Risks from cyberattacks are increasing and the consequences are so great that the country needs a "Manhattan Project" for network security, Michael Chertoff, secretary of the U.S. Department of Homeland Security, said in a keynote on Tuesday at RSA 2008.
"We need a game-changer with how we deal with attacks," he said. "In January, the president signed a homeland security directive, for a national cybersecurity initiative...almost like a Manhattan Project."
"Cyberthreats have enabled terrorists and criminals to do the kind of damage they would never be able to contemplate doing in the real world," he said.
For example, a botnet denial-of-service attack shut down the Estonian government last year for about two weeks, according to Chertoff. "It went beyond simple mischief, and represented an actual threat to government to govern its country."
"A single individual, a small group of people, or a nation-state can exact the kind of damage or disruption that in years past only came when you dropped bombs or set off explosives," he added.
The government needs the "best and brightest" from Silicon Valley and elsewhere in the private sector to work on creating an advanced warning system to prevent such cyberattacks.
"We face a very serious challenge and it's only likely to grow more serious as time passes," Chertoff said. "We're operating in a domain in which traditional military power or the power of the government is insufficient to address the full nature of the threat. A command and control response will simply not be adequate. We need a network response to deal with a network attack."
During a question-and-answer session afterward, Chertoff defended the government's Real ID law, which would create a uniform national ID card. Chertoff said the card would make the country's buildings and airplanes more safe from terrorists. Opponents say the inconvenience and privacy concerns outweigh any perceived benefits.
Chertoff asked rhetorically, when choosing between an airline that allows people without identification to board and one that doesn't, "which airline would you put your children on?"