In the last two years, the Bush Administration has focused more intently on securing government networks. Among the initiatives, US-CERT has deployed a network-traffic analysis system, known as EINSTEIN, to monitor 15 agencies for possible computer intrusions. The National Institute of Standards and Technology has created the National Vulnerability Database and worked with other agencies to create important standards for configuration management and vulnerability detection. The Office of Management and Budget, along with NIST, is spearheading an effort to get all desktop computer systems within federal agencies to use the Federal Desktop Core Configuration -- a standard, secure configuration for Windows XP and Windows Vista.

The Bush Administration also announced its so-called "Cyber Security Initiative" -- a plan to minimize the number of trusted Internet connections, or TICs, serving federal agencies from more than 4,000 to approximately 50, and improve EINSTEIN's monitoring on those connections to prevent attacks in real time. The Bush Administration has reportedly budgeted $30 billion over the next five to seven years for the program.

As part of its efforts, the Administration held its second national cyber response exercise last month. The exercise, known as Cyber Storm II, involved 18 months of planning, 18 federal agencies, 9 states, and 40 companies, the DHS's Garcia said during a Wednesday session on the project. Five countries took part in the exercise, including the U.S., the United Kingdom, Canada, Australia and New Zealand.

The international cyber exercise was "fundamentally about responding to a fast breaking epidemic," the DHS's Garcia said. He added: "The interesting part of the Cyber Storm exercise was the planing part. In the 18 months leading up to the exercise, relationships were being built up that actually could help in a real life situation."

While the Department of Homeland Security refused to reveal details of the actual scenario used in the exercise, ten companies from the chemical industry took part in Cyber Storm II making it a good bet that the plot involved some sort of hazardous chemical component.

"One of the objectives in our company was to trigger the incident response processes and see if we could invoke the crisis management teams," Christine Adams, a senior information systems manager for the Dow Chemical Co., which took part in the exercise, said during Wednesday's discussion.

Instead, Adams found that the companies first went to their information-technology vendors before talking with each other and understanding that separate incidents were part of a broader threat.

"Individual companies will work through their technology providers in times of crisis first," Adams said. "And we will look to IT providers before we will even look outside of our own companies."

Among recent incidents that have concerned U.S. government officials include the attack against the technology-dependent country of Estonia. The attacks, which began on April 28, followed violent clashes between the Estonian police and ethnic Russians in the country over the removal of a Red Army monument that symbolizes the defeat of Nazi Germany by the Soviet Union during World War II, but is also a reminder to Estonians of the more than four decades that the Soviets occupied the nation. Following the incident, the North Atlantic Treaty Organization (NATO) -- of which Estonia is a member -- began evaluating whether such attacks should trigger the treaty's clause for common defense, Article 5.

The Bush Administration appears to be setting the foundations for a doctrine of allowing defenders to pursue adversaries across cyberspace in response to attacks. Last week, Lieutenant General Robert J Elder, Jr. stated that the rules of engagement will have to be rethought for the Internet, espousing a more offensive mentality.

On Tuesday, Secretary Chertoff highlighted the impossible task of U.S. defenders when trying to pursue virtual attackers in the physical world, leaving open the possibility that some other strategy will be needed.

"As we tackle this challenge, we have to recognize that we are in a domain when traditional military response is not adequate," Chertoff said in his keynote speech. "We need a network-type of response to deal with a network attack."

If you have tips or insights on this topic, please contact SecurityFocus.