Homeland Security CIO calls for cybersecurity, communications standards

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.computerworld.com/securitytopics/security/story/0,10801,87098,00.html

Story by Lucas Mearian 
NOVEMBER 13, 2003 
COMPUTERWORLD 

COLUMBUS, Ohio -- Steven Cooper, the new CIO at the Department of
Homeland Security, said he has had "some pretty candid conversations"
with Microsoft Corp. CEO Steve Ballmer and other company officials
about software security concerns.

"And I think, believe it or not, that we're really influencing them as
a community," Cooper told a gathering of about 150 CIOs at a CIO
Symposium put on here by the Columbus Technology Council and the
Center for Information Technologies in Management.

While Cooper didn't go so far as to say his agency is partnering with
Microsoft to fix vulnerabilities in the company's Windows operating
system, he did say, "We are collaborating with them very closely with
working to improve ... software."

Cooper said he met with nearly 75 government CIOs earlier this week,
most of whom said their departments now have internal cybersecurity
plans that include some kind of vulnerability and risk assessment, use
third parties for penetration testing and have put in place some type
of patch management process.

"And yes, at the top of the list was Microsoft," Cooper said. "No
surprise, I suspect. I've had some pretty candid conversations with
Steve Ballmer and the Microsoft gang."

On a different topic, Cooper acknowledged that the first version of
his department's national enterprise architecture, released in late
September and available online or by CD, still needs work. And he
asked CIOs from various industries and from state and local
governments to help make it better. "Help us add the granularity from
your perspective," he said.

"How many of you would buy Release 1.0 of anything?" he said of the
document. "It's about an inch deep and a mile long. [But] the safety
and security of all of us depend on our ability to rapidly get this
enterprise architecture right. It really does have that magnitude of
impact."

"What do you expect folks like us to do?" asked John Deane, CIO at
Dublin, Ohio-based Wendy's International Inc.

Cooper suggested that even fast-food restaurants could help
disseminate information by putting cybersecurity pamphlets on their
counters. He also pointed to an initiative in which the government has
appropriated $12 million for CIOs to develop a dozen or so
information-sharing pilot projects, each costing less than $1 million.

"All we're asking initially [is] if you'd give us some kind of concept
paper, one or two pages," he said. "Just share with us what you'd like
to do: 'Here's what we can do for x amount of dollars.'"

Cooper said he would like to deliver some business value from any
pilot programs that get seed money within three to six months to show
how IT can enable rapid and effective information sharing between the
private, local, state and federal sectors.

Joe Gottron, CIO at Columbus-based Huntington Bancshares Inc., said
it's important to know how the department will measure progress toward
its goals. "Calculating progress will help in getting people engaged
and be part of that process. The task is so enormous," Gottron said.  
"He [Cooper] needs to create a sense of purpose similar to that
created around the Apollo 13 landing."

Cooper said his department is using "cycle time" and information
quality, admitting "those are not exactly the right matrixes. At the
department level, we don't have those [processes] in place yet."

Jesse Jones, CIO of Columbus' Department of Technology, asked Cooper
how information submitted to the Department of Homeland Security would
trickle down to state and local governments.

Cooper said he's been working with CIO associations at the state and
national levels, but he pointed out that there are 56 states or
territories, 33,000 counties and 89,000 municipalities in the U.S. "I
haven't found the right organization or body that gets to all those
cities and counties."


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.