Continued from page 1

“Local is actually the next frontier,” Kaiser said. “People turn first to their local government, law enforcement, fire departments, town council, local mayor. We need them to be prepared and ready.”

States began taking cyber security seriously while also fortifying physical targets after the Sept. 11 attacks, said George Foresman, a former undersecretary at the U.S. Department of Homeland Security. He said implementing cyber security measures has not been as consistent as the roll-out of homeland security efforts.

“It is still very much inconsistent and within that inconsistency lies a lot of vulnerabilities for states,” Foresman said. States including Georgia, New York and California run cyber security offices to protect state networks.

In New York, the 40-person staff at the state’s Office of Cyber Security annually processes 26 billion pieces of data culled from Internet monitoring devices, said director Thomas D. Smith. More than 150 events require immediate attention every year and the office’s Incident Response Team typically investigates more than 50 cyber incidents annually, Smith said. Last year, New York’s disaster preparedness statute was also amended to include “cyber events” as grounds for declaring a state of disaster emergency, Smith said.

The workload, however, is a fraction of what the private sector manages because it controls a larger percentage of cyber networks.

In announcing the Rhode Island Cyber Disruption Team, Maj. Alan J. White, who is Dell SecureWorks’s director of security and risk consulting and leader of the Rhode Island Army National Guard’s Computer Emergency Response Team, said the company processes about 15 billion cyber security events daily to protect its customers.

“It’s usually the government that wants something done about these attacks but the infrastructure is usually owned by the private enterprise,” said Shari L. Pfleeger, director of research at the Institute for Information Infrastructure Protection at Dartmouth College. “You can’t only do government. They are so intertwined. They are so interconnected. There needs to be a more comprehensive approach.”

Yacov Y. Haimes, director of the Center for Risk Management of Engineering Systems at the University of Virginia, said because private and public cyber networks are so closely linked he supports federal legislation that proposes to create a gold standard for cyber defense that can be applied to privately-run networks.

The bill, crafted by U.S. Sens. Joe Lieberman I-Conn., Susan Collins, R-Maine, and Tom Carper, D-Del., would create a National Center for Cybersecurity and Communications with authority to direct federal efforts to secure the cyber networks of government and the private sector.

One provision of the legislation would offer liability protection to network owners and operators of crucial infrastructure like electric grids and power plants who stick to security plans with a government seal of approval.

“The private sector is not ready to invest in the proper security because it’s coming from the bottom line,” Haimes said.

J. David Smith, former executive director of the RI Emergency Management Agency, said cooperation from the private sector is crucial not just to improve security on public networks, but to find more funding streams. The Rhode Island effort has financial support from the state police and emergency management officials, but no money has been set aside explicitly for the Cyber Disruption Team.

The scope of the task ahead is also daunting. New York is asking agencies to identify where sensitive information and data are stored, such as smart phones, laptops and computers, Smith said. He described the effort as a priority because it’s impossible to protect data until establishing where it’s stored. But the state has not imposed a deadline for agencies to report back because tight budgets have depleted manpower so dramatically.

Meanwhile cyber intruders are stepping up their game.

“We’re seeing increasing sophistication in the way that hackers debilitate systems,” Kaiser said. “There’s still a lot of work to do.”