The Department of Homeland Security on Friday finally unveiled its plans for a new information security division. Although many in the security community applauded the move, they also worried that the divisions as-yet-unnamed chief will be too low on the organizational chart to have much authority.
The National Cyber Security Division is under the umbrella of the Information Analysis and Infrastructure Protection directorate, and its director will report to Bob Liscouski, the assistant secretary for infrastructure protection. Liscouski reports to Frank Libutti, under secretary for IAIP, who reports directly to Homeland Security Secretary Tom Ridge.
The fact that there are so many layers of management between the head of the new division and top Bush administration officials leads many in the security community to wonder whether the director will have enough clout to make the changes necessary to improve the security of the countrys infrastructure.
"Its certainly not a perfect solution, but I give Secretary Ridge and Bob Liscouski a lot of credit for realizing the need for someone who lives and breathes cybersecurity," said Harris Miller, president of the Information Technology Association of America, based in Arlington, Va. "They need someone with a lot of credibility and a national reputation."
The main objective of the division will be implementing the National Strategy to Secure Cyberspace, which has essentially been collecting dust since its release earlier this year.
The lack of movement on the plan has also been a cause for worry among many in the industry.
"I think theres concern in the industry that theres no heir apparent to the [Presidents Critical Infrastructure Protection Board, which developed the strategy]. Even though the government doesnt own the infrastructure, in the absence of a cheerleader, industry may go back to its day job," Mary Ann Davidson, chief security officer at Oracle Corp., in Redwood Shores, Calif., said before the DHS announcement was made. "The idea of having someone in the government as a proponent for cybersecurity cant be overestimated."
While noting that she had not been approached about the job, Davidson said shed only be interested under certain circumstances.
"I wouldnt take a job without the authority that matched the responsibility. Who you report to is very important, especially in Washington," she said.
The DHS had hoped to announce the formation of the division and the appointment of its director at the same time, but officials have been having difficulty filling that position.