Team Infidel
Forum Spin Doctor
USA Today
March 14, 2008
Pg. 6
President wants to raise funding to $7.3 billion
By Richard Wolf, USA Today
WASHINGTON — A sudden spike in the number of successful attacks against federal government information systems and databases has led President Bush to propose a multibillion-dollar response.
The number of incidents reported to the Department of Homeland Security rose by 152% last year, to nearly 13,000, according to a new government report. The security breaches, more than 4,000 of which remain under investigation, ranged from the work of random hackers to organized crime and foreign governments, says Tim Bennett, president of the Cyber Security Industry Alliance.
The increase and severity of data breaches prompted Bush to recommend a 10% increase in cybersecurity funding for the coming fiscal year, to $7.3 billion. That's a 73% increase since 2004.
"The president's put a lot of emphasis on this recently," says Robert Jamison, undersecretary for national protection and programs at the Department of Homeland Security. "We're concerned that the threats are real and growing. … We're more vulnerable as a nation."
Members of Congress and experts in the private sector say the government's new initiative is overdue.
"There are more and more bad guys out there," says Sen. Tom Carper, D-Del., who chaired a Senate Homeland Security subcommittee hearing this week on government information security risks. In 31% of the infiltrations, he says, "agencies do not know who took the information or how much information was taken."
Rep. Jim Langevin, D-R.I., who chairs the House Homeland Security subcommittee with jurisdiction over the issue, says the Bush administration "has not paid nearly enough attention to cybersecurity" until this year. Now, he says, "they're at least trying to move in the right direction."
Homeland Security Secretary Michael Chertoff has made improving cybersecurity one of his top four goals for 2008. "It's the one area in which I feel we've been behind where I would like to be," he told reporters here last week.
The Defense Department and federal intelligence agencies are on the warpath against increasing numbers of cyberattacks.
To combat the threat, the government is rolling out a system this year that reduces external connections to the Internet, detects intrusions in and out of federal networks and enables faster patching of holes.
Even so, the Government Accountability Office reported this week that 20 of 24 major federal agencies are deficient in protecting against cyberattacks. Gregory Wilshusen, the GAO's director of information security issues, cited past instances in which the State Department network was breached by a malicious code inside an e-mail; a Transportation Security Administration hard drive with employment records was found missing; and an idled nuclear power plant's private computer network was infected by a virus, disabling a safety monitoring system.
Deputy Defense Secretary Gordon England noted last week that Estonia was victimized by a series of attacks for three weeks in 2007 that forced its largest bank to shut down its online banking network. "Cyberwarfare is already here," England told a Veterans of Foreign Wars conference.
Much of the attention focuses on China, which could be infiltrating U.S. government information technology systems despite denials by Beijing. In its annual report to Congress last week on China's military power, the Pentagon said several cyberspace attacks around the world in 2007 were sourced back to China.
Director of National Intelligence Mike McConnell told the Senate Intelligence Committee last month that several nations, including China and Russia, "have the technical capabilities to target and disrupt elements of the U.S. information infrastructure and for intelligence collection." He recommended "proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage."
"The Chinese have a lot of resources, and they're willing to spend it to break in," says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
Alan Paller, director of research at the SANS Institute, which specializes in information security research and training, says preventing cyberattacks is as important as preventing physical attacks. "Owning our computers is a powerful weapon in a war," Paller says. "We need to get them out."
To test security against about 100 possible attacks, the Department of Homeland Security today is completing a week-long series of simulations called "Cyber Storm II." The event presumed a coordinated cyberattack on information technology, communication, chemical and transportation systems. Participants from five countries, nine states, 18 federal agencies and more than 40 private companies participated.
"They remarked somewhat sheepishly how much of a stretch this has been for them," Greg Garcia, assistant secretary for cybersecurity at the Homeland Security Department, said Thursday during a tour of the event at Secret Service headquarters here.
Karen Evans, administrator for electronic government and information technology at the Office of Management and Budget, says part of the 152% increase in security breaches in 2007 was due to more accurate reporting, but she acknowledges that much of it represents a real rise.
Industry officials want a greater government role in preventing cyberattacks. Bennett says, "With global attacks on data networks increasing at an alarming rate, in a more organized and sophisticated manner, and often originating from state-sponsored sources, there is precious little time to lose."
