Testimony: Hackers Better Organized Than Government

But DHS Official Says Foundation Exists to Battle Attackers
Testimony: Hackers Better Organized Than Government
Hackers are better organized to attack critical government and business IT systems than the government and business are structured to defend their cyber assets, the Department of Homeland Security's top cybersecurity official told a Senate panel Monday.

"Hackers, in some way, have remained better in information sharing than we in government have been, so that's an area of growth for us," Philip Reitinger, DHS deputy undersecretary, National Protection and Programs Directorate, told the Senate Committee on Homeland Security and Governmental Affairs, which held a hearing on protecting industry against growing cyber threats.

(Click here to read story about Heartland Payment Systems CEO's testimony before the committee.)

Another witness from DHS, Assistant Director Michael Merritt of the Secret Service's Office of Investigations, explained that using so-called carding portals - sort of a Craig's List for cyber attackers - criminals link up anonymously, exchanging hacking tools and information such as stolen credit card numbers. Unlike traditional families of organized criminals, Merritt said, teams of virtual criminals are a loose hierarchy in which members don't know one another; a hacker in the Ukraine can buy stolen credit card numbers from someone in the Baltic through a carding site anonymously. With anonymity, he said, it's laborious to identify these criminals.

Despite the challenges, Reitinger said government and business are partnering to come up with solutions to battle cyber criminals. He cited work on new ways to authenticate users without requiring a username or password, noting it's hard to steal personal identifiable information if usernames aren't employed to access systems.

As part of his job, Reitinger heads DHS's National Cybersecurity Division - charged with safeguarding federal communications networks - and he testified that the unit plans to more than double its payroll, to 260 from 111 people, in the coming year. "That's a heavy lift in government," he said.

Reitinger said unlike in the past, when the government would invite business participation after it developed policy to protect private-sector cyber assets, it included business participation at the get-go to create National Incident Cyber Response plan.

"I've seen incredible commitment from people in both the private sector and public sector," Reitinger testified. "I believe we have a real opportunity here. ... We built the framework to work together. Now we need to drive toward outcomes. We need to worry less about having a partnership and more that we can achieve with the partnership."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.