IDG News Service - The U.S. Department of Homeland Security sent its highest-ranking official ever to speak at the Black Hat conference this week, and its Deputy Secretary Jane Holl Lute ended up fielding a few tough questions from skeptical computer security professionals in attendance.
During a question-and-answer session at the end of her Wednesday keynote address, one attendee asked if we should expect the DHS to give cybersecurity the same kind of treatment it's given air travel with the Transportation Security Administration. "Why should we believe that DHS, going forward, is going to protect cyber in something other than the same way?" he asked, scoring the loudest applause of the session with the question. "Now as the TSA slows down the air travel, DHS will slow down the commerce."
The undersecretary disagreed with this characterization of the TSA, but conceded that there is a "tension" in the DHS' mission. "We want to keep out people who might be dangerous, but we want to expedite legitimate trade and travel."
"We happen to believe that we can achieve our security, we can protect our rights, we can protect commerce and lawful interchange," she said. "We can have all of these things, but we need to engage in a debate about how we will prioritize and how we will strike the balance."
Security experts such as Bruce Schneier have long slammed the TSA's procedures, saying that they are ineffective and poorly thought out. Schneier calls U.S. airport screenings "security theater."
Some have also criticized the DHS as slow in its response to cyber-incidents. As industrial systems were being targeted with the Stuxnet worm two weeks ago, it took DHS' Industrial Control Systems Computer Emergency Response Team five days to push out a public alert. Critics say that was too long.
Hitting on a theme of her keynote, Lute called for real dialogue between government and industry and said she hoped that her department could be a "portal for that debate."
"You know, societies used to have conversations with themselves through their governments. In that respect, we're not talking to each other any more," she said. "In many respects we're throwing assertions back and forth at each other and seeing who has the more clever report, who has thought of the newer idea."
Hitting on another theme that the government's response to cyberthreats has been more rhetorical than practical, another attendee asked if Lute thought the U.S. would be able to secure computer systems without first experiencing a cyberdisaster, equivalent to the Sept. 11 terrorist attacks. "In Homeland Security, at the water cooler, do your peers say, 'It's just a matter of time before something horrible happens and that's when we're going to need to do what we actually need to do, instead of just talking about what needs to be done?"
"I'm a person who believes that this country can protect itself," Lute said. "I don't know what's inevitable, and I think that anybody who lived through the events of 1989 [when the Berlin Wall fell] or who lived through the events of 2001 has lost the right to say that anything is impossible."
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
If you think getting it right from day one is always what matters, you probably haven't been following technology too closely.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- Osterman White Paper: The Need for Enterprise-Grade File Transfer
- Key trends in file transfer All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- Fighting Fraud Videos: IBM Intelligent Investigation Manager Short videos about IBM Intelligent Investigation Manager (IIM) for Fraud. IIM optimizes the investigation of fraud for customers across many industries in both...
- IBM Intelligent Investigation Manager: Online Product Demo Intelligent Investigation Manager optimizes fraud investigation and analysis and it dynamically coordinates and reports on cases, provides analysis and visualization, and enables more...
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 20, 2013.