U.S. Slow on Stepping Up Its Cyber Security Measures

The United States government has made some progress toward improving cyber-security efforts, but it will take several more years for the government to fully install high-tech systems to block computer intrusions, according to an Associated Press report.

The National Cyber Security Division of the Department of Homeland Security has identified what it terms “two overarching objectives”:

• To build and maintain an effective national cyberspace response system; and
• To implement a cyber-risk management program for protection of critical infrastructure.

However, the AP’s report suggests that as the DHS “moves methodically to pare down and secure the approximately 2,400 network connections used every day by millions of federal workers, experts suggest that technology already may be passing them by.”

The report said that the department that’s responsible for securing government systems other than military sites is “slowly” moving all the government’s Internet and e-mail traffic into secure networks that will eventually “be guarded by intrusion detection and prevention programs.”

Progress has been slow, however. Officials are trying to complete complex contracts with network vendors, work out technology issues and address privacy concerns involving how the monitoring will affect employees and public citizens.

According to the AP, the WikiLeaks release of more than a quarter-million sensitive diplomatic documents underscores the massive challenge ahead, as Homeland Security labors to build protections for all of the other, potentially more vulnerable U.S. agencies.

“This is a continuing arms race and we’re still way behind,” Stewart Baker, former Homeland Security undersecretary for policy, told the Associated Press.

Officials believe the sensitive documents were stolen from secure Pentagon computer networks by an Army intelligence analyst.

“WikiLeaks has far deeper consequences, but whether the players are highbrow or lowbrow, a great deal of collaborative activity can be quickly undone by a handful of clever and determined people,” TechZone360 contributor Jon Arrnold reported last week.

 “There are very few private sector actors who depend on information security who think that installing intrusion prevention systems is sufficient protection against the kinds of attacks that we’re seeing,” Baker added.