RealTime IT News

Chertoff Calls For Private Sector to Help Secure 'Net

Michael Chertoff
Source: DHS/RSA

SAN FRANCISCO -- Uncle Sam needs you.

While the U.S. government can't be sure what the next big cyber-threats will be and from where they'll come, that isn't stopping the Department of Homeland Security (DHS) from working to develop preventative measures.

But it can't go it alone. In an address here at the RSA security conference, DHS chief Michael Chertoff detailed ongoing cyber-dangers in an effort to lobby for new and deepened partnerships between government and the private sector to head them off.

It's a tall order since, as Chertoff readily conceded, private business is generally focused on profit and less on preventative security investments that might not be needed -- or that might not pay off at all.

But Bob Blakeley, research director in identity and privacy strategies at Burton Group, told InternetNews.com that Chertoff needs to continue to lobby for business involvement.

"You need public funds to protect the infrastructure," Blakeley said. "But the private sector has to have an interest in the country's security. Maybe you need an incentive structure, but it's a very important issue."

Unfortunately for Chertoff, the DHS secretary was preceded by a skeptical warm-up act. During a cryptography panel discussion preceding his talk, one expert questioned whether DHS made smart investments in security.

"Sometimes the United States seems to do just the opposite," said Adi Shamir, a computer science professor at the Weizmann Institute of Science in Israel.

Shamir said a recent New York Times article noted DHS is promoting a $300 million upgrade of fingerprint systems used at airports which scans two fingers, to a more sophisticated one that scans all ten fingers. That system has already been upgraded in a number of airports, according to the report.

Despite such investments, Shamir claimed the payoff has been scarce.

"The track record so far is they've caught about 2,000 people, most of whom were guilty of overstaying their visas" -- that is, not necessarily criminal threats, he said.

"I think if they went to a ten-finger system they'd probably catch one more guy, a very expensive guy," he added, to a chorus of laughs from an audience comprised chiefly of security professionals.

Chertoff didn't mention the fingerprint system in either his prepared remarks or the press conference that followed.

[cob:Pull_Quote]Rather, the he emphasized the size, scope and impact of online threats, which he said could well be on par with the Sept. 11 terrorist attacks.

"We do know there are far-reaching consequences because so much of the world depends on the Internet to conduct activities, both in the public and private sectors," Chertoff said.

As a result, he urged greater cooperation between government and the private industry to share information and develop better, more extensive security solutions.

"The risk of a cyber attack is not the same as managing a transit system or securing borders," Chertoff said. "The government doesn’t own the Internet, thank God, and the federal government can't be everywhere at once ... it can't protect every computer system or home computer from attack."

Unlike past conflicts and periods like the Cold War era -- where the U.S. had a clear idea of who it was fighting -- Chertoff said the rise of the Internet has given equal opportunity for individuals, small groups and nation-states to inflict massage damage on foes.