Purdy: DHS will ramp up cybersecurity

Find opportunities — and win them.

The Homeland Security Department has drafted a set of key scenarios for possible cyberattacks against the Internet and critical IT systems, and is seeking comments from the private sector on how to best prepare and respond to such attacks.

The Homeland Security Department has drafted a set of key scenarios for possible cyberattacks against the Internet and critical IT systems, and is seeking comments from the private sector on how to best prepare and respond to such attacks, according to Andy Purdy, acting director of DHS' National Cybersecurity Division.

DHS officials and the White House also are putting the finishing touches on a new national cybersecurity research and development plan, Purdy said earlier this week at a seminar on Capitol Hill. The event was sponsored by Nortel Networks Corp., a global telecommunications equipment manufacturer based in Brampton, Ontario.

"At DHS we recognize the importance of cybersecurity risks and we are energized by that risk," Purdy said.

Homeland Security Secretary Michael Chertoff also is preparing to name an assistant secretary for cybersecurity and telecommunications, he said.

Purdy outlined several initiatives undertaken by his division to bolster cybersecurity and to prepare for a national cyberattack exercise known as Cyber Storm in November.

As part of their planning for disaster recovery for IT systems, DHS officials are looking at key dependency elements, such as maintaining adequate electrical power supplies, as critical parts of the recovery, Purdy said.

The department is working with advisers to prepare plans for maintaining Internet operation following a catastrophe, and also focusing on Internet-based control and process systems, which are IT systems that control the daily operations and interrelations of many plants and utilities.

"Control and process systems are one of our major priority efforts?it's a huge challenge and a significant cybersecurity risk," Purdy added.

DHS also is meeting with software industry groups to promote shared responsibility for cybersecurity. "It's not just the responsibility of end users. The hardware and software makers need to do a better job to reduce vulnerabilities so we can all be safer," he said. For example, the industry needs to develop tools to make sure that software does not include secret back doors and malicious code, he said.

Also at the event, Nortel CEO Bill Owens warned that a catastrophic cyberattack against the Internet could create a "virtual [Hurricane] Katrina" that would reverberate throughout the U.S. economy.

Owens said the growing threat over the next two or three years is coming from new viruses that may attack wireless devices and mobile phones, which can then infect broadband networks, government computers and mission-critical IT systems. He said China, India and South Korea take the risks more seriously than does the United States.

"I am frightened as hell about this issue of cybersecurity because we see it in spades around the world," Owens said.