Attacks escalate on critical U.S. government networks: Will a Manhattan Project work?

Attacks escalate on critical U.S. government networks: Will a Manhattan Project work?

Summary: Last week Department of Homeland Security Michael Chertoff outlined plans for a federal Manhattan Project to bolster cyber security. The big question is whether this project will bolster cyber security defenses as attacks on U.

SHARE:
12

Last week Department of Homeland Security Michael Chertoff outlined plans for a federal Manhattan Project to bolster cyber security. The big question is whether this project will bolster cyber security defenses as attacks on U.S. infrastructure escalate.

In a nutshell, Chertoff says federal agencies will cut the number of communication points through which agencies connect to the Internet from 4,000 to less than 100.

Will this be enough? It's highly doubtful given some recent findings from BusinessWeek.

In its cover story, BusinessWeek reported that government agencies are under repeated attacks. Meanwhile, key defense contractors are also under attack. Add it up and it's clear the U.S. is outgunned against hackers. The article didn't break a lot of new ground, but here are the key takeaways from the article, which is largely based on a spear phishing incident at defense contractor Booz Allen.

Weak links abound. BusinessWeek reports:

The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. "It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk.

The reality is that the DHS could be the most secure agency on the planet, but critical infrastructure would still be vulnerable. Nearly all the networks that the DHS needs to be secure are out of its control and in private hands.

Attacks originate in China. BusinessWeek reports:

The military and intelligence communities have alleged that the People's Republic of China is the U.S.'s biggest cyber menace. "In the past year, numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within the PRC," reads the Pentagon's annual report to Congress on Chinese military power, released on Mar. 3. The preamble of Bush's Cyber Initiative focuses attention on China as well.

Nothing new there. Later in the story, BusinessWeek notes that China is the most controlling when it comes to the Internet. Nevertheless, China plays the "we can't stop these guys" card when it comes to hackers. These two positions don't exactly mesh.

Current defenses don't work. BusinessWeek reports:

Sophisticated hackers, say Pentagon officials, are developing new ways to creep into computer networks sometimes before those vulnerabilities are known. "The offense has a big advantage over the defense right now," says Colonel Ward E. Heinke, director of the Air Force Network Operations Center at Barksdale Air Force Base.

BusinessWeek specifically calls out antivirus vendors to note that few could detect the specific attack mentioned in the story. For security industry insiders, the inability of anti-virus software to adapt is well known.

There is a bright side to this mess. The government is at least creating a Manhattan Project to deal with the problem. With any luck this big project will be more than just a bunch of position papers and Congressional yapping. The hope, which may be naive, is that if the feds could build the Internet they can cook up an immune system to go with it.

Topics: Networking, Security, China

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • I'm just wondering about the presentation.

    I know this is off-topic, but is it possible to minimize "clearing throat" during the presentation? I found it to be a bit distracting when I was listening word-for-word.
    Grayson Peddie
  • RE: Attacks escalate on critical U.S. government networks: Will a Manhattan Project work?

    Deter cyber attacks the same way JFK detered missles in Cuba. Cut the PRC off from the rest of the world. A modern day cyber blockade if you will. I know it isn't easy to do but I'd bet it can be done. Go on the offensive. Then see what they have to say.
    RedM3
    • I like this but it is unlikely

      Although I like the the pulling of the hard line to China there are a few problems, first, all countries would have to cut the lines to China, not just the US and as you know the US is not in a real popular position on the world stage right now.

      Second, the reason the US is very sensitive with China is because China all but bought the United States. China has more US savings bonds then the US could pay back, meaning that if China wanted to send the US into a USSR, after the collapse, type recession all they have to do is cash in all their savings bonds. Once the US could not pay for them the US currency would be de-valuated to next to nothing.

      It is a sorry mess we have gotten our selves in, but as long as Big Oil and Big Business tell our politicians what to do we won't get out of this situation.

