Skip to: Content
Skip to: Site Navigation
Skip to: Search

Could US repel a cyberattack?

The nation's defense relies on a small group that operates on a tiny budget and with little clout, experts say.

By Ben Arnoldy and Gordon LuboldStaff writers / June 7, 2007

Oakland, Calif. and Washington

Evidence is mounting that cyberwarfare tactics are part of the 21st-century arsenals of powers like Russia and China, yet the United States has not made Internet defenses a major priority.

Skip to next paragraph

A two-week cyberattack on Estonia – which overloaded government websites, knocked a bank's overseas customers offline, and caused Internet service to slow to a crawl – has brought the issue to the fore for US defense officials. While the tiny Baltic nation reacted well, experts say, the US may be at greater risk for mass disruptions of banking, telecommunications, and government services. The reasons: a lack of coordination, funding, and centralized authority.

"Estonia didn't collapse, and we wouldn't collapse under this type of attack either," says James Lewis, a senior fellow and cybersecurity analyst at the Center for Strategic and International Studies, a think tank in Washington. "But it would be very disruptive."

Repelling major attacks on critical national networks requires enormous coordination inside and outside government, as well as expensive research and preparation. However, primary responsibility for this falls on a small group within the Department of Homeland Security that experts say operates on a tiny budget and with little clout.

"The part of the US government that has responsibility for this doesn't have the authority to command attention from within other parts of the government, and it doesn't have the money to get the work done that is on its plate," says Bill Woodcock, a cybersecurity expert with the nonprofit Packet Clearing House who also traveled to Estonia to lend his help.

Estonia, a highly wired society, came under weeks of attack starting on April 27 after local officials moved a statue important to ethnic Russians. In what is known as a distributed denial-of-service attack, the servers for government agencies, media outlets, and banks were pounded by hundreds of thousands of computers in an effort to overwhelm their capacity.

While Estonian officials linked the attack in part to a computer in the Russian government, analysts say that nation's involvement is very difficult to prove – and may be the work of hacker-activists who only were encouraged by the Russians.

The country suffered a blow, but successfully prevented major damage. Estonia benefited from strong coordination of efforts by the government's computer emergency response team, or CERT. Law enforcement made a key local arrest, passing along critical information. System administrators shut out suspicious traffic, and foreign experts helped the CERT communicate with Internet service providers – many located in other countries – to cut off the sources of the attacks.

In the case of a major attack on this country, the US-CERT in the Department of Homeland Security may not have the same ability to take charge, analysts say.

"They do not have the central pull that [CERTs] have in other countries," says Jose Nazario, a senior security researcher at Arbor Networks. He says that the early development of the Internet here contributed to more independent security efforts, and private companies are sometimes loathe to share information with competitors. "The lack of clout can be frustrating. Internet Service Providers here in the States are generally free to ignore [US-CERT] if they want to, and there are some shady providers here."

The situation is improving, says Jerry Dixon, the acting director of the Department of Homeland Security's National Cyber Security Division, which runs US-CERT. He points to the rising number of incident reports of suspicious Internet activity from the private sector as well as government agencies, which are coming in at eight times the level of fiscal 2005.