On Crime & Security
Government, private industry and individuals all face a growing threat from cyber attacks. The attacks can come from foreign countries, terrorists, criminal groups or individual hackers.
The cyber attacks can steal government and private information, cause damage to our computer systems, create disruptions, deny service and shut down our power grids nationwide.
In recognition of the growing threat, government and private industry are both working towards a better defense of our vital computer systems.
On October 30th the Department of Homeland Security (DHS) Secretary, Janet Napolitano, opened the new state-of-the-art National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Virginia.
According to DHS, the 24-hour, DHS-led coordinated watch and warning center will improve national efforts to address threats and incidents affecting the nation's critical information technology and cyber infrastructure.
"Securing America's cyber infrastructure requires a coordinated and flexible system to detect threats and communicate protective measures to our federal, state, local, and private sector partners and the public," Napolitano said at the ceremony. "Consolidating our cyber and communications operations centers within the NCCIC will enhance our ability to effectively mitigate risks and respond to threats."
The DHS claims the new center will provide an integrated incident response facility to mitigate risks that could disrupt or degrade critical information technology functions and services, while allowing for flexibility in handling traditional voice and more modern data networks.
The new unified operations center combines two of DHS' operational organizations: the U.S. Computer Emergency Readiness Team (US-CERT), which leads a public-private partnership to protect and defend the nation's cyber infrastructure; and the National Coordinating Center for Telecommunications (NCC), the operational arm of the National Communications System.
In addition, the NCCIC will integrate the efforts of the National Cybersecurity Center (NCSC), which coordinates operations among the six largest federal cyber centers; the DHS Office of Intelligence and Analysis and private sector partners.
The ribbon-cutting ceremony on the 30th marked the culmination of National Cybersecurity Awareness Month, which intended to highlight the shared responsibility among all individuals, the private sector and state, local and federal partners to counter the threat of cyber attacks.
The Defense Department, where I did security work for more than 37 years, also recognizes the growing cyber threat. The Defense Secretary, Robert M. Gates, signed a memo last June that established a subcommand focused on cyber security.
“This is not some sort of new and necessarily different authorities that have been granted,” Pentagon spokesman Geoff Morrell told reporters at the memo signing. “This is about trying to figure out how we, within this department, within the United States military, can better coordinate the day-to-day defense, protection and operation of the department's computer networks.”
Morrell called the standup of the Cyber Command an internal reorganization that will consolidate and streamline its cyber capabilities within a single command. Morrell also emphasized that the effort in no way represented any attempt to “militarize” cyberspace or take over the responsibility for defending civilian networks. That responsibility, Morrell noted, falls to the DHS.
“This is part of a holistic, government-wide effort to better organize and situate ourselves to deal with this very real threat,” he said. “And it is a complement to efforts that are taking place elsewhere within the United States government.”
The Defense Department offers some good, common-sense advice that I’d like to pass on:
- Always know who you are dealing with online. Do not open unsolicited e-mails or go to Web sites that look "off. Check the domain identifier. Some shady sites use the name of actual sites, but with a different identifier – a dot-com rather than a dot.gov.
- Keep Web browsers and operating systems up to date.
- Back up important files to CDs, thumb drives or external hard drives at least once a month.
- Protect your children online. The media are full of stories about predators who haunt the Internet. In addition, some sites are inappropriate for children to view. Officials recommend using parental controls.
- Use security software tools as your first line of defense. Many companies specialize in cyber security software, and people should buy one and keep it up to date. One hopeful development in the research world is that researchers writing new software often do that with security in mind.
- Use strong passwords or strong authentication technology to help protect personal information. Even after much emphasis over the years on security, the most common password still is "password." Most security officials recommend passwords with combinations of numbers, capital and lowercase letters and special characters. Other verification procedures include fingerprints and retina scans, though they can be expensive. And though it should go without saying, don't write down your password and put it on a note next to your computer.
- Learn what to do if something goes wrong. Even if you are careful, your computer could be compromised. What now? One answer is to call the company that makes your security software, or the place you bought the computer. Or you can call one of the myriad groups that troubleshoot computers. Keep the phone numbers for your security software's manufacturer and the place where you bought your computer somewhere safe. They don't do any good sitting on your C drive if something goes wrong.
Last month was National Cybersecurity Awareness Month, but every business person and individual should think about cyber security every day.