DHS reorganization creates new cybersecurity position

IDG News Service - Cybersecurity will get a high-level champion at the U.S. Department of Homeland Security as part of a broad reorganization announced today by DHS Secretary Michael Chertoff.

Chertoff, in the results of a review of the DHS structure he started after taking over as secretary in February, elevated the cybersecurity chief at the DHS several levels on the agency's organizational chart by creating a position of assistant secretary for cyber and telecommunications security. Several tech-oriented trade groups, including the Information Technology Association of America (ITAA) and the Cyber Security Industry Alliance, have repeatedly called for an assistant secretary to raise the profile of cybersecurity issues at the DHS.

The DHS did not release information about when it expected to have an assistant secretary in place.

An assistant secretary will have the authority to set policy and pull private industry into collaborations with government, ITAA President Harris Miller said recently. "The proof of the pudding is in the eating," Miller said. "Have we made enough progress yet in those areas? The clear answer is no."

IT groups have also suggested that a higher-level position with more authority would stop high turnover among government cybersecurity chiefs. The last DHS cybersecurity director, Amit Yoran, lasted about a year on the job.

Miller applauded Chertoff's decision to create the new position. Four bills introduced in Congress this year had also called on the DHS to create an assistant secretary of cybersecurity.

The DHS, when it was created in January 2003, didn't "give adequate focus" to cybersecurity, Miller said. He said the assistant secretary should establish lines of communication between government and private industry. In many cases, private industry sees cyberattacks sooner than government agencies do, he said, and there needs to be a "sophisticated, real-time, highly trusted" information-sharing mechanism between government and private companies.

An assistant secretary will be able to tie together several cybersecurity efforts within government, added Jack Danahy, CEO of Ounce Labs Inc., an IT security vendor. "Now there will be one voice telling the industry what government wants to do," said Danahy, who serves on a software security working group at DHS.

But some security experts have questioned the value of an assistant secretary, saying that without greater leadership from the top levels of the Bush administration, a new position may not improve cybersecurity much.

"If you don't have a strategy, does it matter what you call them?" said James Lewis, director of the Technology and Public Policy Program at the Center for Strategic & International Studies, a Washington think tank. "Can you think of an assistant secretary who's an advocate in Washington?"

Lewis suggested "no" is the correct answer to both questions. He acknowledged, in a recent interview, that on a symbolic level, a higher-level position could raise the profile of cybersecurity issues, but in practice, "I don't know if it makes much of a difference."

Chertoff's reorganization includes a number of other changes at the DHS, including the hiring of a chief medical officer to address medical preparedness, and the assignment of chief intelligence officer duties to the DHS assistant secretary for information analysis. Chertoff noted in a speech that the DHS has 10 intelligence-generating offices, and the role of the chief intelligence officer will be to coordinate all DHS intelligence.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.