Just two days after the Department of Homeland Security officially opened its doors, government-and business-security managers scored a victory of sorts with a successful public-private effort to combat a potential threat to more than 1.5 million E-mail systems around the world. The work served as a dress rehearsal for the kind of cyberattacks the government expects will increase as geopolitical tensions rise and a war with Iraq looms.

When the Sendmail vulnerability and the patches for it were simultaneously made public last week, key commercial organizations such as banks and utilities, as well as government agencies, were prepared to deal with the problem, having been alerted to it in late February by officials at the government's Critical Information Sharing and Analysis Centers. Issuing the patches was the culmination of work that began in December, when security software vendor Internet Security Systems Inc. warned the National Infrastructure Protection Center, now a part of Homeland Security, of the vulnerability in the Sendmail Mail Transfer Agent, which handles half to three-quarters of all Internet E-mail traffic. If exploited, the vulnerability could disrupt E-mail systems, emergency services, telecom networks, and other online systems worldwide, ISS warned.

The new department quietly worked with businesses and government agencies to secure highly vulnerable communication systems, according to sources, including people at computer-security education group SANS Institute and ISS. Homeland Security, working with ISS, contacted software developer Sendmail Inc. and Sendmail distributors such as Hewlett-Packard, IBM, Silicon Graphics, Sun Microsystems, and the Sendmail Consortium, which immediately began developing patches.

To secure open-source Linux and Berkeley Software Design, or BSD, versions of Sendmail, the CERT Coordination Center, a group that provides security information and monitoring, asked vendors such as OpenBSD, Red Hat, and SuSE to assist in correcting the source code. Homeland Security notified the Defense Department--the first group to receive the patches on Feb. 25--and the Federal CIO Council about the flaw. The Federal Computer Incident Response Center and the Office of Management and Budget also joined in the effort.

"The cooperation on this effort was the best I've ever seen," says Alan Paller, director of research at the SANS Institute. "When has there ever been an example of the White House, OMB, federal and civilian CIOs, DoD, and nearly 20 software vendors, all working together under the Department of Homeland Security's encouraging leadership?"

The government is prepping for cyberwar in other areas. The new House Homeland Security Committee last week created five subcommittees to focus on security, one of which will oversee federal cybersecurity, science, and research and development efforts for homeland security. The move follows the approval of the Cybersecurity Research and Development Act, which pro-vides $900 million over five years for universities to create IT security centers and research ways to protect computer systems.

The joint public-private effort that the Homeland Security Department led may become standard operating procedure as war gets closer. The National Infrastructure Protection Center and officials in the United Kingdom have warned that cyberattacks against Western interests will likely increase as global tensions rise.

Government and business should prepare for more serious cyberattacks, Clarke says.

Richard Clarke, the former special adviser to the president for cyberspace security, in his first speech since leaving that post last month, told attendees at the InformationWeek Spring Conference last week that terrorists may use the Internet to attack America's infrastructure. Captured computers and documents make clear that al-Qaida operatives used the Internet to do "virtual reconnaissance" on U.S. infrastructure, not only on companies but on dams and power plants and the software that runs them, he said. They also were downloading hacker tools from Web sites, Clarke said.

Some recent activity, such as denial-of-service attacks against the Internet's domain-name servers and the Slammer worm, seem to be evidence of "some funny things happening in cyberspace" that stopped short of causing serious harm, Clarke said. "It looked to me like people were seeing what you could do to be really destructive but not being really destructive, yet."