Time to enlist a ‘national guard’ for IT?

NORTHFIELD, VT. – The U.S. is unprepared to recover quickly from a major cyberterrorism attack and might require government intervention to organize IT professionals, according to military emergency management officials at a security conference.

Authority from the president and Congress should be conferred on a single person to cull government resources to respond to such attacks, but that will not be enough, according to retired Army National Guard Maj. Gen. Jack D’Araujo, a former assistant director of the Federal Emergency Management Agency who spoke last week at the e-ProtectIT conference at Norwich University.

D’Araujo said that in cyberwar games last fall called Livewire, participating businesses seemed reluctant to give up information to federal officials about their networks and what data travels on them. In an actual cyberattack, there is no set official chain of command for dealing with recovering from the attack, he said.

A cyber national guard might be needed, he said, to react as the military National Guard reacts to natural disasters. The need is urgent because the extent and target of possible attacks cannot be known. “We’re really plowing some new ground,” he said. “We flat-out aren’t prepared to deal with it.”

The upside is that within the IT community people have knowledge about what do to in a cyberattack, said Patrick Gallagher, former director of the federal government’s National Computer Security Center. “If we have problems today, we have network groups who can and do talk to each other and speak a similar language and have the same training,” he said. “What we need is the leadership to pull that together.”

Recovering quickly is important, but because there has never been a cyberdisaster, it’s difficult to know what will be needed and how quickly damage can be repaired, said Pierce Reid, an Internet warfare specialist and vice president of marketing for VoIP vendor Qovia. “What will it take for a national reboot? A lot of these systems have never been taken offline,” Reid said.

These comments came a week after the IT industry Cyber Security Early Warning Task Force issued a report calling for an early-warning network and a national crisis coordination center run by CERT (see Bradner column). The purpose would be to gather attack information and issue appropriate warnings to the right people. Representatives from BellSouth, Computer Associates, Intel, Internet Security Systems, Microsoft, SAIC, Symantec and other corporations participate in the task force. The group plans to issue a report on public responses to its proposals in June.

Currently, informal information-sharing systems exist for business, government and military agencies to deal with cyberattacks, but they lack official powers to make responses more efficient and focused, D’Araujo said. These systems are built on personal contacts and cooperation, but not on a system, and he said that is a weakness. “When someone knocks you on your ass in a cyberwar, you’d better have something more than Fred-knows-Joe on the golf course to rely on,” he said.

Livewire exercises organized by the Department of Homeland Security called for early warning centers to be run cooperatively by banks, water and electric utilities, and technology companies, but information was shared reluctantly or not at all in many cases.

Attacks on data and voice networks need not bring down business, utility and government networks for long to do a lot of damage, said Phil Sussman, Norwich’s CIO who ran a seminar on network security. If such attacks affect 911 emergency phone systems, hospitals and emergency dispatch centers, public confidence in the government to protect it will be undermined, he said. “It will shake confidence in the network itself with a series of things people expected but are no longer there,” Sussman said.

“Public trust and confidence is one of [attackers’] objectives,” D’Araujo said. When planes hit the World Trade Center, its psychological damage was devastating, he said. “Public trust and confidence in the government to keep them safe in airplanes was shot,” he said.

U.S. IT professionals need to look at their operations as attackers do to be better prepared, said retired U.S. Marine Gen. Commendant Alfred Gray. “We’ve got to get street-wise. We’ve got to look for what people do when they have less capability than you do – they look for the seams, they look for the cracks,” he said.

Reid said recent virus attacks can be seen as preliminary probes to a major assault, just as there were terror bombings over a period of years that led up to Sept. 11. “What we’re seeing is the embassy bombings, the attack on the USS Cole – all the pin pricks that lead up to the main event,” he said.