RSA 2008: US government to cut internet access points

The US Federal Government is to cut its access points to the internet from more than 4,000 to 50 in an effort to reduce its exposure to malware attacks,...

The US Federal Government is to cut its access points to the internet from more than 4,000 to 50 in an effort to reduce its exposure to malware attacks, the Secretary of Homeland Security Michael Chertoff told RSA delegates this week.

However, this still leaves exposed the vast majority of America's critical national infrastructure (CNI), which is owned and run by the private sector, said Chertoff. This means the government needs the private sector's help to protect the US.

The ability to defend the CNI was tested in the Cyber Storm 2 exercise in March. Greg Garcia, assistant secretary in the department, told a town hall meeting at RSA this involved 18 federal departments, several states, five countries (including the UK) and 40 private firms in a simulated attack on the CNI.

The exercise, 18 months in the planning, was valuable for the relationships created in the run-up. Garcia said one thing to emerge was how dependent users' organisations are on their suppliers in an emergency. A spokesman for Dow Chemical, one of the private sector members, said, "Our suppliers would still be our first port of call before we escalated it to our industry representatives (for response co-ordination)."

Garcia did not provide details of the exercise, saying a full report would be published in late summer. However, responding to a question from the floor he revealed that it did not involve an active "Red Team attack". This meant the attack was static and could not respond to countermeasures, said a source involved in the exercise, who asked not to be named because of non-disclosure agreements.

He said Cyber Storm 2 tested responses to the simulated theft of an identity and credentials that allowed a hacker to infiltrate a secure part of the CNI and take it down. At the same time, a DDoS attack on another part of the CNI distracted attention from the main attack.

"It was a good learning experience," he said.

"At least you know who to call if it all hits the fan. But it's not real life."

RSA Conference 2008 round-up: Reports from RSA USA >>

US federal government lacks confidence in IT security >>



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...