Chertoff Calls For Cyber Security 'Manhattan Project'
"We face a very serious challenge and one that is likely to grow more serious as time passes," said Chertoff, in an address at the RSA 2008 conference in San Francisco. "Building on efforts today and reinforcing our cyber security initiatives, it would almost be like a Manhattan Project to defend our cyber networks."
Comparing today's security threats to those that the U.S. faced from foreign governments in the past, Chertoff said that U.S. networks and systems are more vulnerable than ever due to reliance on the Internet and interdependency between networks. However, unlike past threats, a highly organized criminal network or an individual with criminal intent can can bring down an entire commercial and federal system in a way that "only came when you dropped bombs or set off explosives" in the past, Chertoff said.
"Obviously these threats don't occur in a way that's visible to the naked eye, but the consequences of these attacks can be very serious in the real world," said Chertoff.
Chertoff asserted that those threats can take many forms. They could come from highly sophisticated networks attempting to steal and sell sensitive or personal identifying information. Cyber espionage could threaten the country's corporate infrastructure and intellectual property. Or cyber terrorists could use malicious code to shut down financial or government systems.
"There would be a shaking of the foundation of trust on which commercial and financial enterprises depends," said Chertoff.
As it sits, the federal government recently developed the U.S. Computer Emergency Readiness Team to provide cyber alerts and respond to emerging threats. However, Chertoff says that it isn't enough.
To respond to complex and treacherous security threats, Chertoff called upon the federal government to "take a quantum leap forward."
"We need to have a network response to deal with a network attack," said Chertoff. "In short, it takes a network to beat a network."
Beefing up responses includes reducing the number of access points and consolidating connections. It would also mean using accreditation and certification authorities to provide federal agencies 24/7 incident response. And subsequently, the federal government needs develop technology to detect signatures quicker and provide advanced warning systems that discovers attacks before they occur, Chertoff said.
"We all know the best way to deal with an attack is to prevent before it happens rather than response after it occurs," said Chertoff. "We need to drive our technology and operations to a faster time of awareness of when they occur. Detect and analyze not in hours but in minutes."
Ultimately, Chertoff said that the U.S. government will be required to call upon the help of the private sector, such as power, financial and transportation systems, as well as the IT industry, to fully combat and prepare the country for future unforeseen security threats.
"It's not exclusively a government function -- it has to be a shared function," said Chertoff. "The failure of a single system has repercussions and cascading effects across the nation."