| Home | Information Sharing & Analysis | Prevention & Protection | Preparedness & Response | Research | Commerce & Trade | Travel Security & Procedures | Immigration |
| About the Department | Open for Business | Press Room |
The threat level in the airline sector is High or Orange. Read more.
Orlando, Florida
2007 Government Forum of Incident Response and Security Teams
June 26, 2007
(Remarks as Prepared)
ORLANDO, FL – Thank you for that introduction Jerry. It is truly an honor to be here. Since I took office last Fall I have committed myself to reaching out at industry cyber security gatherings across the country and it is so wonderful to be able to speak at one of our own events.
Before I begin my remarks I would like to take a few minutes to recognize and thank several members of my staff who led the planning and development for this conference. Specifically, Jerry Dixon, Director of the National Cyber Security Division; Rob Pate, Deputy Director of Outreach and Awareness and the lead for GFIRST, Corliss McCain Operations Manager for this conference, and the rest of the GFIRST conference planning team.
The fact that this year's event is sold out, with more than 550 attendees representing 70 government agencies and departments from nearly every State in the union, speaks volumes; not only to the extensive reach of the GFIRST community but also the benefits of information sharing and the robustness of this community.
I am also glad to see our partners from the Department of Justice in attendance. Your support provides reassurance that cyber criminals will be investigated and prosecuted to the fullest extent of the law. Your successful convictions serve to deter future malicious actors.
This week presents a unique opportunity for each of you to reflect on where we have made progress, both individually and collectively, and where we still need to dedicate our time and resources. This event is designed to offer an information sharing environment where your successes and your challenges can be shared in a way that will facilitate improvements and create future successes.
I also hope that you will use this week as an opportunity to strengthen your relationships with old colleagues and establish new relationships with your counterparts in government and industry. Ultimately, the heart of the cyber security challenge is people solving problems. The relationships you make here will enhance your ability to forge a united preparedness and response front. Simply put, relationships promote innovation and creativity.
The theme of this year's conference, "Working to Solve the Cyber Security Puzzle," is a fitting one because each of us in this room represents a different piece of the puzzle. We are leaders who set policy and priorities; administrators who allocate funding and measure progress; technology professionals who develop, operate, and protect our IT systems and networks; law enforcement officers and attorneys who ensure that hackers are treated like the criminals they are; security vendors and professional services firms who provide the products and services on which we all rely. Finally, we all represent thought leaders who drive cyber security innovation and progress.
By joining forces, we can share our insights, expertise, and resources as well as our proven and successful practices.
This morning I would like to discuss with you the trends we are seeing and some of the key initiatives my office has undertaken to meet the evolving challenges we face.
First, a little bit of background on my office, the Office of Cybersecurity and Communications at DHS. The mission of my office is to assure the security, resiliency, and reliability of our Nation's cyber and communications infrastructures. We do so in collaboration with government and private sector stakeholders, and international partners. My office is comprised of three components:
You're all familiar with the National Cyber Security Division which fosters a public-private partnership for cyber security awareness, risk management and mitigation, and information sharing and incident response.
However, my office also oversees the National Communications System which ensures that our government and our Nation are able to communicate under all circumstances, including times of national emergency.
And, the newly established Office of Emergency Communications, which facilitates improvements to interoperable and operable emergency communications. We do this by collaborating with Federal, State, and local partners to establish common goals, standards, practices and requirements, and by providing technical assistance to these partners.
Ok, now let's talk about current trends. The Office of Cybersecurity and Communications serves as the Federal focal point for cyber security which enables us to identify trends we are seeing on government systems and networks. I would like to share with you a few of the things we are seeing:
It is clear that our country continues to face dangers from sophisticated, nimble, and organized adversaries who will stop at nothing to achieve their objectives. These objectives can include economic gain or damage, commercial or international espionage, revenge, publicity, or a desire to reduce public confidence.
In particular, we are seeing a shift in the threat to U.S. government systems from the traditional opportunistic hacker to a more dangerous, more focused, and more skilled adversary. And these adversaries are routinely trying to circumvent preventive measures and technologies through such targeted techniques as social engineering and zero day attacks.
Phishing continues to be the top incident type reported to US-CERT, accounting for 72% of all incidents reported last quarter (FY07 Q2). For example, a recent phishing scheme we have seen purports to be from the Better Business Bureau. It falsely claims that they have received a complaint in regards to the recipient's business services and lures them to click on a malicious link for instructions on how to resolve the complaint. When users click on the link it downloads a key logging Trojan horse program that can be used to steal passwords and other personally identifiable information. What makes this particular scheme so effective is that it targets specific individuals and companies and includes personalized information within the body of the email.
