More growing pains seen at DHS
A security group sees disorder at the homeland security agency
Computerworld - PALM DESERT, Calif. -- A private-sector group that developed a way to collect and analyze real-time security incident data throughout the U.S. economy may drop plans to work with the Department of Homeland Security (DHS) after the agency botched a high-level executive briefing on the program, according to an internal association memo obtained by Computerworld.
The meeting took place Feb. 27 between three high-level executives from the Cyber Incident Detection and Data Analysis Center (CIDDAC) and a group of senior officials from the DHS, including the agency's chief technology officer. CIDDAC is a Philadelphia-based volunteer partnership of more than a dozen IT vendors, user companies and the FBI's InfraGard program. The purpose of the meeting was to brief the DHS on the status and capabilities of CIDDAC's real-time cyberattack detection sensors.
But when CIDDAC representatives arrived, they were met by what was described in the memo as something akin to a Marx Brothers skit.
After failing to find an available conference room for the briefing, representatives from the DHS Infrastructure Analysis & Infrastructure Protection directorate forced the CIDDAC representatives to give their briefing in a hallway as it was being vacuumed by a cleaning crew. When the CIDDAC officials finished, DHS representatives acknowledged an immediate need for the data but said they didn't have the authority to issue a letter of interest in the program. They also said the program didn't qualify for DHS grant money, according to the association memo.
In an interview, Charles "Buck" Fleming, acting executive director of CIDDAC and CEO of AdminForce LLC in Boulder, Colo., confirmed the events.
"Our recent visit to DHS firmed our conviction that the private sector needs to lead in finding the answers to secure use of the Internet and the development of methods to assess threat levels to our nation's critical infrastructure," said Fleming. "We were there [to show them] that CIDDAC has a program that will give them useful data that is currently unavailable to them. We really don't seek their funding, only a written recognition of their verbal acknowledgment that CIDDAC is on a useful path.
"But the inability to get this small nonbinding recognition of our effort in a timely fashion indicates the wide gulf that needs to be closed before useful, cooperative development can take place," he said.
While an endorsement from the DHS could have helped move the CIDDAC program from testing to full operational status "within months," Fleming suggested that CIDDAC "reject their involvement at the front end ... [and] continue with a total private-sector effort."
The group's goal is to deploy
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!