Opinion

What Should WH Cybersecurity Coordinator's Job Description Look Like? One Man's View

Part 2 of Ariel Silverston's "Mission Impossible" series: If President Obama's new cybersecurity coordinator is to have any real impact, there are a few things that will need to be worked into the job description.

By Ariel Silverstone, CISSP

Page 4

Task 9: Champion, with the National Institute for Standards and Technology (NIST), the United States' participation and Leadership in worldwide Standards Organizations.

No discussion of information sharing will be complete without mention of the Information Sharing and Analysis Centers, the ISACs. The theory behind the creation of the ISACs was a sound one. The execution of most ISACs, however, is anemic at best.

The funding for programs which contribute to the ISACs, such as through DHS's National Protection and Programs Directorate (NPPD) and/or Information Analysis and Infrastructure Protection Directorate (IAIP) (formerly including the National Infrastructure Protection Center (NIPC)), has been not only sporadic, but frequently in doubt from one budgetary year to the next. We must change this now. National Infrastructure Protection is no less important than Civil Defense. Collaboration within industry groups must be immune from anti-trust laws, and allowed to be, or even demanded to be, free-flowing, continuous, and documented.

Task 10: A documented knowledge-sharing effort must be funded for critical industries. This effort should be coordinated and protected by legislation so thoughts and information will be free flowing.

Directed Research

"Information protection" does not define a fire-and-forget attitude. Constant research and betterment of our posture, defensive as well as other, is essential to our economic survival. The federal government should take its rightful place as the champion, supported and demander of par-excellence education, research and development of information security tools, techniques, procedures and understanding.

We should invest in centers of excellence within schools, from the high-school level to universities, which will encourage awareness of information security. Awareness is foundation to all information security efforts. Without awareness, we shall surely fail.

We should contribute to the development of nuclei of understanding and to the clusters of knowledge that will operate within research universities. These clusters will encourage thinking about information security problems and solutions, and will, most assuredly, enhance further the economic success of the United States by providing generations of scholars.

We should consider the formation of a cadre of thinkers, following in the example of AmeriCorp, available to advise the government and industry, on best and future practices in the realm of Information Security. This would be a substantial expansion of the National Science Foundation (NSF), the Office of Personnel Management (OPM) and the Department of Homeland Security's Scholarship for Service.

Task 11: Work together with the Department of Education and Congress to develop scholarships, curricula and mentoring abilities made available to public and private institutions to enhance learning within the field of Information Security.