In a meeting yesterday that comes as DHS kicks off its first National Cyber Security Awareness Month, Secretary Chertoff responded to a range of questions from a group of invited homeland security bloggers. The discussion focused on the Department of Homeland Security’s cyber security initiatives.
I asked about governance issues, budget priorities, and the gradual shift from passive defense to “active defense” in the Department’s role in dealing with cyber threats to the .gov environment.
Chertoff explained that “from our standpoint in the next year, the $350 million in the FY 09 appropriations for DHS cyber programs is actually slightly more than we requested. And what we’re doing is we’re building the basic infrastructure.”
That basic infrastructure includes the following:
• Deploying Einstein 2.0
• Equipment, personnel (recruiting over 100 programmers and operators of Einstein.)
• Additional space, leasing various utilities.
• DHS monetary contribution to support of the Cyber Security Center, which is in the process of standing up.
In the future, Chertoff references DHS plans to “get our control over the .gov domain.” He explained that “every 45 days we are reducing by half and consolidating the number of Internet connections [to the Internet from the federal computer networks.] According to the Secretary, DHS plans to consolidate federal Internet connections “from what started at as a thousand and we hope will be in the neighborhood of a hundred or two.”
This will enable more effective deployment of the DHS cyber security program called Einstein 2.0, which is designed to obtain “real time detection warning,” Chertoff said. The intention here would be to provide characterization of cyber intrusions or other threats as they occur so that an immediate response can be executed to counter the attack in some way. It is unclear if DHS also is responsible for the countermeasures.
I asked about another program he mentioned in a separate discussion that he called Einstein 3.0, which would be shifting us even further down the spectrum from defense to offense.
Chertoff responded by saying that “we are taking our Einstein 1.0, which is our current detection tool, we are now upgrading it to Einstein 2.0 and testing it out, and we’re also in the process of looking at turning it from a passive detection to an active detection device, active meaning that we would have the ability to actually stop an attack as opposed to merely warn about an attack.
No, it’s still defense. It’s just a blocking capability. In other words, what 2.0 does is if I know malicious code is coming in, it enables me to give a real time warning. Someone described it the other day to me; it’s like a traffic cop sitting on the highway seeing people speed and he can immediately call in and say someone with license plate XYZ is speeding, and give warning down there.
3.0 would allow the traffic cop to make the arrest right on the spot.
It would be when you detected the attack, you would stop it cold.
I’ll update this post later today with more from the exchange. Other bloggers in attendance included I’ll update this post later today with more from the exchange. Other bloggers in attendance included Ben Bain with Federal Computer Week, Jeff Fox from ConsumerReports, Jena McNeill with the Heritage Foundation, Julian Sanchez from ArsTechnica, Jeff Stein from Congressional Quarterly, and John Solomon from In Case of Emergency Blog. Full transcript can be found here.