Homeland Security creates cybersecurity division

[InfoSec News <isn () c4i org>]

http://www.nwfusion.com/news/2003/0606homelsecur2.html

By Grant Gross
IDG News Service
06/06/03

WASHINGTON - The U.S. Department of Homeland Security (DHS) has
launched a cybersecurity center, but not all cybersecurity experts
welcomed the move of the former White House cybersecurity office to a
division at DHS.

The 60-person division, called the National Cyber Security Division,
will report to Robert Liscouski, the assistant secretary of homeland
security for infrastructure protection, and will be part of the
department's Information Analysis and Infrastructure Protection
Directorate. DHS is actively looking for a person to head the new
division who will have similar responsibilities to the former position
of cybersecurity czar at the White House, according to a DHS
spokesman.

The head of the division "would be the person whose sole focus in
terms of infrastructure protection is cyber," said David Wray, a DHS
spokesman. "We've been quietly looking for the right kind of
candidate, and now we're actively looking."

The new division is already operating and will focus on reducing the
vulnerabilities to the federal government's computing networks and
working with the private sector to help protect other critical pieces
of cyberspace, DHS announced Friday.

While some in the IT community cheered the move, William Harrod,
director of investigative response for TruSecure, a security software
vendor, questioned the positioning of the division within DHS. Harrod
noted that the new cybersecurity division will not report directly to
DHS Secretary Tom Ridge, although until April, the White House had a
cybersecurity czar.

"I think it downgrades the visibility of the position within the
administration," Harrod said of the new DHS division. "For
organizations that want to follow someone who's carrying the banner of
cybersecurity, it's a lower-profile position."

With the apparently lower profile of cybersecurity within the Bush
administration, Harrod said he's worried that there may be a decreased
emphasis on pursuing cybercriminals.

"It's sending the message to big business that this isn't a high
priority," he said. "They're not going to have ability to generate the
sway or have the leadership or commitment... as they had with a
cyberspace czar who reported directly to Bush."

Wray, from DHS, said the cybersecurity division wouldn't make sense
anywhere else. Before the White House released its National Strategy
to Secure Cyberspace in February it made sense to have a cybersecurity
czar there to champion the cause, Wray said, but now the issue needs a
division to carry out policies.

"Now we've got a great strategy," he added. "This is a natural
evolution for going from strategic thinking to execution."

Others in the IT community agreed with DHS. Alan Paller, research
director at the information security researcher SANS Institute, said
the new division will have the resources to go after cybercrime,
whereas former White House cybersecurity czar Richard Clarke had few
resources to do anything but "jawbone."

If DHS wanted to downplay cybersecurity, it would bury the division
under its physical terrorism division, Paller said, but this move
makes cybersecurity an equal player. "I don't think this move says the
Bush administration is soft-pedaling cybercrime," Paller added. "This
act today in no way confirms that. It looks to be moving in the other
direction."

Robert Holleyman, president and CEO of the Business Software Alliance,
also cheered Friday's announcement. Improving cyberspace security will
require a long-term, aggressive public-private partnership, he said in
a statement.

"We all have a responsibility to make this work," Holleyman added in
the statement. "Meeting the information security challenge is not just
the job of the government, it is everyone's job. Industry and
government can set the example by making sure that this issue is
addressed at the top level of every organization."

According to a DHS press release, the new division's goals will be to:

-- Identify risks and help reduce the vulnerabilities to government's
cyber assets and coordinate with the private sector to identify and
help protect U.S. critical cyber assets.

-- Oversee a consolidated Cyber Security Tracking, Analysis, &
Response Center (CSTARC), which will detect and respond to Internet
events, track potential threats and vulnerabilities to cyberspace, and
coordinate cybersecurity and incident response with federal, state,
local, private sector and international partners.

-- Create, in coordination with other appropriate agencies,
cybersecurity awareness and education programs and partnerships with
consumers, businesses, governments, academia, and international
communities.

Paul Roberts in Boston contributed to this story.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.