Homeland Melting Pot

When organizations consolidate, it often means that services are lost. But some cybersecurity experts believe that folding three security-focused government organizations into the monstrous Department of Homeland Security is a step in the right direction.

On March 1, approximately 300 employees of the National Infrastructure Protection Center (NIPC), National Communications System and Federal Computer Incident Response Center found their organizations had been dissolved. They now report to the DHS’s Information Analysis and Infrastructure Protection (IAIP) directorate. “Fundamentally, there was a recognition that in order to best defend the homeland, we needed to consolidate as many of the elements that are engaged in this defense under one chain of command,” says David Wray, acting communications director for the IAIP.

For now, Wray says that little will change in the eyes of the private sector. The three organizations’ websites will remain up for the time being, and they will continue providing services, including alerts, bulletins and security advisories. But, the IAIP will evaluate these services, looking to reduce overlap and uncover any gaps in cybersecurity protection where new services can be added. Wray adds that if you’ve developed a relationship with someone from one of these now dissolved organizations, you should keep it. The majority of staff members have the same job function.

Government organizations are not the only watchdogs available to security executives. Phyllis Schneck, chairman of Infragarda partnership between the FBI, private industry and academiasays “the formation of the DHS’s [IAIP] is a tremendous asset to information sharing and protection.” Infragard, developed by the NIPC as an outreach effort, has nearly 8,000 members in 56 chapters affiliated with FBI offices in most cities. Schneck says the role of Infragard will not change.

But former NIPC head Michael Vatis says some recent Bush administration decisions are “seriously regressing” progress made in cybersecurity research and development. Vatis, in a statement to a House subcommittee, says many DHS positions responsible for cybersecurity policy-making and outreach to private industry have yet to be filled; some have not yet been formally nominated, let alone confirmed by Congress.

Some in the government and private sector fear that the transitioning departments may suffer from a “not my job, not my problem” attitude. In a letter penned to the FBI, Sen. Charles Grassley (R-Iowa) conveyed his unease with the handling of an investigation into a Boston-area software company. Grassley claims that the FBI may not have done enough to ensure that the computers and networks of the government and private sector were free from vulnerabilities that could have come from the company’s software. Grassley reminded the FBI that “until the NIPC moves into the DHS, it is still the FBI’s responsibility to serve as the U.S. government’s focal point for threat assessment, warning, investigation, and response for threats and attacks against our critical infrastructures.”