      So the US does what it can, which is react to cyber-attacks instead of just cutting off the source.
      blittrell
  • 'Manhattan Project' not the right response

    Inapt metaphor. The Manhattan Project created the atom bomb, a weapon whose use was so devastating that for fifty years, just the threat of its use by any or all nations possessing them kept an uneasy peace.

    What does Chertoff propose? A weapon to destroy the Internet if we don't get our way? I doubt that.

    What we have here is more a war of spies, a war of wires. Monolithic security will not work against a constantly-evolving threat, from whatever source. Cut off China and the attacks will originate somewhere else. Put all US Government contractors under a single DCHP umbrella and you shield the moles and holes inside. There is no single simple solution and it is wrong to suggest there is.

    I have no confidence in Chertoff's ability to envision a solution or even a coherent response, on the strength of his chosen metaphor. We need more Dutch boys putting their fingers in the holes they find in the dike - not more Americans building bombs to bluster and bluff a disbelieving world.

    Intellectually AND morally bankrupt. Again!
    progan019
  • RE: Attacks escalate on critical U.S. government networks: Will a Manhattan Project work?

    Is Chertoff the same guy who released the video of Idaho National Labs basically blowing up a SCADA device? Even if he wasn't, DHS was. I think we should just cull the whole lot of them and start over.

    -Nate
    nmcfeters
  • RE: Attacks escalate on critical U.S. government networks: Will a Manhattan

    I have no idea on the costs involved with research and implementation costs are for this project, but, how much more would it cost to have an independent network dedicated to national security? The only un-hackable computer is the one not plugged into the web in any way...
    jxb
    • Re: A National Security Network

      Maybe they could call it the ARPANET.
      OK. ARPANET-II.
      David Spencer-20660146163390554490918120654216
  • RE: Attacks escalate on critical U.S. government networks: Will a Manhattan Project work?

    Each day attacks on individual personal computers, servers, and corporate infrastructure are occurring. The irresponsible individuals responsible for these crimes, fed by egos and destructive ideologies continue for the most part unabated. What is really needed is a national recognition that these cyber attacks cripple innocent individuals and businesses and that this violation of personal property is a loathsome deplorable act. There is need to develop faster detection of the source as well as harsher penalties for perpetrators. This could place such unsubs in positions where they could not harm others again. Any such program should at the very least include:
    1) Confiscation of their equipment.
    2) Penalties that include repaying those that were damaged.
    3) Imprisonment for the first offense and cutting off of the fingers for second offense. Further offenses might include slow electrocution or at a minimum life without parole.
    4) Individuals attacking government installations or defense contractors would be tried under federal acts of treason.
    5) Where foreign governments are found to be in collusion, such attacks would be considered as an attack against the United States as an act of war. Locations of transmissions would then be neutralized.
    laurence.ward
  • Yes it'll work

    12 months to clean it up. Hourly Rates. Guaranteed.
    topsecret1
  • RE: Attacks escalate on critical U.S. government networks: Will a Manhattan

    The more you dare them, the more they try to attack you.
    We need to have some large project to find ways to thwart all forms of electronic network attacks. A "Manhattan Project" style project will seem like overkill but looking at all of the attacks on my firewall from a variety of systems around the world and stopping these before it get to my systems in the US should be great idea. However we need to make sure that this "protective border" is not another name of censorship like that of China which "protects" its people of the "evils" of the world.
    phatkat
  • RE: Attacks escalate on critical U.S. government networks: Will a Manhattan Project work?

    Hakers may be developing their skills, but they are growing in numbers too. What we need is an inteligent program not an anti-virus, that can learn and adapt itselve not by the old atualization method.
    I think we are really near a digital chaos. In my opinion [wich it??s a pessimist one] the "Digital World" will be in big trouble soon... I can??t imagine any solution to the problem unfortneltly. About China: I??m against the Digital control, and also I don??t think it??s usefull anyway.
    godlightingnouo
  • A mandatory computer literacy/competence test

    would be a great start. Stupidity and negligence on the inside is a SERIOUS problem.
    pennatomcat