SAN FRANCISCO – Federal cybersecurity officials are trying to develop an early warning system that alerts authorities to incoming computer attacks targeting critical U.S. infrastructure, Homeland Security Secretary Michael Chertoff said Tuesday.
Chertoff's keynote speech at the RSA security conference, however, was light on details about this and other initiatives, many of which he said were classified.
Some security experts said the idea of an early warning system seemed far-fetched.
Robert Graham, chief executive of Atlanta-based Errata Security and an expert on computer-intrusion prevention, said current technology can only detect when a hack has already occurred — and even then the breaches usually happen too fast for an early warning.
"Technologically, all we can do is a post-warning system — you've been hacked," he said. "It's instantaneous. It's not like a hurricane or missile coming at you that you can track coming toward you. It's just there."
Chertoff did not say how the government plans to detect and flag computer threats as they sneak into government networks. But he did acknowledge the technical challenge in developing such a system.
"It's going to be hard. It's hard technically. It's hard because to some degree it requires working together," Chertoff said in response to a question. "The fact that something's hard doesn't mean, 'Let's not do it because it's going to be difficult.' It means, `Let's roll up our sleeves and get started.'"
Chertoff said the system would improve upon the government's current tools for analyzing computer threats, which he said are built on "fundamentally a backward-looking architecture" — that is, they scrutinize threats coming into the networks and work backward to identify the nature and source of the attack.
He was referring to the "Einstein Program" run out of the United States Computer Emergency Readiness Team, or US-CERT, a partnership of the homeland security department, other public agencies and private companies. The Einstein program is an automated process for collecting and sharing security information.
U.S. officials have acknowledged that hackers have broken into the networks of at least one government research laboratory and even the Pentagon over the past year and are intensifying their attacks.
A well-targeted attack could cripple financial institutions or air traffic control systems or expose U.S. secrets to enemies.
Chertoff said there are too many openings into government networks for criminals to explore and exploit with viruses or other malicious code.
One of the homeland security department's goals is to winnow the number of Internet access points into government agencies from the thousands that exist today to about 50, Chertoff said. He gave no timetable or details on how the plan would be implemented.
Chertoff's speech focused heavily on his pitch to recruit private-industry security researchers as the government beefs up its cybersecurity staffing.
The government needs to recruit from private industry because many critical networks are operated by private companies and they need each others' expertise, he said.
He did not say how many new cybersecurity jobs the agency wants to fill with private-industry professionals, but he said the initiative is a high priority because the power of the government alone is "insufficient" to fully combat the threat.
"The federal government cannot promise to protect every system or every home computer from attack," he said.