IDG News Service - The U.S. Department of Homeland Security sent its highest-ranking official ever to speak at the Black Hat conference this week, and its Deputy Secretary Jane Holl Lute ended up fielding a few tough questions from skeptical computer security professionals in attendance.
During a question-and-answer session at the end of her Wednesday keynote address, one attendee asked if we should expect the DHS to give cybersecurity the same kind of treatment it's given air travel with the Transportation Security Administration. "Why should we believe that DHS, going forward, is going to protect cyber in something other than the same way?" he asked, scoring the loudest applause of the session with the question. "Now as the TSA slows down the air travel, DHS will slow down the commerce."
The undersecretary disagreed with this characterization of the TSA, but conceded that there is a "tension" in the DHS' mission. "We want to keep out people who might be dangerous, but we want to expedite legitimate trade and travel."
"We happen to believe that we can achieve our security, we can protect our rights, we can protect commerce and lawful interchange," she said. "We can have all of these things, but we need to engage in a debate about how we will prioritize and how we will strike the balance."
Security experts such as Bruce Schneier have long slammed the TSA's procedures, saying that they are ineffective and poorly thought out. Schneier calls U.S. airport screenings "security theater."
Some have also criticized the DHS as slow in its response to cyber-incidents. As industrial systems were being targeted with the Stuxnet worm two weeks ago, it took DHS' Industrial Control Systems Computer Emergency Response Team five days to push out a public alert. Critics say that was too long.
Hitting on a theme of her keynote, Lute called for real dialogue between government and industry and said she hoped that her department could be a "portal for that debate."
"You know, societies used to have conversations with themselves through their governments. In that respect, we're not talking to each other any more," she said. "In many respects we're throwing assertions back and forth at each other and seeing who has the more clever report, who has thought of the newer idea."
Hitting on another theme that the government's response to cyberthreats has been more rhetorical than practical, another attendee asked if Lute thought the U.S. would be able to secure computer systems without first experiencing a cyberdisaster, equivalent to the Sept. 11 terrorist attacks. "In Homeland Security, at the water cooler, do your peers say, 'It's just a matter of time before something horrible happens and that's when we're going to need to do what we actually need to do, instead of just talking about what needs to be done?"
"I'm a person who believes that this country can protect itself," Lute said. "I don't know what's inevitable, and I think that anybody who lived through the events of 1989 [when the Berlin Wall fell] or who lived through the events of 2001 has lost the right to say that anything is impossible."
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- 5 Customers Deliver Virtual Desktops and Apps to Empower a Modern Workforce
- Learn how Citrix solutions helped 5 companies realize the full value of desktop virtualization through a project-by-project approach based on key business priorities.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization
- Regain control and reduce risk without sacrificing business productivity and growth
- IDC MarketScape: Worldwide Client Virtualization Software 2013 Vendor Assessment
- IDC has placed Citrix in the 2013 IDC MarketScape Leaders Category once again noting that, "Citrix's position reflects the company's market leadership and...
- Infographic: Top Use Cases for Desktop Virtualization
- A wide range of business issues is driving IT toward desktop virtualization. One solution-Citrix XenDesktop with FlexCast technology-helps IT teams empower their entire... All Government IT White Papers
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- All Government IT Webcasts