Andy Purdy, the acting director of the NCSD (National Cyber Security Division) of the Department of Homeland Security, pointed to the recent Cyber Storm exercise and the creation of the National Cyber Response Coordination Group as evidence of how far the NCSD has come, despite the turmoil at the top of the division.
"We believe weve made tremendous progress since we set up the NCSD in June of 2003, and we believe its going to continue," Purdy said in an interview at the RSA Conference here. "The coalescing of the priorities and our work toward the National Infrastructure Protection Plan has been very good."
NCSDs two main priorities are the establishment of a cyber-security early warning system and the development of a cyber risk management program.
The Cyber Storm information warfare exercise that took place during the week of Feb. 6 was one of the first attempts to put the early warning system to use and see how it responds under real-world conditions.
Cyber Storm hypothesized both physical and online attacks against various government and private sector assets, including utilities, certificate authorities and government networks. NCSD personnel worked in concert with other members of the newly formed National Cyber Response Coordination Group, including the CIA, FBI, NSA, Department of Justice and private sector representatives, to coordinate responses to the various attacks.
Purdy said he was very happy with the results of the exercise.
"This was the first test of the NCRCG. The experience of a high-stress situation like this exercise is so different than the planning," he said. "It was really heartening to see the progress weve made since 2003."
Purdy has been acting director of NCSD since the fall of 2004, when Amit Yoran left the DHS. And in that time he has focused much of his effort on improving the flow of information between the NCSD, other government agencies and key stakeholders in the private sector.
Many security industry veterans have complained for years about the one-way nature of the data sharing, saying they got nothing in return for all of the security information they sent Washingtons way.
But Purdy insists that that has changed. DHS has hosted retreats at which NCSD officials and industry executives can discuss strategies for improving information-sharing and other key initiatives.
"We have good relations with the ISACs [Information Sharing and Analysis Centers] and the private companies, which has put us in a better position to get the information we need and have the actionable intelligence that we need and can then share with the right people in the private sector," he said.
Part of the problem with such efforts always has been that a good portion of the data that government agencies collect is classified or otherwise restricted. But the DHS is working to involve private sector experts who have security clearances in the process of analyzing that data, he said.
Purdy said NCSD also is cooperating closely with CERT and other groups in a number of foreign countries, including Australia, New Zealand and England. A long-term goal of this effort is to establish an international analog to the early warning network the United States now has.
"We want to move toward an international watch and warning network," Purdy said. "Its a long process, though."
Given that Purdys title still has the word "acting" in front of it, there has been plenty of speculation in the security community about when DHS officials plan to name a permanent head of the NCSD. Whenever that happens, the new recruit will assume the title of assistant secretary of cyber-security and telecommunications.
Asked whether thats a job hes interested in, Purdy, a longtime government veteran, demurred.
"My time is fully occupied right now with trying to move the ball forward on all of this," he said.