DHS Official Says Government and Citizens Must Work Together in Cyber-Security Fight

The federal government decreed October National Cyber Security Awareness Month with the theme of "Our Shared Responsibility" tacked on for good measure. When Greg Schaffer, an assistant secretary in the U.S. Department of Homeland Security (DHS), addressed the crowd Wednesday, Oct. 14 at the National Cyber Security West 2009 conference in Sacramento, Calif., he definitely had that theme in mind when he spoke about modern IT integrity.

"We're here today because the responsibility to deal with these issues, the real focus of attention on how we address these problems cannot be with the federal government or with state governments alone," he said. "The focus and intention really has to be spread across absolutely everyone who touches a computer and its use of the technology."

Schaffer's official title may be lengthy -- assistant secretary in the Office of Cybersecurity and Communications National Protection and Programs Directorate within the DHS -- but his message was to the point: The government can't safeguard the nation's networks by itself. Citizens need to step up, too.

Schaffer said every connected device -- whether it's used for work or play -- is a potential risk because of the Internet's pervasive role in the networks and systems that facilitate daily life.

"Whether it's the fuel in the tank of your car or the fuel that powers the oven that cooks your food, it is likely that that was controlled at some point in the process via an Internet-connected device," he said. "And as a consequence, almost everything we do is potentially breachable, touchable, subjected to some level of risk via the connectivity to the Internet."

Online banking, social networking, travel arrangements -- online communication in general -- are all out there somewhere in the wild, wild Web. Although citizens can be sure public safety officials are working to protect them, they should still learn some online self-defense moves.

"Today, the number and type of threats that we are faced with are far more of a concern to the larger economy," Schaffer said. "It is a concern for attacks that are low and slow, designed not to be observed by the public at large, not to be observed by the professionals who are looking for the attacks, but simply to get at the money and resources."

He stressed that everyone should practice good computer hygiene, but the federal government is asking for input from state and local powers to standardize security protocols. He referenced recommendations in the 60-day cyber-security review the Obama administration recently ordered, and various federal projects with the goal of increased IT security in sight.

"We have been given special authority to hire up to 1,000 cyber-security professionals and continue to enhance our strengths in that space," he said.

These professionals will be hired into various federal agencies, but appointing so many employees will likely take years to complete.