More growing pains seen at DHS
A security group sees disorder at the homeland security agency
Computerworld - PALM DESERT, Calif. -- A private-sector group that developed a way to collect and analyze real-time security incident data throughout the U.S. economy may drop plans to work with the Department of Homeland Security (DHS) after the agency botched a high-level executive briefing on the program, according to an internal association memo obtained by Computerworld.
The meeting took place Feb. 27 between three high-level executives from the Cyber Incident Detection and Data Analysis Center (CIDDAC) and a group of senior officials from the DHS, including the agency's chief technology officer. CIDDAC is a Philadelphia-based volunteer partnership of more than a dozen IT vendors, user companies and the FBI's InfraGard program. The purpose of the meeting was to brief the DHS on the status and capabilities of CIDDAC's real-time cyberattack detection sensors.
But when CIDDAC representatives arrived, they were met by what was described in the memo as something akin to a Marx Brothers skit.
After failing to find an available conference room for the briefing, representatives from the DHS Infrastructure Analysis & Infrastructure Protection directorate forced the CIDDAC representatives to give their briefing in a hallway as it was being vacuumed by a cleaning crew. When the CIDDAC officials finished, DHS representatives acknowledged an immediate need for the data but said they didn't have the authority to issue a letter of interest in the program. They also said the program didn't qualify for DHS grant money, according to the association memo.
In an interview, Charles "Buck" Fleming, acting executive director of CIDDAC and CEO of AdminForce LLC in Boulder, Colo., confirmed the events.
"Our recent visit to DHS firmed our conviction that the private sector needs to lead in finding the answers to secure use of the Internet and the development of methods to assess threat levels to our nation's critical infrastructure," said Fleming. "We were there [to show them] that CIDDAC has a program that will give them useful data that is currently unavailable to them. We really don't seek their funding, only a written recognition of their verbal acknowledgment that CIDDAC is on a useful path.
"But the inability to get this small nonbinding recognition of our effort in a timely fashion indicates the wide gulf that needs to be closed before useful, cooperative development can take place," he said.
While an endorsement from the DHS could have helped move the CIDDAC program from testing to full operational status "within months," Fleming suggested that CIDDAC "reject their involvement at the front end ... [and] continue with a total private-sector effort."
The group's goal is to deploy
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts