Homeland Security Conference Looks At Protecting Physical and Virtual Borders

AFCEA's 9th Annual Homeland Security Conference kicked off yesterday morning with a panel session focused on cybersecurity issues. The panelists highlighted a variety of ongoing federal initiatives to defend the nation's critical infrastructure from cyberattacks and discussed some of the new threats developing in cyberspace. Representing the Department of Homeland Security (DHS), Bruce McConnell, counselor to the National Protection and Programs Directorate (NPPD) Deputy Under Secretary, outlined several efforts being undertaken by the department. The DHS initiatives included the first-ever Quadrennial Homeland Security Review, which outlined the current state of the nation's cyberdefenses and the threats presented by a variety of state and nonstate actors. Another DHS effort is the creation a national cybersecurity response plan (NCSRP) involving federal, state, local and tribal governments to coordinate response to major cyber incidents. One of the challenges of cybersecurity is that criminals and spies exploit weaknesses in software and hardware systems, explained Steve Chabinsky, deputy assistant director of the Federal Bureau of Investigation's (FBI's) Cyber Division. Describing the current situation as "the golden age of espionage," he explained that chief information officers should consider their networks as contested territory because of the threat of infiltration and compromise. Chabinsky outlined several threat vectors used to access government networks, including vulnerabilities in the supply chain for hardware and software that can allow Trojan horses and other malicious programs to be planted ahead of time. The FBI is also looking out for the human component, people who willingly or unsuspectingly allow outsiders access to secure networks by using infected portable memory devices such as thumb drives or iPods and MP3 players. In the case of the music recorders, Chabinsky explains that users were charging the devices through their computer's USB ports, which was convenient but also allowed malware residing in the players to enter government computers. One governmentwide effort to coordinate responses to cyberthreats is the Information Security and Identity Management Committee (ISIMC) of the Federal CIO Council. Van Hitch, CIO at the Department of Justice, and Cyber Security Committee Chair for the CIO Council, outlined the committee's work, which is working to coordinate federal government cybersecurity issues by helping CIO's improve individual agency cybersecurity approaches and promoting collaboration with other major groups such as the DHS and the National Institute of Standards and Technology. ISIMC has developed a tool called Cyberscope, which allows the government to collect data from federal agencies to analyze security compliance under the Federal Information Security Management Act (FISMA). Hitch notes that 108 agencies now use Cyberscope to submit FISMA data to the Office of Management and Budget. He added that the council's next goal was to develop Cyberscope into a real time compliance measuring tool.