Schmidt: Private Sector Key to Stopping Google-style Attacks

Most of the work that needs to be done to secure cyberspace is in the private sector, but private enterprise and government agencies have not been on the same page

White House Cybersecurity Coordinator Howard Schmidt says the information security community is right to be spooked by massive, coordinated attacks that recently targeted Google. But he rejects the notion that this is cybergeddon, and believes the best defense remains in the hands of the private sector.

"You guys have been carrying the water," Schmidt told attendees at CSO Perspectives 2010 Tuesday. The government can do a lot to improve the nation's cyber defenses. But ultimately, he said, the key to warding off attacks like the one Google experienced remains private-sector vigilance.

Schmidt was at CSO Perspectives to deliver a keynote talk on the changing face of cybersecurity and update attendees on the government's Comprehensive National Cybersecurity Initiative (CNCI). From the conference, he was headed on a trip to meet with his counterparts around the world, including the U.K.

A week before the conference, CSO interviewed Schmidt by phone and asked if he believes the notion that attacks like the one Google suffered are part of a larger, state-sponsored cyber war.

As far as he's concerned, this isn't an online version of East against West or Allies against Axis. What we're seeing, he believes, is more about online riots and hacktivism, where a ragtag band of malcontents express their displeasure over government policy by launching distributed denial-of-service attacks like of the sort that pounded the networks of Estonia in 2007.

But the lack of state-against-state warfare shouldn't keep IT security practitioners from serious concern, Schmidt said. The attacks undermine global infrastructure and endanger our way of life, he said, adding that this is a battle every IT security professional must fight from the foxholes.

"I see this as a whole range of threats we have to deal with -- everything from script kiddies to organized crime and everything in between," he said. "There are a lot of different actors we need to worry about, and we have to work harder to reduce the number of vulnerabilities out there so we can stop all of them, whoever and wherever they are."

Concern over state-sponsored cyber warfare escalated a couple months ago, when Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. The attacks became part of a large-scale, well-organized operation called Aurora. Before that, during the Estonian incident, government networks and most online commerce coming from that country came to a halt when hackers attacked in anger over the removal of a WW II-era statue of a Soviet soldier.

Schmidt said these threats drive home the need for more partnerships between the government and the business sector. After all, he said, many of the attacks that threaten private enterprise have consequences for government systems and vice-versa.

Tuesday, he walked CSO Perspectives attendees through The Obama Administration's Comprehensive National Cybersecurity Initiative (CNCI), parts of which were declassified last month at the RSA conference. It includes 12 initiatives to aid the cyber fight, including:

The Trusted Internet Connections (TIC) initiative. Headed by the Office of Management and Budget and the Department of Homeland Security, this involves the consolidation of the Federal Government's external access points (including those to the Internet). This consolidation will result in a common security solution which includes: facilitating the reduction of external access points, establishing baseline security capabilities; and, validating agency adherence to those security capabilities. Agencies participate in the TIC initiative either as TIC Access Providers (a limited number of agencies that operate their own capabilities) or by contracting with commercial Managed Trusted IP Service (MTIPS) providers through the GSA-managed NETWORX contract vehicle.

IDS and IPS across federal agencies DHS is deploying, as part of its EINSTEIN 2 activities, signature-based sensors capable of inspecting Internet traffic entering federal systems for unauthorized accesses and malicious content. The EINSTEIN 2 capability enables analysis of network flow information to identify potential malicious activity while conducting automatic full packet inspection of traffic entering or exiting U.S. government networks.

A government-wide cyber counterintelligence (CI) plan. The plan establishes and expands cyber CI education and awareness programs and workforce development to integrate CI into all cyber operations and analysis, increase employee awareness of the cyber CI threat, and increase counterintelligence collaboration across the government. The Cyber CI Plan is aligned with the National Counterintelligence Strategy of the United States of America (2007) and supports the other programmatic elements of the CNCI.

Increase the security of classified networks. Successful penetration or disruption of these networks could cause exceptionally grave damage to our national security, the report said.

Schmidt also reiterated the need for public-private partnerships. Most of the work that needs to be done to secure cyberspace is in the private sector, but private enterprise and government agencies have not been on the same page in the past. That's starting to change, but he said it's going to take time for all the starts to align.

"Nobody should expect a complete turnaround overnight," he said. "This is a long, hard struggle, and everyone who uses the Internet has a role to play."

Join the CSO newsletter!

Error: Please check your email address.

Tags cyberattacksUSA governmentGoogle

More about AxisFederal GovernmentGoogleGSA GroupIPSOffice of Management and BudgetRSATICWest

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Brenner

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place