Cybersecurity and DHS: Little Orphan Issue

Security experts agree, cybersecurity needs a home. Why won't Washington adopt it?

. What's this?

By CSO Contributor

July 01, 2005CSO

Inside the beltway, it's become the standing joke of the Department of Homeland Security: cybersecurity. Always buried on the org chart. No respect or resources given to the "leader" of cybersecurity efforts. The leadership role itself is like a turnstile, with people revolving through—first Richard Clarke, then Howard Schmidt, then Amit Yoran—and stopping just long enough to figure out the acronyms before they give up and go to the private sector.

Daniel Burton, vice president of government affairs at software security vendor Entrust, calls cybersecurity in the government an orphan issue. "Cybersecurity issues dont have legs in the department," says Burton, whose company is a member of the Cyber Security Industry Alliance (CSIA).

The funniest, or saddest, part of it all is that everyone seems to know the solution: Assign an assistant secretary for cybersecurity at DHS. This would put the position one step below the cabinet leader, giving it more power and visibility. This assistant secretary would head a National Cybersecurity Office and work with the assistant secretary for physical protection to promote cybersecurity and protect the nation's critical infrastructure.

Harris Miller says the position would have the authority to set policy and pull private industry into collaborations with government. Miller, president of the Information Technology Association of America (ITAA), an IT lobbying group, says that without an assistant secretary, the lack of progress on cybersecurity in the Bush administration will continue.

This year, Congress introduced three bills that would create the elevated position.

But it hasnt worked yet. Cybersecurity remains in the orphanage. The Department of Homeland Security Cybersecurity Enhancement Act of 2005, which includes a provision for the creation of an assistant secretary for cybersecurity, currently awaits its day in the Senate.

The appointment of DHS Secretary Michael Chertoff in February seems to present another opportunity to elevate the role of cybersecurity within DHS. Chertoff has said that cybersecurity will be one area he considers as he reviews the organization of DHS early this year.

Alan Paller, director of research for The SANS Institute, remains skeptical about whether an elevated position will help cybersecurity's cause. He says the issue of an elevated cybersecurity chief position is less important than a general attitude change about cyber-security within the U.S. government that would lead policy-makers to expect far more built-in security from system vendors.

Leaders at ITAA and CSIA disagree with Paller, saying an assistant secretary could push for those cybersecurity changes that are needed within DHS. "The policy cornerstones are in place; it's the implementation that is not quite what youd hope it to be," says Paul Kurtz, executive director of CSIA.

Read more about compliance in CSOonline's Compliance section.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER