A few days before Thanksgiving in 2014, a former employee with Sony Pictures received a screenshot from a friend still working there. It showed the friend’s desktop work computer screen, emblazoned with a grinning skeleton and a wall of braggadocio and links from someone claiming to have hacked into the Sony system and downloaded secret corporate information.
“It’s on every Sony computer nationwide,” the friend claimed.
Naturally, the former employee posted the image to Reddit, and within hours, most of the world was able to confirm it for themselves: a dozen terabytes of internal data, including confidential emails from famous Hollywood figures and unreleased movies, had been stolen and reposted publicly.
The circus didn’t really get started until early December, though, when the hackers suggested that the upcoming Sony picture “The Interview,” which portrayed the assassination of North Korean leader Kim Jong-un, was the motive. Suddenly, the FBI was involved.
Sony’s network was shut down, and “The Interview” was yanked from theatrical release as everyone speculated whether or not the nuclear-equipped madman in North Korea had ordered the hack, or whether North Korea was even capable of such a hack.
In Steps the Department of Homeland Security Computer Emergency Readiness Team
Lost in the spectacle was the quiet dispatch of a small team of cybersecurity experts from the Computer Emergency Readiness Team (CERT), a part of the Department of Homeland Security.
Without fanfare, the team quickly sifted through the forensic data from the attack, determined that the hackers used a vulnerability in Windows Server Message Block (SMB) signing to craft a worm that was able to win authentication on Sony’s network by way of brute-force, effectively unlocking the digital vault with a backdoor the hackers could use anytime they felt like it.
Thanks to the efforts of these cybersecurity aces, a CERT advisory was out within a week and countless other organizations were able to use the warning to defend their own systems against the malware.
It wasn’t the first time DHS had stepped in to restore order amid chaos. The department also dispatched teams to help deal with the Office of Professional Management and Healthcare.gov hacking incidents, each time remaining out of the limelight, but contributing key analytical assistance and broad warnings to other potential targets.
DHS takes a backseat to law enforcement entities during active investigations, but its technical expertise brings big-picture thinking to criminal inquiries.
This is the role that information security experts at DHS can expect to fill.
Meet the Cybersecurity Teams Protecting the Homeland From Online Threats
The Department of Homeland Security is a huge part of the federal government, with a quarter million employees and a $55 billion annual budget. Cybersecurity is only part of DHS’ mission, but with the security of the nation’s critical digital infrastructure being of chief concern, the Department established a number of different sections dedicated to different aspects of information security.
Because it was assembled as a chimera of other federal agencies in the wake of 9/11, the organizational chart at DHS is bewildering, and the cybersecurity aspects of its mission fall under several different auspices:
- Cyber Security Division
- Computer Emergency Readiness Team
- National Protection and Programs Directorate
The Cybersecurity Division is primarily research-oriented. It takes a shotgun approach to dealing with this multitude of vulnerabilities. The Division essentially has a license to freelance, taking a look at critical infrastructure and technologies and deciding where the biggest problems are and how to apply its resources to solving them.
This can take the form of:
- Developing and releasing digital forensics tools and standards for investigations
- Researching identity management to improve credentialing and authentication systems
- Releasing a free software Cybersecurity Evaluation Tool for any organization to use in assessing its information security practices and procedures
With $1.8 billion recently approved for further cybersecurity efforts, even more programs are waiting to be staffed up with skilled information security auditors, engineers, administrators and analysts.
The Computer Emergency Readiness Team (CERT) is more hands-on than the Cyber Security Division, tracking active threats and incidents and dispatching specialist teams when necessary to perform on-site forensics to dissect and analyze new attacks. CERT also functions as a clearinghouse for alerts and advisories, keeping both government and private users apprised of the latest threats and mechanisms to defend against them.
The National Protection and Programs Directorate (NPPD) straddles the boundary between physical and virtual infrastructure protection. Like CERT, NPPD issues alerts and works with government and private sector operators to secure their systems against intrusion. Unlike CERT, NPPD is concerned with physical threats as well as virtual threats in the realm of software.
How DHS’s Cybersecurity Teams are Earning Their Keep
In 2013, suspects who were never identified cut fiber optic telecommunications lines and shot up a power substation near San Jose, California. Although utilities quickly routed around the damage, such attacks are every bit as devastating—and in some ways more difficult to defend against—than purely virtual exploits. In the wake of that attack, it fell to NPPD to work with public utilities and law enforcement to try to secure vital infrastructure against such threats. The Critical Infrastructure Partnership Advisory Council was formed to reach out to private sector partners for help securing telecommunication and power generation grids.
Although Homeland Security conjures up the specter of terrorist attacks for most people, the department absorbed a broad swath of federal agencies charged with securing American lives and property from all manner of threats. Recently, for example, the Cyber Division dedicated considerable effort to helping local governments and public safety agencies prepare for the connectivity challenges that a major hurricane could bring.
Perhaps most critically, the passage of the Cybersecurity Information Sharing Act of 2015 made DHS a clearinghouse for all intelligence distribution on exploits and vulnerabilities in the nation’s digital infrastructure. The National Cybersecurity and Communications Integration Center was formed and tasked with accepting reports from both the public and private sector and disseminating critical information broadly so that cybersecurity experts in every area could obtain the latest updates on current threats.
Starging a Career With DHS Cybersecurity
DHS is suffering from the same deficit of talented cybersecurity specialists as every other industry in America. Instead of lowering their standards, however, DHS is stressing education and training programs and offering incentives to recent information security graduates in an effort to recruit top talent.
The department is looking for applicants with skills in:
- Cyber incident response and digital forensics
- Network and systems engineering
- Risk assessment and mitigation
- Strategic analysis
- Software assurance
To further expand the pool of adequately trained candidates for these jobs, DHS has paired up with the National Security Agency to create the Centers of Academic Excellence (CAE) program designation for qualified colleges and universities.
Subject matter experts from both organizations carefully evaluate the curriculum offered through cybersecurity programs to evaluate how applicable it is to current cyber defense work in determining whether a program meets the stringent requirements for approval.
Institutions may be designated as:
- Center of Academic Excellence in Cyber Defense Education (CAE-CDE) for schools offering four-year and graduate degrees
- Center of Academic Excellence in Cyber Defense Two-Year Education (CAE-2Y) for community colleges offering two-year degrees
- Center of Academic Excellence in Cyber Defense Research (CAE-R) for research institutes
Candidates looking for an edge when applying for DHS cybersecurity jobs should seek out institutions with a relevant CAE designation.
A Cybersecurity Internship program is also available with the Department to give students an opportunity to gain work experience with DHS experts in the field.