We also continue to see an increase in the number of incidents reported to us. In FY 05, the first year we began tracking incident reports, we received 5,000 reports. In FY 2006, we received 24,000 reports. This year, FY 07, we are on pace to far exceed that number since we have already surpassed 21,000 incident reports through May.
The good news is that much of this can likely be attributed to increased detection capabilities and reporting rates. However, the statistics are still alarming and an indication of why we cannot let up on our efforts.
300 million Americans count on us every day for uncompromised continuity of operations of our most critical systems, such as financial services, transportation, government and emergency services, online commerce, health care, manufacturing, and process control systems like water purification and electric power plants.
If we are going to maintain their trust and fulfill our mission to mitigate risks to our critical infrastructures and systems we'll need to work together. We'll need to find innovative ways to build effective processes and design new technologies to stay one step ahead of our adversaries.
This is about protecting our networks and data, a task made more interesting by convergence and globalization. In the next few years a single, advanced, integrated Internet Protocol (IP)-based network will likely be handling the majority of the world's communications needs. This converged network will extend well beyond voice and data, and local and long distance. It will support an ever-widening array of services across a billion globally-connected devices.
The proliferation of devices and applications within the converged networks will create a breeding ground for security problems. As you know, these security risks, threats, and vulnerabilities are not localized to the national environment, but rather they extend well beyond the borders of our country. This has been compounded by globalization.
Don't get me wrong. I have long been an advocate of globalization and the benefits it yields for all of us. It leverages competitive efficiencies and economies of scale. It increases wealth production and is an engine of competitiveness. It causes us to be more creative and innovative in the way we approach solving our customer's needs, which often leads to the development of new technologies that have yet to be dreamed possible.
However, despite its many benefits, our global connectivity and access also increases the number of attack vectors and vulnerability exploits. The threats against us are real and we are experiencing them now in the form of denial of service attacks, viruses, worms, Trojans, phishing, pharming, and botnets. My primary concern is how these attacks could find their way into our IT and telecommunications assets. I'm concerned about how they might impact other critical infrastructures that we rely on for our economic well being, our national security, and the health and safety of our citizens.
This is why DHS is breeding risk management and mitigation doctrine into the very DNA of my office. We face a wide range of cyber and telecommunications risks. We could face a low consequence/high probability event such as a phishing scam or a high consequence/low probability catastrophic event such as a cyber 9/11. We must be prepared for both and we can do that using a risk management framework, which allows us to make sound choices based on known threats, shared information, and leveraged resources focused on reducing our vulnerabilities and strengthening our networks.
We recognize that government alone cannot address the cyber threats posed to our critical infrastructures, which is why our collaborations with our private sector colleagues are so important. One of the greatest demonstrations of successful partnerships was the development of the National Infrastructure Protection Plan or NIPP.
For those of you not familiar with the NIPP, it provides the unifying structure for the integration of a wide range of efforts for the protection of our critical infrastructure and key resources into a single national program. Extended beneath the NIPP are the Sector-Specific Plans (SSPs) which detail how we are going to implement the NIPP in each of the 17 unique critical infrastructure and key resource sectors, such as chemical and water facilities. It is also the mechanism to help ensure that Federal funding and resources are applied in the most effective manner to reduce vulnerabilities, deter threats, and minimize the consequences of attacks and incidents. The plans are truly a collaborative public/private effort and many of you and your organizations were valuable partners during their development.
In conjunction with our other sector colleagues, my office oversaw the development of the IT and communications SSP's. Joint private sector and government writing teams sat together to build the SSP's from the ground up.
After DHS worked with all 17 critical infrastructure sectors, Secretary Chertoff released the SSP's for all the critical infrastructures last month. We are now leveraging this successful partnership as we implement the SSP's and engage in other important planning and operational efforts.
US-CERT is another one of our key public/private partnerships and how we share information across sectors and disciplines. As the U.S. Government's principal watch and warning center for cyber situational awareness and incident response, US-CERT monitors the cyber infrastructure and coordinates the dissemination of information to key constituencies, including all levels of government and industry, twenty-four hours a day, seven days a week. Several members of our US-CERT team are here with us today and I would like to thank them for their dedicated efforts and public service.
To ensure strong information sharing among different sectors, I am working to co-locate the US-CERT with the National Coordinating Center (NCC), which is the operational arm of the National Communications System. The NCC is a joint government/industry operation, with the industry members coming from the communications Information Sharing and Analysis Center (ISAC). I also plan to invite representatives from the IT-ISAC to participate in this collaboration.
My hope is to create the foundation that will allow the IT and communications experts from the public and private sectors to coordinate in real time, in a trusted and secure information sharing environment. They will be able to leverage their respective skills and expertise to gain increased visibility into what is happening on our IT and communications networks.
US-CERT has a number of programs and initiatives to accomplish our operational mission of coordinating improvements in the security and management of the Federal Government's information systems and networks. These programs focus on enhancing situational awareness, increasing collaboration across Federal operational security teams, preventing or quickly containing cyber incidents, and providing for inter-agency coordination during a cyber event.
One of our most innovative and successful programs is EINSTEIN. By way of background, situational awareness, in cyberspace or the real world, is a critical component in how we deter, and catch criminals and terrorists. Without it, we're sitting ducks for an organized adversary to exploit.
We know from our friends in law enforcement that situational awareness is the primary method a beat cop protects his or her neighborhood. A veteran officer deters crime and catches the bad guys by learning their environment, watching for trends and patterns, and knowing the rhythms of their community.
We know the same is true for cyber first responders, too. So we created an early warning system, outside government firewalls, which watches for malicious patterns in network traffic and notes irregular activity. Things out of the ordinary could, just as with neighborhood policing, tip off agency cyber responders and security teams to potential trouble.
EINSTEIN, as it is known, is that early warning system. It supports Federal agencies' efforts to protect their computer networks -- right now. Einstein monitors participating agencies' network gateways for traffic patterns that indicate the presence of computer worms or other unwanted traffic. By collecting traffic information summaries at agency gateways, Einstein gives US-CERT analysts and participating agencies a big-picture view of potentially malicious activity on federal networks.
Einstein helps to identify configuration problems, unauthorized network traffic, network backdoors, routing anomalies, network scanning activities, and baseline network traffic patterns. It enables the rapid detection of cyber attacks affecting agencies and provides Federal agencies with early incident detection. Today, Einstein is providing the first accurate and iterative picture of the health of our internet facing networks, the dot gov Federal Government domain, in real time.
It really is an extraordinary program which has slashed the time it takes us to gather and share critical data on computer security risks from 4-5 days to days to 4-5 hours.
Currently ten Federal agencies participate in Einstein, and several others have indicated they plan to join by the end of the year. My goal is have most Cabinet-level agencies enrolled in the program by the end of 2008. If your agency does not currently participate in EINSTEIN, I encourage you to consider it.
EINSTEIN is just one example of the significant progress we have made towards enhancing the network security of our Federal departments and agencies. But more can and needs to be done. Our ongoing risk management programs and initiatives have positioned us on the path towards achieving greater overall cyber security with our Federal, State, local, tribal, international, and private sector partners.
We all need to join together because none of us can do it alone. Now that I've talked about some of our key programs and initiatives I would like to discuss what you and your organizations can do to improve your security posture.
Over the last several months my office has been working on the selection of key information security best practices that can help to reduce or mitigate many of the cyber risks facing your organizations. I would like to highlight a few of these practices.
I firmly believe that if these practices are adopted across organizations they can reduce our collective exposure to cyber vulnerabilities and risks.
In conclusion, I want to commend you all for your commitment to cyber security and active participation in this conference. I urge you to use this week to strengthen existing relationships and forge new ones. We must join forces to stay ahead of our adversaries.
Our adversaries thrive on division. They thrive when we fail to dedicate the people, processes, resources and technology necessary to protect our IT systems and networks. They thrive when we are unable to share timely and accurate information. They thrive when our organizations fail to commit themselves to sound security practices even if it means sacrificing some convenience. They thrive when we operate individually and failing to share information. Let me emphasize, they thrive when we fail to dedicate the time, money, and resources necessary to address our vulnerabilities.
We have the power and the know-how to make a difference. We have made significant progress but gaps remain. Each of us has a role to play and each of us can and must do our part. We have committed ourselves to making cyber security a priority and now we must do the same for our organizations, our families, and our Nation. It is time for us to solve the cyber security puzzle together.
This page was last modified on June 27, 2007