Knowing when to react and doing it without drama and effectiveness should be the key to a prepared government when it comes to cyber security.
Speaking at the RSA Conference in San Francisco, Michael Daniel, cyber security coordinator at the White House, said that response to cyber incidents can usually sound like a trailer for a Hollywood blockbuster, and that can be a good way to get attention, but while they are not like the real world, threats remain to be broad and dangerous.
He said: “What is government's role in managing the new normal? It is our job to prepare for the worst. Not like movie traffic pile-ups, but stuff which are much less flashy but still troubling – like intrusions that are going on for years, distributed denial-of-service (DDoS) for businesses and persistent DDoS attacks that are going on with some reaching multiple gigabits per second, but otherwise which are overwhelming systems and often limiting impact.
“Often DDoS is primarily annoying, and it doesn't seem like a scenario to despatch Bruce Willis to deal with, but this is what the new normal looks like. Can it come from overseas? The short answer is yes – accept security in cyber space to try and figure out what it entails and what we try to answer is what follows, especially in the area of prevention.”
He said that President Obama's executive order as part of the State of the Union address has led to better preparations for cyber incidents, and it has shared hundreds of thousands of signatures in the past six months and it is "preparing to double its efforts". However there needs to be more capabilities to share signatures and information, as well as capabilities to work with the private sector to create baseline and information sharing standards for prevention.
“There are no easy answers here, it is more complicated when it comes to responding,” he said.
“Computers and wires all exist somewhere; near and far, fast and slow, big and small, it is all different meanings and they may not follow the same format so there is an entire burden of network defence. To talk about incident response is about having time to prepare for it, such as with the weather report – in cyber space it is information sharing.
“The federal government works hard to make capabilities as easy as possible and no CISO should be caught off guard. Firms should participate in a sharing organisation and test plans against the real world, use modern network defence technologies and monitor under the assumption that you have been breached, and develop strong capabilities.”
Daniel also admitted that it is hard to know when a cyber incident warrants a federal response, and this needs to be debated in government and society, but there were still broad actions to take with multiple government department involvement.
When it comes to response, he said although any response should not be to not do anything, the government should be careful to not do any harm to relations with other countries or do "something warranting a military response".
He said: “The answer is we have a lot of work to do to achieve the aims of the executive order, that is only a down payment and we continue to support action to incorporate these aspects into our civil liberty, enable information sharing and update laws guiding security and the questions will be fully answered.
“We cannot be movie pilots but we will get there in the long run. We need to keep the conversation going to get to the answer, and get a wide set of tools to deal with the cyber threat and build tools to get to that aim.”