A National Security Agency spokesperson said that the United States must adopt a proactive approach to protecting its newest national security asset—it’s cyber infrastructure—at the Fordham/FBI International Conference on Cyber Security Thursday.
Sandra Stanar-Johnson, deputy special assistant to the director of NSA/Central Security Service, outlined the goals for the 2008 Comprehensive National Cyber Security Initiative (CNCI) created by President Bush to unify governmental agencies in the war on cyber crime and terrorism.
Stanar-Johnson said that, in the past year, U.S. computer emergency response teams have reported a 55 percent increase in Internet intrusions to the nation’s computer systems.
“That’s huge,” she said. “The U.S. is facing the most serious economic and national challenge of the 21st century—threats to our economy, and to our national security are now being addressed by the highest levels of our government.
“Information is a strategic asset because the business of America is conducted on the net,” Stanar-Johnson continued. “We are being exploited now and if that exploitation continues at this rate we could lose our strategic, technological, economic and military advantage.”
The CNCI brings together 22 federal departments and agencies to create an integrated response to cyber intrusions threatening national security. It is reported to be the single largest funding request within the intelligence budget for fiscal year 2009. Stanar-Johnson acknowledged that much of the CNCI’s directives remains classified, but outlined the initiative’s broader goals. They are:
—Develop a front line of defense to prevent intrusions. The CNCI is working to cut down the number of Trusted Internet Connections (TIC) from federal agencies to outside networks, reported to be up to 4,000, to less than 100 connections; the more connections within a network, the larger the chances of a breach.
—Defend the nation against a full spectrum of threats, which includes insider threats and a rise in social network engineering abuse and vendor breaches. The CNCI will increase security of classified networks, develop cryptanalysis and revamp various agencies’ procurement processes with vendors.
—Shape the nation’s cyber environment to ensure a U.S. advantage in cyberspace, and an environment that no longer “favors the cyber attacker,” Stanar-John said. The government funds 86 Centers for Excellence in information science at universities and is investing in research in game-changing technologies.
“We can’t be tactical and reactionary,” said Stanar-Johnson. “We want to be out front. We are going to see it coming.”
Stanar-Johnson also stressed the CNCI’s commitment to protecting the privacy and civil liberties of all Americans. “This effort is not about sitting on the Internet like in some other countries and controlling what people see,” she said. All federal agencies would work together to maintain legal forms of protection, she said..
Besides the NSA, agencies involved in the initiative include the Department of Homeland Security, CIA, FBI, Department of Justice, Department of Energy, Department of State and National Intelligence Agency.
The need for increased U.S. vigilance and defense capabilities in cyberspace was reinforced later that day in a session led by James J. Barlow of the National Center for Supercomputing Applications (NCSA).
Barlow, the director of security operations and incident response at NCSA, detailed how a 16-year-old Swedish boy hacked into the TeraGrid—a network of 11 supercomputing sites across the United States.
Within a week of the hacker making his first access in March 2004, the NCSA contacted the FBI to ask for help. The attacks on TeraGrid were part of a wide network of compromised machines that the hacker was using to collect data such as personal information, account numbers and passwords.
The NCSA began a manual traceback, a time-consuming and lengthy process to find the hacker’s original machine and, therefore, his location and identity, Barlow said. The process, in effect, turns the hunter into the hunted.
After following the path of compromised machines to several sites in the United States, then to computers in countries including France and Croatia, the NCSA team discovered the hacker was a Swedish 16 year old. Barlow said that the FBI’s relationships with international law enforcement agencies were crucial to completing the traceback.
The NCSA began monitoring the hacker’s IP address while the FBI worked with Swedish authorities to set up an arrest.
While monitoring the hacker, the NCSA noticed that he had posted images of his computer screen online because his girlfriend had designed the desktop patterns, Barlow said.
A closer look at these desktop images showed open windows that proved the hacker was accessing an unauthorized computer when the images were made, he added.
That evidence directly led to his conviction in Swedish court, which included a $28,000 fine and two years of probation. Barlow said the hacker had never utilized or sold any of the data he skimmed through his hacking network.