Cybersecurity Progress after President Obama's Address

At the same time, the United States has championed freedom on the Internet, including freedom of expression, association, religion, and the “freedom to connect” as an essential element of human rights in the 21st century.  The United States is assisting human rights activists, journalists, and citizens around the world in their efforts to exercise these freedoms in the wake of some governments’ attempts to thwart free expression.

The Administration has conducted an intense

The Administration has conducted an intense, year-long examination of how to ensure that identities of people, organizations, and devices in cyberspace are trusted in collaboration with key government agencies, business leaders, and privacy advocates.  The White House has released to the public for comment a draft National Strategy for Trusted Identities in Cyberspace (NSTIC) that outlines this vision to reduce cybersecurity vulnerabilities through the use of trusted digital identities.  The NSTIC calls for the creation of an online environment where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions.  The draft strategy includes important privacy protections and is based on a user-centric model that allows users more control of their private information.

Through the TIC and EINSTEIN programs, DHS has reduced the number of Internet access points in Federal networks and deployed intrusion detection technology at those points.  Currently, this technology is operational at 12 of the 19 major Federal agencies, providing visibility into more than 278,000 indicators of potentially malicious activity per month. 

New cybersecurity centers are integrating and providing real time situational awareness to combating cyber threats.  DHS has established the National Cybersecurity and Communications Integration Center (NCCIC), integrating and eventually synchronizing the work of existing cyber and communication incident response mechanisms into a unified operations center.  DHS also opened the Industrial Control System – Computer Emergency Response Team facility to address cybersecurity threats to critical infrastructure control systems.  The National Cyber Security Center (NCSC) at DHS chairs a monthly meeting of the directors of the cyber centers across the Federal community and has initiated a significant cyber event conference call that all center directors can use 24 hours a day, 365 days a year.

The Administration is leading the way in better securing the Internet’s Domain Name System (DNS).  The National Telecommunications and Information Administration (NTIA), with support from NIST and DHS, has worked since 2003 to spearhead the implementation of a security technology known as DNS Security or “DNSSEC.”  In July, the most significant step in that process will be completed, when the authoritative DNS root is signed. GSA and DHS have also worked to ensure that the “.gov” domain adopts better security practices, including DNSSEC, that assist in thwarting hackers and help Internet users reach correct and valid Internet sites.  In addition, NTIA approved the implementation of DNSSEC within the U.S. top level domain (.us) and the domain used by academic institutions (.edu).

Hackers and cyber criminals are increasingly being brought to justice.  The FBI and United States Secret Service have worked to bring criminals to justice.  The Secret Service has resolved over 1,100 cases and cracked the Heartland Payment Systems case that compromised over 130 million credit cards.  Albert Gonzalez, a main defendant in that case, was sentenced to 20 years in prison.  The FBI led an international law enforcement group which dismantled several international cyber criminal organizations.  Two examples include the take-down of a Russian-led organization which penetrated over 300 financial institutions, including the Royal Bank of Scotland (RBS), where the actors coordinated the withdrawal of nearly $10 million in less than 24 hours from more than 2,100 ATMs in 280 cities around the world.  Another FBI investigation brought down the perpetrators of a scheme that executed more than $4 million of unauthorized transfers from over 5,000 victims’ accounts; this investigation culminated with the arrest of more than 100 conspirators by the FBI and Egyptian law enforcement.  A third FBI investigation, conducted jointly with Italian authorities, led to the arrest of five Pakistani nationals who operated an Italian-based money transmitter company that supported the 2008 Mumbai attacks by funding the terrorist acts and activating the VoIP (voiceover IP) accounts that the terrorists used during the attacks.

Government and the private sector are partnering to reduce the financial risk from cyber threats.  The United States Government and the private sector are working to educate businesses in reducing and mitigating their financial risk from cyber threats.  The FBI collaborated with the Financial Services Information Sharing and Analysis Center to issue a timely, ground-breaking joint publication on cyber threats and mitigation strategies involving Automated Clearing House transactions.

Government and the private sector are working together to identify and reduce vulnerabilities for new devices like smart phones.  Working together, NIST, NSA, and the private sector have created a checklist to identify vulnerabilities in smart phones. Many new phones are actually unified communication platforms that incorporate web browsing, still camera, video, and other functions, but the integration of these platforms creates an ever more vulnerable system by multiplying each unique platform’s vulnerabilities.  The use of this checklist can reduce these vulnerabilities.

Today the White House announced the President's new White House Cybersecurity Coordinator, Howard Schmidt. With some 40 years of experience in government, business and law enforcement, Howard brings a unique and deep experience to this important issue. Watch this video to learn more about his background and approach.