of government as well as the lead to work with the private sector to help defend privately owned and operated networks, particularly as they affect our critical infrastructure,” she said. “Our success will depend in no small part on our ability to intersect effectively and efficiently with the private sector.”
For example, the DHS is working very closely with the private sector, which owns and operates most of the nation’s critical infrastructure and cybernetworks, to secure the automated control systems that operate key elements of our infrastructure.
The DHS is also working with members of the financial sector and other key industries to improve cybersecurity, Napolitano said.
Of, By and For the People
The cooperation of individuals will be critical to improving cybersecurity, according to Napolitano. “I can’t stress enough that a secure cyberenvironment is as much about people and habits and cultures as it is about machines.”
That appears to be the harbinger of a kinder, gentler approach from the DHS.
“We need to recognize there are different audiences we have to deal with when we’re talking about cybersecurity,” Napolitano said. These range from teenagers with considerable computer expertise to grandparents who have very little acquaintance with computers, and everyone else in between.
This means any system created for users must be one that’s easy to use.
“We’re working to make sure that the system writ large is safe and secure,” Napolitano said. “We want to make sure any time anyone gets on a system, they have good cyberhabits, and this is an area where the private sector can be very helpful.”
That help is being solicited through the National Cybersecurity Awareness Campaign Challenge Competition, which Napolitano launched at RSA 2010. This seeks input from industry and individuals on the best way to discuss cybersecurity with the American public.
“We want you to develop your own approach to a clear and compelling message for the American people,” Napolitano explained.
The winners will be invited to an event in Washington, D.C., in late May or early June. They will partner with the DHS to plan the National Cybersecurity Awareness Campaign, which will be launched during Cybersecurity Awareness Month in October.
Uncle Sam Needs You
The federal government is also seeking cybersecurity talent from the private sector. “We may be trying to recruit some of you right now,” Napolitano said.
However, it might beef up its relatively low pay scales first. Napolitano appeared last week before the U.S. Senate Committee on Appropriations, which holds the Treasury’s purse strings.
“We want to make sure, within the Administration and within Congress, that the Department of Homeland Security has the legal authority and financial resources to execute our mission and attract, maintain and retain the top talent we need,” she told her audience.
DHS Projects and Civil Liberties
In the meantime, the DHS’ technological projects to improve security are chugging right along. Over the past year, it has deployed the second phase of Einstein to 11 federal agencies. That number will increase to 21 by the end of the year, Napolitano said.
The Einstein Program is an intrusion detection system that monitors the network gateways of government departments and agencies in the United States for unauthorized traffic. The first phase looked at network traffic, and the second phase looks at the content of that traffic so that, for example, it can detect malicious attachments in emails.
The technology for Einstein 3, which will shoot down a cyberattack before it hits its target, is now being tested, Napolitano said.
Einstein 3 uses NSA technology, and many have voiced concerns about privacy because it collects, processes and analyzes the content of all person-to-person communications — in effect, conducting what amounts to the email equivalent of warrantless wire tapping.
Perhaps that’s why Napolitano was quick to bring up the Obama administration’s belief in civil liberties and privacy. “Even as we’re working and developing and deploying Einstein 1; Einstein 2; and now Einstein 3, we take very seriously the protection of privacy, civil rights and civil liberties,” she said.
The DHS has established an oversight and compliance officer to work from the outset on the technologies that it’s seeking to develop, Napolitano explained.
Further, key personnel at the United States Computer Emergency Readiness Team (US-CERT) have been given “specific” training on the protection of privacy and other civil liberties as they relate to computer network security activities, she noted.
US-CERT focuses on intrusion-detection incident analysis and cyber-response capabilities. It’s an arm of the DHS.
Let’s Do It Now!
Time is of the essence in the cybersecurity battle.
“The challenges facing our nation are urgent — they involve national security both from the security and intellectual property standpoints,” Napolitano said.
“We have to have a sense here of moving quickly, effectively, innovatively, creatively. This cyberecosystem is changing, it’s changed even while I’ve been on this platform.”
The trick to succeeding in the cybersecurity battle is to anticipate future events.
Napolitano cited ice hockey great Wayne Gretzky, who said his secret was that he didn’t skate to where the puck was, he skated to where it would be.
“We need your help, your brainpower, your expertise to identify where that puck is and go beyond that,” she said. “That, my friends, is what we call the national cybersecurity effort.”