IDG News Service - The U.S. Department of Homeland Security sent its highest-ranking official ever to speak at the Black Hat conference this week, and its Deputy Secretary Jane Holl Lute ended up fielding a few tough questions from skeptical computer security professionals in attendance.
During a question-and-answer session at the end of her Wednesday keynote address, one attendee asked if we should expect the DHS to give cybersecurity the same kind of treatment it's given air travel with the Transportation Security Administration. "Why should we believe that DHS, going forward, is going to protect cyber in something other than the same way?" he asked, scoring the loudest applause of the session with the question. "Now as the TSA slows down the air travel, DHS will slow down the commerce."
The undersecretary disagreed with this characterization of the TSA, but conceded that there is a "tension" in the DHS' mission. "We want to keep out people who might be dangerous, but we want to expedite legitimate trade and travel."
"We happen to believe that we can achieve our security, we can protect our rights, we can protect commerce and lawful interchange," she said. "We can have all of these things, but we need to engage in a debate about how we will prioritize and how we will strike the balance."
Security experts such as Bruce Schneier have long slammed the TSA's procedures, saying that they are ineffective and poorly thought out. Schneier calls U.S. airport screenings "security theater."
Some have also criticized the DHS as slow in its response to cyber-incidents. As industrial systems were being targeted with the Stuxnet worm two weeks ago, it took DHS' Industrial Control Systems Computer Emergency Response Team five days to push out a public alert. Critics say that was too long.
Hitting on a theme of her keynote, Lute called for real dialogue between government and industry and said she hoped that her department could be a "portal for that debate."
"You know, societies used to have conversations with themselves through their governments. In that respect, we're not talking to each other any more," she said. "In many respects we're throwing assertions back and forth at each other and seeing who has the more clever report, who has thought of the newer idea."
Hitting on another theme that the government's response to cyberthreats has been more rhetorical than practical, another attendee asked if Lute thought the U.S. would be able to secure computer systems without first experiencing a cyberdisaster, equivalent to the Sept. 11 terrorist attacks. "In Homeland Security, at the water cooler, do your peers say, 'It's just a matter of time before something horrible happens and that's when we're going to need to do what we actually need to do, instead of just talking about what needs to be done?"
"I'm a person who believes that this country can protect itself," Lute said. "I don't know what's inevitable, and I think that anybody who lived through the events of 1989 [when the Berlin Wall fell] or who lived through the events of 2001 has lost the right to say that anything is impossible."
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Harness IT -- An Introduction to Business Intelligence Solutions
- Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Business Intelligence Shows its Smarts
- Today's Business Intelligence (BI) tools provide a new way to think about data with self-service capabilities and user-friendly analytics that can be used...
- Proactive Planning for Big Data
- Big data is less about the terabytes and more about the query tools and business intelligence needed to make sense of massive amounts...
- Inquiry Spotlight: Consumer-Facing Identity
- The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety. All Government IT White Papers
- Becoming An Analytics Driven Organization
- Join us on Tuesday, June 18, 2013, 11:00 AM EDT and learn how your agency can create an analytics culture that will enable...
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity. All Government IT Webcasts