[ISN] Purdy: DHS will ramp up cybersecurity

InfoSec News isn at c4i.org
Thu Sep 29 00:27:45 EDT 2005 

http://www.washingtontechnology.com/news/1_1/daily_news/27084-1.html

By Alice Lipowicz
Staff Writer
09/28/05

The Homeland Security Department has drafted a set of key scenarios 
for possible cyberattacks against the Internet and critical IT 
systems, and is seeking comments from the private sector on how to 
best prepare and respond to such attacks, according to Andy Purdy, 
acting director of DHS' National Cybersecurity Division. 

DHS officials and the White House also are putting the finishing 
touches on a new national cybersecurity research and development plan, 
Purdy said earlier this week at a seminar on Capitol Hill. The event 
was sponsored by Nortel Networks Corp., a global telecommunications 
equipment manufacturer based in Brampton, Ontario. 

"At DHS we recognize the importance of cybersecurity risks and we are 
energized by that risk," Purdy said. 

Homeland Security Secretary Michael Chertoff also is preparing to name 
an assistant secretary for cybersecurity and telecommunications, he 
said. 

Purdy outlined several initiatives undertaken by his division to 
bolster cybersecurity and to prepare for a national cyberattack 
exercise known as Cyber Storm in November. 

As part of their planning for disaster recovery for IT systems, DHS 
officials are looking at key dependency elements, such as maintaining 
adequate electrical power supplies, as critical parts of the recovery, 
Purdy said. 

The department is working with advisers to prepare plans for 
maintaining Internet operation following a catastrophe, and also 
focusing on Internet-based control and process systems, which are IT 
systems that control the daily operations and interrelations of many 
plants and utilities. 

"Control and process systems are one of our major priority 
efforts - it's a huge challenge and a significant cybersecurity risk," 
Purdy added. 

DHS also is meeting with software industry groups to promote shared 
responsibility for cybersecurity. "It's not just the responsibility of 
end users. The hardware and software makers need to do a better job to 
reduce vulnerabilities so we can all be safer," he said. For example, 
the industry needs to develop tools to make sure that software does 
not include secret back doors and malicious code, he said. 

Also at the event, Nortel CEO Bill Owens warned that a catastrophic 
cyberattack against the Internet could create a "virtual [Hurricane] 
Katrina" that would reverberate throughout the U.S. economy. 

Owens said the growing threat over the next two or three years is 
coming from new viruses that may attack wireless devices and mobile 
phones, which can then infect broadband networks, government computers 
and mission-critical IT systems. He said China, India and South Korea 
take the risks more seriously than does the United States. 

"I am frightened as hell about this issue of cybersecurity because we 
see it in spades around the world," Owens said.

More information about the ISN mailing list