Hand-to-Keyboard Combat

The White House gets a new Internet-security division

On the eve of Election Day, Americans are busy debating the issues, everything from health care and the economy to the war in Iraq and global warming. But there’s a vital issue few citizens or politicians seem to be talking much about, though they should be: cyber-security.

By all credible accounts, attacks against government computers worldwide are escalating at an alarming rate. According to the Office of Management and Budget, there were nearly 13,000 “incidents” reported to the Department of Homeland Security’s cyber-response center last year, more than twice the amount reported the previous year.

In one attack, the Pentagon was forced to take an estimated 1,500 computers temporarily offline after a sophisticated cyber-assault compromised an e-mail system. In another attack, Oak Ridge National Laboratory saw its security breached in what is believed to be a coordinated effort to target several national laboratories and other institutions. And then there’s the string of attacks against the Republic of Georgia’s cyber-infrastructure, culminating in a massive barrage that overloaded and eventually crippled the country’s servers in August. Although the Russian government officially denied responsibility for the attacks, assigning blame to individuals working on their own, security experts view the incident as the first known instance of a cyber-offensive coordinated with ground combat.

The Russian ground assault in Georgia

Now, in a quiet effort to bolster countermeasures against such cyber-terrorism, the Department of Homeland Security has launched the National Cyber Security Center (NCSC), part of the semi-classified, $17-billion Comprehensive National Cybersecurity Initiative (CNCI) formed by presidential directive in January to secure government computer systems — and later, as the initiative develops, sensitive civilian networks — from cyber-intrusions.

The NCSC’s mission is to monitor, analyze, and distribute data related to threats on government networks. In very broad terms, the objective is to provide better situational awareness for those on the frontlines of the cyber-battlefield and to act as a central hub for interagency information-sharing, unifying the alphabet soup of government agencies in warding off attacks.

Heading the NCSC is Rod Beckstrom, a former Silicon Valley entrepreneur who co-founded TWiki.net, which sells open-source collaboration software to businesses. Beckstrom, who co-authored the best-selling management book The Starfish and the Spider, is an unlikely fit with Washington’s bureaucracy. His book proposes a decentralized management model — perhaps just what the federal government’s innumerable agencies, bureaus and departments need.

The official Web site of the Georgian government was defaced last August

André M. DiMino, the co-founder and director of the Shadowserver Foundation, a nonprofit group of volunteer security professionals who identified the server at the heart of the Georgia attacks, calls the new agency “a step in the right direction.” He says the government should initiate a standard way to handle attacks and respond faster to increasingly sophisticated hacker tools. As an example, he points to the use of a recently developed technique called Fast Flux in which hijacked computers, called zombies, set up a shell game of constantly changing fake IP addresses. Using this method, an attack can come from one source and then another just a few minutes later, making them hard to block and trace.

While Beckstrom and his team are forging a unified front against cyber- terrorism, other arms of the CNCI will work toward reducing the number of federal Internet portals from an estimated 4,000 to fewer than 100, expanding a cyber-emergency-readiness team, creating a secure operating system for government computers, and developing a computer-monitoring system designed to look for security lapses.

DiMino applauds such efforts but hopes for more. “There’s always room for improvement,” he says.