Chertoff Says Major Effort Under Way on Computer Security

SAN FRANCISCO — The Homeland Security Department has launched an overhaul of the government's computer security efforts "almost ... like a Manhattan Project" in response to concerns that the nation's Internet system is vulnerable to hackers and online terrorists, Secretary Michael Chertoff said Tuesday.

At a computer security conference here, Chertoff said the government has made some strides in making its computer networks more secure since his department was created five years ago.

But with threats constantly evolving and computer networks becoming increasingly important, the government must take steps comparable to the crash World War II effort to create the atomic bomb, he acknowledged.

"The time has come to take a quantum leap forward, to really engage in what I'd call a game-changer in how we deal with (cyber) attacks," Chertoff told attendees at a computer security conference here.

A Government Accountability Office report last month found that computer security problems are common — and growing — throughout federal agencies. According to the report, software used by government agencies contain as many as 29,000 security vulnerabilities that could allow a hacker to compromise government computers.

Meanwhile, the number of computer attacks and related incidents reported by government agencies has soared by nearly 260 percent in the last three years, according to the GAO.

Tuesday, Chertoff said DHS is developing a new "early warning" system that could identify cyber attacks before they could happen. Such a system, he said, could eventually be used by private companies and consumers as well.

In addition to other classified moves, DHS also is trying to dramatically reduce the number of internal access points to critical government computer networks, from about 4,000 to about 50.

To pay for the changes, DHS is planning to spend $115 million on cyber security initiatives this fiscal year, Chertoff said. The department is requesting another $109 million for cyber security next year.

"We've put some real money into this, and we're asking for more," he said in a meeting with reporters.

Still, some say the government isn't doing enough or getting enough resources given the potential economic consequences of a major cyber attack.

"Why can we keep the bad stuff out of our ports, and packages off of airplanes, but we can't keep the bad stuff out of the Internet?" Chris Rouland, chief technology officer of Atlanta-based Internet Security Systems said in an interview last week. Rouland is one of several private computer security executives scheduled to meet with Chertoff during the RSA security conference here.

Earlier Tuesday at the conference, Business Software Alliance president Robert Holleyman urged Congress to pass new laws to make it easier to find and prosecute cyber criminals and to provide more money for federal cyber crime investigators.

"We must expand our available tools to combat this serious, growing threat," Holleyman said in prepared remarks. "Oftentimes our security officials are outmanned by these criminals, so we are looking to Congress to pass legislation that provides law enforcement officials with the necessary tools to fight cyber crime."