Officials at the Department of Homeland Security plan to announce this week the establishment of a national cyber-security center, which brings all the departments information security assets under one umbrella, according to people briefed on the plan.
So far, however, no one has been named to head the center, and security experts warn that without a strong leader, the center will lack the muscle it needs to be effective.
One of the main drivers behind the center is the need to improve the governments incident-response and information-sharing capabilities, which have come under fire in both public and private sectors, said Richard Clarke, former special adviser to the president for cyber-security, who resigned earlier this year. That criticism is likely to continue unless the department can attract a well-known security expert to run the center.
"The center will never become what it should be in terms of the national locus for policy unless theres a nationally recognized and high-level person with high-level access in the administration," Clarke said in an interview in Boston last week. "Because otherwise people will just consider it another bureaucratic organization. Its very key that they get the right person; very key that person has access to the president, the homeland security adviser and homeland security secretary."
For others, however, such as security experts in the private sector, who have accused the government of failing to respond quickly to emerging security threats and of being difficult to deal with, the choice of a leader for the national center is not as crucial.
"I dont think its possible for the government to have much of an effect. The government acts in a reactive fashion," said Eric Stromberg, senior electrical engineer at The Dow Chemical Co., based in Wilmington, Del. "There will always be the leading issues that eventually cause government to react. But as the government is reacting to issues that were birthed yesterday, new issues are forming today."
The national center will be part of the Directorate of Information Assurance and Infrastructure Protection at the DHS, Clarke said. As a center of gravity for government information security, it will combine the functions of the National Infrastructure Protection Center, the Critical Infrastructure Assurance Office, the Federal Computer Incident Response Center and the National Communications System.
As the DHS meshes the center together, members of Congress charged with overseeing the departments cyber-security efforts are scrambling to understand how all the pieces will fit. For example, two separate House panels—the Committee on Science and the cyber-security subcommittee of the Select Committee on Homeland Security—have unsuccessfully sought answers to such questions as, How many resources are being devoted to cyber-security?
Cyber-security is among the priorities for the Science and Technology Directorate, Charles McQueary, DHS undersecretary of the directorate, told the cyber-security subcommittee of the House Select Committee on Homeland Security at a hearing in Washington last week.
McQueary said the DHS will create a technology clearinghouse, which will enable it to work in partnership with private industry.
DHS officials said they are still working out the details of the national cyber-security center, including its formal name and organizational structure.
More Security Stories: