Schmidt: Private Sector Key to Stopping Google-style Attacks

White House Cybersecurity Coordinator Howard Schmidt says the information security community is right to be spooked by massive, coordinated attacks that recently targeted Google. But he rejects the notion that this is cybergeddon, and believes the best defense remains in the hands of the private sector.

"You guys have been carrying the water," Schmidt told attendees at CSO Perspectives 2010 Tuesday. The government can do a lot to improve the nation's cyber defenses. But ultimately, he said, the key to warding off attacks like the one Google experienced remains private-sector vigilance.

Schmidt was at CSO Perspectives to deliver a keynote talk on the changing face of cybersecurity and update attendees on the government's Comprehensive National Cybersecurity Initiative (CNCI). From the conference, he was headed on a trip to meet with his counterparts around the world, including the U.K.

A week before the conference, CSO interviewed Schmidt by phone and asked if he believes the notion that attacks like the one Google suffered are part of a larger, state-sponsored cyber war.

As far as he's concerned, this isn't an online version of East against West or Allies against Axis. What we're seeing, he believes, is more about online riots and hacktivism, where a ragtag band of malcontents express their displeasure over government policy by launching distributed denial-of-service attacks like of the sort that pounded the networks of Estonia in 2007.

But the lack of state-against-state warfare shouldn't keep IT security practitioners from serious concern, Schmidt said. The attacks undermine global infrastructure and endanger our way of life, he said, adding that this is a battle every IT security professional must fight from the foxholes.

"I see this as a whole range of threats we have to deal with -- everything from script kiddies to organized crime and everything in between," he said. "There are a lot of different actors we need to worry about, and we have to work harder to reduce the number of vulnerabilities out there so we can stop all of them, whoever and wherever they are."

Concern over state-sponsored cyber warfare escalated a couple months ago, when Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. The attacks became part of a large-scale, well-organized operation called Aurora. Before that, during the Estonian incident, government networks and most online commerce coming from that country came to a halt when hackers attacked in anger over the removal of a WW II-era statue of a Soviet soldier.

Schmidt said these threats drive home the need for more partnerships between the government and the business sector. After all, he said, many of the attacks that threaten private enterprise have consequences for government systems and vice-versa.

Tuesday, he walked CSO Perspectives attendees through The Obama Administration's Comprehensive National Cybersecurity Initiative (CNCI), parts of which were declassified last month at the RSA conference. It includes 12 initiatives to aid the cyber fight, including:

The Trusted Internet Connections (TIC) initiative. Headed by the Office of Management and Budget and the Department of Homeland Security, this involves the consolidation of the Federal Government's external access points (including those to the Internet). This consolidation will result in a common security solution which includes: facilitating the reduction of external access points, establishing baseline security capabilities; and, validating agency adherence to those security capabilities. Agencies participate in the TIC initiative either as TIC Access Providers (a limited number of agencies that operate their own capabilities) or by contracting with commercial Managed Trusted IP Service (MTIPS) providers through the GSA-managed NETWORX contract vehicle.

IDS and IPS across federal agencies DHS is deploying, as part of its EINSTEIN 2 activities, signature-based sensors capable of inspecting Internet traffic entering federal systems for unauthorized accesses and malicious content. The EINSTEIN 2 capability enables analysis of network flow information to identify potential malicious activity while conducting automatic full packet inspection of traffic entering or exiting U.S. government networks.

A government-wide cyber counterintelligence (CI) plan. The plan establishes and expands cyber CI education and awareness programs and workforce development to integrate CI into all cyber operations and analysis, increase employee awareness of the cyber CI threat, and increase counterintelligence collaboration across the government. The Cyber CI Plan is aligned with the National Counterintelligence Strategy of the United States of America (2007) and supports the other programmatic elements of the CNCI.

Increase the security of classified networks. Successful penetration or disruption of these networks could cause exceptionally grave damage to our national security, the report said.

Schmidt also reiterated the need for public-private partnerships. Most of the work that needs to be done to secure cyberspace is in the private sector, but private enterprise and government agencies have not been on the same page in the past. That's starting to change, but he said it's going to take time for all the starts to align.

"Nobody should expect a complete turnaround overnight," he said. "This is a long, hard struggle, and everyone who uses the Internet has a role to play."