Homeland Security creates cybersecurity division
By Grant Gross
Date: June 09, 2003
WASHINGTON - The U.S. Department of Homeland Security (DHS) has launched a new cybersecurity center, but not all cybersecurity experts welcomed the move of the former White House cybersecurity office to a division at DHS.
The 60-person division, called the National Cyber Security Division, will report to Robert Liscouski, the assistant secretary of homeland security for infrastructure protection, and will be part of the department's Information Analysis and Infrastructure Protection Directorate. The new division will focus on reducing the vulnerabilities to the U.S. government's computing networks and working with the private sector to help protect other critical pieces of cyberspace, DHS announced Friday.
While some in the IT community cheered the move, William Harrod, director of investigative response for TruSecure Corp., a security software vendor, questioned the positioning of the division within DHS. Harrod noted that the new cybersecurity division will not report directly to DHS Secretary Tom Ridge, although until April, the White House had a cybersecurity czar.
"I think it downgrades the visibility of the position within the administration," Harrod said of the new DHS division. "For organizations that want to follow someone who's carrying the banner of cybersecurity, it's a lower profile position."
With the apparently lower profile of cybersecurity within the Bush administration, Harrod said he's worried that there may be a decreased emphasis on pursuing cybercriminals.
"It's sending the message to big business that this isn't a high priority," he said. "They're not going to have ability to generate the sway or have the leadership or commitment ... as they had with a cyberspace czar who reported directly to Bush."
A spokesman with DHS didn't immediately return a phone call seeking comment.
Others in the IT community had a different perspective. Alan Paller, research director at the information security researcher SANS Institute, said the new division will have the resources to go after cybercrime, whereas former White House cybersecurity czar Richard Clarke had few resources to do anything but "jawbone."
If DHS wanted to downplay cybersecurity, it would bury the division under its physical terrorism division, Paller said, but this move makes cybersecurity an equal player. "I don't think this move says the Bush administration is soft-pedaling cybercrime," Paller added. "This act today in no way confirms that. It looks to be moving in the other direction."
Robert Holleyman, president and chief executive officer of the Business Software Alliance, also cheered Friday's announcement. Improving cyberspace security will require a long-term, aggressive public-private partnership, he said in a statement.
"We all have a responsibility to make this work," Holleyman added in the statement. "Meeting the information security challenge is not just the job of the government, it is everyone's job. Industry and government can set the example by making sure that this issue is addressed at the top level of every organization."
According to a DHS press release, the new division's goals will be to:
-- Identify risks and help reduce the vulnerabilities to government's cyber assets and coordinate with the private sector to identify and help protect U.S. critical cyber assets^;
-- Oversee a consolidated Cyber Security Tracking, Analysis, & Response Center (CSTARC), which will detect and respond to Internet events, track potential threats and vulnerabilities to cyberspace, and coordinate cybersecurity and incident response with federal, state, local, private sector and international partners^;
-- Create, in coordination with other appropriate agencies, cybersecurity awareness and education programs and partnerships with consumers, businesses, governments, academia, and international communities.
Original article: http://www.idg.com.sg/idgwww.nsf/unidlookup/1A4CDD680D21F7C548256D40000259B8?OpenDocument
^macro[showdigestcomments;^uri;Homeland Security creates cybersecurity division]