-
Global Economics
-
Reflections on China from Seat 9B
During the past 20 years, the author has watch China move from being a developing country into an industrial superpower
-
Global Economics
-
Recent
-
Sections
-
-
Companies & Industries
-
Customize Your Chocolate Bar With Bacon and Gold
Money Moves, 5/24: Chocomize Co-Founder Fabian Kaempfer talks with Bloomberg’s Deirdre Bolton about the business of customizing chocolate
-
Companies & Industries
-
Recent
-
Sections
-
-
Politics & Policy
-
Obama's Silencing His Donors' Phones. What's He Hiding?
The president's campaign has a new rule—no cell phones allowed
-
Politics & Policy
-
Recent
-
Sections
-
-
Technology
-
Technology's Forgotten Pioneers
In honor of remote control inventor Eugene Polley, we recognize other influential but neglected inventors who have felt the sting of stolen glory
-
Technology
-
Recent
-
Sections
-
-
Markets & Finance
-
Chia Seeds, Wall Street's Stimulant of Choice
Forget Adderall. Traders now pop chia seeds to stay focused and energized
-
Markets & Finance
-
Recent
-
Sections
-
-
Innovation
-
Ferrari's F70, an Eco-Friendly Supercar
The Italian automaker and others are adding hybrid technology to elite cars
-
Innovation
-
Recent
-
Sections
-
-
Lifestyle
-
The Golden Gate Bridge Turns 75
The storied bridge that links San Francisco and Marin County changed the face of California
-
Lifestyle
-
Recent
-
Sections
-
-
Business Schools
-
Colleges Woo Tech Millionaires-in-Waiting
Schools cultivate ties with startups before they're big successes
-
Business Schools
-
Recent
-
Sections
-
-
Small Business
-
Geeks on a Plane Search for Startups
Dave McClure's traveling venture capital show scours the world for promising startups
-
Small Business
-
Recent
-
Sections
Sponsored by
-
-
Video & Multimedia
-
Slideshows
-
Photo Essays
-
Charts
-
Videos
-
U.S. Cybersecurity Is Weak, GAO Says
(page 2 of 2)
US Director of National Intelligence, John Negroponte walks in the hallways of the Threat Operations Center inside the National Security Agency (NSA) Paul J. Richards/AFP/Getty Images
Story Tools
In one of the report's more critical passages, the GAO finds that US-CERT "lacks a comprehensive baseline understanding of the nation's critical information infrastructure operations, does not monitor all critical infrastructure information systems, does not consistently provide actionable and timely warnings, and lacks the capacity to assist in mitigation and recovery in the event of multiple, simultaneous incidents of national significance."
Homeland Security officials say their difficulties should come as no surprise; it's a huge mission. Says DHS spokesman Laura Keehner: "We are undertaking something not unlike the Manhattan Project. We have set a strong cyber strategy, recently created the National Cyber Security Center, and are in the process of aggressively hiring several hundred analysts to further our mission of securing critical infrastructure. Billions of dollars are going into this effort. We're the first to admit there is more work to be done; we are focused on collaborating with the private sector—which owns the vast majority of this country's critical infrastructure—to mitigate threats."
Ready to "Ramp Up"
The Homeland Security Dept.'s top official overseeing national cybersecurity efforts, Robert Jamison, seems to agree with at least some of the shortcomings. "We need comprehensive, consistent intrusion detection," Jamison told a network security industry group on Sept. 15. He told members of the Information Technology Assn. of America that more also needed to be done to protect the networks of corporations, and urged people to apply for jobs to "help us ramp up and meet the challenges."
In January 2008, President Bush signed directives launching an expensive and theoretically expansive national cybersecurity initiative. Many of its provisions are classified, but BusinessWeek detailed the main points in April (BusinessWeek, 4/10/08).
Central to the realization of the plan to bolster national security in cyberspace: A more powerful US-CERT.
Actions Are Inadequate
For the government, one cornerstone of the effort is supposed to be creation of a real-time intrusion detection monitoring system throughout the government, with the moniker "Einstein." The idea: to make everything, every piece of data, every attempted entry, or removal of data, visible to the team of monitors at US-CERT.
But the GAO draft report says that the weaknesses in the security effort are so significant that building tools such as Einstein or hiring 80 new cyber-analysts may not be sufficient. "It is unclear whether these actions will help US-CERT—or whatever organizational structure is ultimately charged with coordinating national cyber-analysis and warning efforts—achieve the objectives" of the national cybersecurity initiative, the report says.
Concludes the GAO: Homeland Security's actions to address US-CERT's weaknesses "have not been adequate."
Weak Warning Capabilities
Homeland Security, in a July 3 response that is part of the draft GAO report, agreed with many of the GAO's conclusions but said it was making improvements. An expanded program known as "Einstein 2," it said, will help US-CERT "maintain situational awareness" around the clock. "Einstein 2 will alert when specific malicious network activity is detected and provide US-CERT with increased insight into the nature of that activity."
At the same time, Homeland Security, in its response, took issue with criticism that its warnings came too late. "We do not agree with the report's repeated description of US-CERT's warnings and notifications are 'not consistently actionable or timely,'" wrote Jerald Levine, director of a division of the office of the Homeland Security Dept. inspector general.
Among GAO's criticisms were "a number of newly identified and ongoing challenges that impede it from fully implementing the key attributes and in turn establishing cyber-analysis and warning capabilities essential to coordinating the national effort to prepare for, prevent, and respond to cyberthreats."
Advising the Next President
The GAO isn't the only critic of the nation's existing cyberdefenses. Lewis is part of an independent commission created to make recommendations on computer security for the next President. "Cybersecurity is now one of the most important national security challenges facing the U.S.," he says, according to his prepared Congressional testimony. "This is not some hypothetical catastrophe. We are under attack and taking damage." Despite a Bush Administration cybersecurity initiative, adds Lewis, "the U.S. is not organized and lacks a coherent national strategy" for addressing cyberthreats.
The commission has concluded that "none of the existing cybersecurity structures are adequate," Lewis says, according to his testimony, including "central problems in the current federal organization for cybersecurity." "Much of the problem," Lewis goes on, "resides with the performance and capabilities of the Department of Homeland Security."
Recommendations of the bipartisan commission, whose members include corporate executives, members of Congress, scientists, network security experts, and military and national security officials, are to be made public in November. Lewis is to testify before the House Committee on Homeland Security's subcommittee on emerging threats, cybersecurity, and science and technology.
Epstein is a correspondent in BusinessWeek's Washington bureau.
Most Popular Stories
- Three Types of People to Fire Immediately
- Lego Is for Girls
- Google's Spreading Tentacles of Influence
- Gatorade Goes Back to the Lab
- Impress Potential Investors in 12 Steps
- Three Types of People to Fire Immediately
- Which Is America's Best City?
- Lego Is for Girls
- Top B-School Stories of 2011
- Professional Women and a Secure Retirement