March 14, 2008
Pg. 6
President wants to raise funding to $7.3 billion
By Richard Wolf, USA Today
WASHINGTON — A sudden spike in the number of successful attacks against federal government information systems and databases has led President Bush to propose a multibillion-dollar response.
The number of incidents reported to the Department of Homeland Security rose by 152% last year, to nearly 13,000, according to a new government report. The security breaches, more than 4,000 of which remain under investigation, ranged from the work of random hackers to organized crime and foreign governments, says Tim Bennett, president of the Cyber Security Industry Alliance.
The increase and severity of data breaches prompted Bush to recommend a 10% increase in cybersecurity funding for the coming fiscal year, to $7.3 billion. That's a 73% increase since 2004.
"The president's put a lot of emphasis on this recently," says Robert Jamison, undersecretary for national protection and programs at the Department of Homeland Security. "We're concerned that the threats are real and growing. … We're more vulnerable as a nation."
Members of Congress and experts in the private sector say the government's new initiative is overdue.
"There are more and more bad guys out there," says Sen. Tom Carper, D-Del., who chaired a Senate Homeland Security subcommittee hearing this week on government information security risks. In 31% of the infiltrations, he says, "agencies do not know who took the information or how much information was taken."
Rep. Jim Langevin, D-R.I., who chairs the House Homeland Security subcommittee with jurisdiction over the issue, says the Bush administration "has not paid nearly enough attention to cybersecurity" until this year. Now, he says, "they're at least trying to move in the right direction."
Homeland Security Secretary Michael Chertoff has made improving cybersecurity one of his top four goals for 2008. "It's the one area in which I feel we've been behind where I would like to be," he told reporters here last week.
The Defense Department and federal intelligence agencies are on the warpath against increasing numbers of cyberattacks.
To combat the threat, the government is rolling out a system this year that reduces external connections to the Internet, detects intrusions in and out of federal networks and enables faster patching of holes.
Even so, the Government Accountability Office reported this week that 20 of 24 major federal agencies are deficient in protecting against cyberattacks. Gregory Wilshusen, the GAO's director of information security issues, cited past instances in which the State Department network was breached by a malicious code inside an e-mail; a Transportation Security Administration hard drive with employment records was found missing; and an idled nuclear power plant's private computer network was infected by a virus, disabling a safety monitoring system.
Deputy Defense Secretary Gordon England noted last week that Estonia was victimized by a series of attacks for three weeks in 2007 that forced its largest bank to shut down its online banking network. "Cyberwarfare is already here," England told a Veterans of Foreign Wars conference.
Much of the attention focuses on China, which could be infiltrating U.S. government information technology systems despite denials by Beijing. In its annual report to Congress last week on China's military power, the Pentagon said several cyberspace attacks around the world in 2007 were sourced back to China.
Director of National Intelligence Mike McConnell told the Senate Intelligence Committee last month that several nations, including China and Russia, "have the technical capabilities to target and disrupt elements of the U.S. information infrastructure and for intelligence collection." He recommended "proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage."
"The Chinese have a lot of resources, and they're willing to spend it to break in," says James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
Alan Paller, director of research at the SANS Institute, which specializes in information security research and training, says preventing cyberattacks is as important as preventing physical attacks. "Owning our computers is a powerful weapon in a war," Paller says. "We need to get them out."
To test security against about 100 possible attacks, the Department of Homeland Security today is completing a week-long series of simulations called "Cyber Storm II." The event presumed a coordinated cyberattack on information technology, communication, chemical and transportation systems. Participants from five countries, nine states, 18 federal agencies and more than 40 private companies participated.
"They remarked somewhat sheepishly how much of a stretch this has been for them," Greg Garcia, assistant secretary for cybersecurity at the Homeland Security Department, said Thursday during a tour of the event at Secret Service headquarters here.
Karen Evans, administrator for electronic government and information technology at the Office of Management and Budget, says part of the 152% increase in security breaches in 2007 was due to more accurate reporting, but she acknowledges that much of it represents a real rise.
Industry officials want a greater government role in preventing cyberattacks. Bennett says, "With global attacks on data networks increasing at an alarming rate, in a more organized and sophisticated manner, and often originating from state-sponsored sources, there is precious little time to lose."