TRENDING:

Testimony: Hackers Better Organized Than Government

But DHS Official Says Foundation Exists to Battle Attackers Eric Chabrow (GovInfoSecurity) • September 14, 2009    
Testimony: Hackers Better Organized Than Government
Hackers are better organized to attack critical government and business IT systems than the government and business are structured to defend their cyber assets, the Department of Homeland Security's top cybersecurity official told a Senate panel Monday.

"Hackers, in some way, have remained better in information sharing than we in government have been, so that's an area of growth for us," Philip Reitinger, DHS deputy undersecretary, National Protection and Programs Directorate, told the Senate Committee on Homeland Security and Governmental Affairs, which held a hearing on protecting industry against growing cyber threats.

(Click here to read story about Heartland Payment Systems CEO's testimony before the committee.)

Another witness from DHS, Assistant Director Michael Merritt of the Secret Service's Office of Investigations, explained that using so-called carding portals - sort of a Craig's List for cyber attackers - criminals link up anonymously, exchanging hacking tools and information such as stolen credit card numbers. Unlike traditional families of organized criminals, Merritt said, teams of virtual criminals are a loose hierarchy in which members don't know one another; a hacker in the Ukraine can buy stolen credit card numbers from someone in the Baltic through a carding site anonymously. With anonymity, he said, it's laborious to identify these criminals.

Despite the challenges, Reitinger said government and business are partnering to come up with solutions to battle cyber criminals. He cited work on new ways to authenticate users without requiring a username or password, noting it's hard to steal personal identifiable information if usernames aren't employed to access systems.

As part of his job, Reitinger heads DHS's National Cybersecurity Division - charged with safeguarding federal communications networks - and he testified that the unit plans to more than double its payroll, to 260 from 111 people, in the coming year. "That's a heavy lift in government," he said.

Reitinger said unlike in the past, when the government would invite business participation after it developed policy to protect private-sector cyber assets, it included business participation at the get-go to create National Incident Cyber Response plan.

"I've seen incredible commitment from people in both the private sector and public sector," Reitinger testified. "I believe we have a real opportunity here. ... We built the framework to work together. Now we need to drive toward outcomes. We need to worry less about having a partnership and more that we can achieve with the partnership."

Previous
Heartland on Defense at Senate Hearing
Next
New Report: Cyber Attacks Exploit 2 Vulnerabilities

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.