Homeland Security CIO calls for cybersecurity, communications standards

Computerworld - COLUMBUS, Ohio -- Steven Cooper, the new CIO at the Department of Homeland Security, said he has had "some pretty candid conversations" with Microsoft Corp. CEO Steve Ballmer and other company officials about software security concerns.
"And I think, believe it or not, that we're really influencing them as a community," Cooper told a gathering of about 150 CIOs at a CIO Symposium put on here by the Columbus Technology Council and the Center for Information Technologies in Management.
While Cooper didn't go so far as to say his agency is partnering with Microsoft to fix vulnerabilities in the company's Windows operating system, he did say, "We are collaborating with them very closely with working to improve ... software."
Cooper said he met with nearly 75 government CIOs earlier this week, most of whom said their departments now have internal cybersecurity plans that include some kind of vulnerability and risk assessment, use third parties for penetration testing and have put in place some type of patch management process.
"And yes, at the top of the list was Microsoft," Cooper said. "No surprise, I suspect. I've had some pretty candid conversations with Steve Ballmer and the Microsoft gang."
On a different topic, Cooper acknowledged that the first version of his department's national enterprise architecture, released in late September and available online or by CD, still needs work. And he asked CIOs from various industries and from state and local governments to help make it better. "Help us add the granularity from your perspective," he said.
"How many of you would buy Release 1.0 of anything?" he said of the document. "It's about an inch deep and a mile long. [But] the safety and security of all of us depend on our ability to rapidly get this enterprise architecture right. It really does have that magnitude of impact."
"What do you expect folks like us to do?" asked John Deane, CIO at Dublin, Ohio-based Wendy's International Inc.
Cooper suggested that even fast-food restaurants could help disseminate information by putting cybersecurity pamphlets on their counters. He also pointed to an initiative in which the government has appropriated $12 million for CIOs to develop a dozen or so information-sharing pilot projects, each costing less than $1 million.
"All we're asking initially [is] if you'd give us some kind of concept paper, one or two pages," he said. "Just share with us what you'd like to do: 'Here's what we can do for x amount of dollars.'"
Cooper said he would like to deliver some