Security

What should a "Manhattan Project" for network security look like?

Michael Chertoff, the Secretary of Homeland Security, delivered the keynote at the RSA security conference. In his speech, he stressed the need to create a "Manhattan Project" for computer security. He brought up the recent attacks on Estonia, which led to a government shutdown for a short time, as an example of how much damage can be wrought by hacker attacks.

Security has been the focus of the past few days as the RSA security conference has been underway. The keynote speech was delivered by Michael Chertoff, the Secretary of Homeland Security, and in his speech, he stressed the need to create a "Manhattan Project" for computer security. The Secretary brought up the recent attacks on Estonia, which led to a government shutdown for a short time, as an example of how much damage can be wrought by hacker attacks.

Chertoff Describes 'Manhattan Project' for Cyber-defenses (eWeek) Any such effort will have to include a boatload of training, but not just for the security professionals who do the actual work involved in preventing and detecting attacks. Based on the statistics in Symantec's latest Internet security threat report, the average computer user is the biggest threat to network security. In years past, a user had to visit a malicious Web site to run the biggest risk of getting infected with malware, but hackers are getting more inventive and have started compromising legitimate Web sites  in order to distribute their code. Who trumps bin Laden as a cyberthreat? Look in the mirror (News.com) Compromised legit sites power hack attacks (The Register) Symantec's report hits close to home, as I work in education, which was singled out by the report as the source for 24% of data breaches that could result in identity theft. I have long known the value of educating my users, as the statistics I read back in the '90s indicated that a well-trained user was six times less likely to accidentally damage their computer or compromise security. I rather suspect that training users would have a beneficial long-term effect as they would be another line of defense to add to the firewalls and IDS/IPS systems already on corporate networks. What do you think should be included in a "Manhattan Project" for network security?
6 comments
sczerno
sczerno

Manhattan project? You mean the project where they developed the first Atomic Bomb? What was the quote from War Games? "A strange game. The only winning move is not to play." How does that relate to network security? Don't have a network or a network that does not connect to a public network?

robo_dev
robo_dev

Voldemort, I mean Chertoff's point was that while the atom bomb was an offensive weapon, his Powerpoint presentation, I mean plan, will be the ultimate defensive weapon. I'm sure with the support of Ted Stevens, he'll get the Internets locked up tight. Now take a big swig of coffee and swallow it, before you read the next paragraph: (I don't want you to do a take-spit all over your keyboard, or inhale your coffee... Ready? In January, President Bush took the next step -- he signed a directive launching the National Strategy to Secure Cyberspace, which gave the Department of Homeland Security (DHS) the green light to strengthen computer security in Federal IT installations, which have frequently failed audits conducted by the Government Accountability Office (GAO). So here it is, 2008...and our prez is 'launching a strategy to secure Cyberspace'????? We're doomed. Scuse me while I go unplug my router.... http://www.technewsworld.com/story/Chertoff-on-Cybersecurity-Reverse-Manhattan-Project-Needed-62517.html

michaeloconnell3
michaeloconnell3

I agree with Andy Moon for one point key survival here is built on end user training not just IT field personnel. As for the statistic stating "the united states has the most bot infected computers" i would like to see some numbers of what computer versus population looks like for other countries not only the U.S. to weigh out that factor. I believe that in order to restructure the united states the way it should be done it will take over 20 years ? any comments?

Andy J. Moon
Andy J. Moon

Training would be first on my list as end users can be an extremely valuable resource in combatting malicious code. This is becoming a little less true as years ago, a user had to visit a malicious website or download freeware to run the biggest risk of infection. These days, the hackers are spreading their code using compromised legitimate sites, leading to the United States holding the dubious title of "Country with the most botnet infected computers." What would you do if you were in charge of the "Manhattan Project" that Chertoff described?

catseverywhere
catseverywhere

I'll tell you the first thing I would NOT have in a Manhattan project: MICHAEL CHERTOFF!! (aka "skelletor") I think the man is pure evil. I firmly believe anything he'd facilitate would be increased ability to surveil the American people. As for security, the end user really should know a lot more about what makes their systems tick. That's a tall order, I'd estimate 80% would have a serious aversion to learning what they would need to know to remain safe.

Jaqui
Jaqui

include the right to execute with extreme prejudice anyone who breaches security. kill the dumb@$$es off, improve security by improving the average IQ.