More growing pains seen at DHS
A security group sees disorder at the homeland security agency
Computerworld - PALM DESERT, Calif. -- A private-sector group that developed a way to collect and analyze real-time security incident data throughout the U.S. economy may drop plans to work with the Department of Homeland Security (DHS) after the agency botched a high-level executive briefing on the program, according to an internal association memo obtained by Computerworld.
The meeting took place Feb. 27 between three high-level executives from the Cyber Incident Detection and Data Analysis Center (CIDDAC) and a group of senior officials from the DHS, including the agency's chief technology officer. CIDDAC is a Philadelphia-based volunteer partnership of more than a dozen IT vendors, user companies and the FBI's InfraGard program. The purpose of the meeting was to brief the DHS on the status and capabilities of CIDDAC's real-time cyberattack detection sensors.
But when CIDDAC representatives arrived, they were met by what was described in the memo as something akin to a Marx Brothers skit.
After failing to find an available conference room for the briefing, representatives from the DHS Infrastructure Analysis & Infrastructure Protection directorate forced the CIDDAC representatives to give their briefing in a hallway as it was being vacuumed by a cleaning crew. When the CIDDAC officials finished, DHS representatives acknowledged an immediate need for the data but said they didn't have the authority to issue a letter of interest in the program. They also said the program didn't qualify for DHS grant money, according to the association memo.
In an interview, Charles "Buck" Fleming, acting executive director of CIDDAC and CEO of AdminForce LLC in Boulder, Colo., confirmed the events.
"Our recent visit to DHS firmed our conviction that the private sector needs to lead in finding the answers to secure use of the Internet and the development of methods to assess threat levels to our nation's critical infrastructure," said Fleming. "We were there [to show them] that CIDDAC has a program that will give them useful data that is currently unavailable to them. We really don't seek their funding, only a written recognition of their verbal acknowledgment that CIDDAC is on a useful path.
"But the inability to get this small nonbinding recognition of our effort in a timely fashion indicates the wide gulf that needs to be closed before useful, cooperative development can take place," he said.
While an endorsement from the DHS could have helped move the CIDDAC program from testing to full operational status "within months," Fleming suggested that CIDDAC "reject their involvement at the front end ... [and] continue with a total private-sector effort."
The group's goal is to deploy
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts