Testimony: Hackers Better Organized Than GovernmentBut DHS Official Says Foundation Exists to Battle Attackers
"Hackers, in some way, have remained better in information sharing than we in government have been, so that's an area of growth for us," Philip Reitinger, DHS deputy undersecretary, National Protection and Programs Directorate, told the Senate Committee on Homeland Security and Governmental Affairs, which held a hearing on protecting industry against growing cyber threats.
(Click here to read story about Heartland Payment Systems CEO's testimony before the committee.)
Another witness from DHS, Assistant Director Michael Merritt of the Secret Service's Office of Investigations, explained that using so-called carding portals - sort of a Craig's List for cyber attackers - criminals link up anonymously, exchanging hacking tools and information such as stolen credit card numbers. Unlike traditional families of organized criminals, Merritt said, teams of virtual criminals are a loose hierarchy in which members don't know one another; a hacker in the Ukraine can buy stolen credit card numbers from someone in the Baltic through a carding site anonymously. With anonymity, he said, it's laborious to identify these criminals.
Despite the challenges, Reitinger said government and business are partnering to come up with solutions to battle cyber criminals. He cited work on new ways to authenticate users without requiring a username or password, noting it's hard to steal personal identifiable information if usernames aren't employed to access systems.
As part of his job, Reitinger heads DHS's National Cybersecurity Division - charged with safeguarding federal communications networks - and he testified that the unit plans to more than double its payroll, to 260 from 111 people, in the coming year. "That's a heavy lift in government," he said.
Reitinger said unlike in the past, when the government would invite business participation after it developed policy to protect private-sector cyber assets, it included business participation at the get-go to create National Incident Cyber Response plan.
"I've seen incredible commitment from people in both the private sector and public sector," Reitinger testified. "I believe we have a real opportunity here. ... We built the framework to work together. Now we need to drive toward outcomes. We need to worry less about having a partnership and more that we can achieve with the partnership."