Chertoff: Cyber defense must be wider

Cyberattacks against government and commercial networks aren't limited to traditional frontal attacks that attempt to create intrusion though vulnerabilities,  Homeland Security Secretary Michael Chertoff said today at an event sponsored by AFCEA.

“We have to ensure we’re protecting against the full spectrum of threats,” Chertoff said. “Everybody thinks about cybersecurity as network attacks, but we have to look end to end at the entire architecture to make sure we are in fact protecting ourselves.”

In a global economy where hardware and software are developed across the world, new and difficult-to-find vulnerabilities could affect government and commercial systems, he said.

Chertoff said the Bush administration has begun a foundation to help the incoming administration, adding, “I do think we’ve launched a strategy that is robust and that has laid out a major pathway. It has just started the process of moving us to a more secure cyberspace. We’ve got a lot of good coordination under our belts.” His remarks came at the fourth installment of AFCEA’s Solutions Series forums.

An educated workforce is important in fighting the new threats, Chertoff said. “We have to shape the future environment by educating the next generation of cyber professionals and by [doing that], looking to see if we can spur leap-ahead technology to protect our cyber assets and interests.”

Another important step needed to protect cyber systems is to recognize that civilian domains have literally thousands of points of access to the Internet.

“We need to reduce that number of trusted Internet connections so we can get a handle on the flow of traffic that it is coming in and out of the federal domain,” Chertoff said.

Chertoff also warned that the nation's economic downturn could increase cyber attacks by insiders, saying a disgruntled insider could use a thumb drive in an organization’s enterprise to steal information or passwords.

“This is likely to become an increasing risk in an environment where people are being, I guess they say, downsized, because sometimes people aren’t happy about having their jobs terminated,” Chertoff said. “They may decide to manifest that unhappiness in a destructive way. This is really low-tech stuff, but equally important.”