Feds To Refocus on Cybersecurity

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.washingtonpost.com/wp-dyn/articles/A56254-2003May14.html

By Brian Krebs
washingtonpost.com Staff Writer
May 14, 2003

The Department of Homeland Security soon will establish an office to 
execute the Bush administration's cybersecurity strategy, a move that 
may serve to blunt criticism that the agency has not devoted enough 
resources and attention to Internet security. 

Homeland Security officials have not yet named a supervisor to run the 
office, top homeland security official Robert Liscouski said in an 
interview today. 

The new office, which the department is expected to announce next 
week, also will coordinate government and business responses to online 
hacking threats and other forms of cyberattack. 

The department has not yet decided how many employees or how much 
funding it will devote to the new office, said Liscouski, who is in 
charge of protecting the nation's electronic and physical 
infrastructures. 

The Homeland Security Department includes several other online 
security divisions, including the National Infrastructure Protection 
Center and the Critical Infrastructure Assurance Office. The new 
office, however, will take on several new projects, including the 
development of a cyberattack disaster recovery plan. 

Former White House cybersecurity adviser Richard Clarke questioned 
whether the department's pick to execute the national strategy will 
rank high enough in the homeland security chain of command to steer 
the development of cybersecurity policy. 

"No matter how good you are, many people are going to treat you based 
on your rank and how often you can see and talk to the president and 
other important people," Clarke said in an interview. 

Clarke, who left the administration in January, has criticized the 
administration for failing to appoint a high-level official to focus 
exclusively on Internet security. His deputy, Howard Schmidt, resigned 
last month after an unsuccessful bid to get Homeland Security 
Secretary Tom Ridge to create a high-ranking cybersecurity czar 
position. 

Since then, many critics in the business and private sector have 
expressed doubt that the administration would take any more 
high-profile action on cybersecurity, but Liscouski said that the 
cybersecurity office would show that the Homeland Security Department 
is serious about protecting the Internet from online hackers and 
terrorists. 

"This (new office) will help put feet to the national strategy," he 
said. 

Greg Garcia, vice president for information security at the 
Information Technology Association of America said he worries that 
whoever is picked will lack sufficient power to get cybersecurity 
treated as a priority issue. 

"What's most important is that there be an individual (within the 
department) who wakes up every morning thinking about how to secure 
the U.S. information infrastructure, a central figure to whom we in 
industry can look for coordination and partnership," he said. "If that 
is what is being envisioned, we would support that, provided this 
person has the authority, budget and staff to really make an impact." 

He added that it will take, "a lot of people putting their heads 
together to figure out what kinds of programs we can put in place to 
make the strategy more than just a document produced with great 
fanfare and tossed aside," Garcia said. 



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.