Homeland Security gives cyber 'early warning system' details
The US is to develop an 'early warning system' to warn of cyber attacks, US secretary of Homeland Security Michael Chertoff said on Tuesday.
Speaking at a press conference given after a keynote speech at the RSA Conference in San Francisco, Chertoff said the US government was "making an offer to share [more] information with business."
"We want to develop an early warning system," said Chertoff. Current accreditation systems would be beefed up as new private sector organisations shared information as "every chain is only as strong as its weakest link, [and] every network is only as strong as its weakest member," said Chertoff.
"We face a very serious challenge and it's only likely to grow more serious as time passes," said Chertoff in his keynote. "We're operating in a domain in which traditional military power or the power of the government is insufficient to address the full nature of the threat. A command and control response will simply not be adequate. We need a network response to deal with a network attack."
Speaking to ZDNet.co.uk after a separate session at the RSA Conference, Greg Garcia, assistant secretary for cyber security and communications at the Department of Homeland Security, said that while information was already shared between the US public and private sectors through the US Computer Emergency Response Team (CERT), that response time needed to be speeded up.
"Currently US CERT is a focal point for sharing information between the public and private sectors," said Garcia. "We share data about anomalous network activity. We're looking for code that doesn't seem to make sense, looking for traffic patterns that don't make sense. We need to constantly improve our information sharing capabilities, and to do that will take more trusted relationships, and more centres like ISACS."
Information Sharing and Analysis Centres share critical national infrastructure (CNI) data between US CNI organisations and government. They include ISACS for communications, the electricity sector, financial services, and information technology.
"We want to coordinate with [ISACS] more in the coming years so over time we reduce the time it takes information to get from them to us and us to them," said Garcia. This would be done through a combination of improved business and technical processes, said Garcia.
Garcia added that the US government plans to accelerate data sharing with other governments, including the UK. "While the US already has sharing relationships with other governments, we plan to accelerate those, working through national laws, and taking into account privacy concerns and legal concerns." said Garcia.