The near-complete overhaul of the Department of Homeland Security, announced last week by department Secretary Michael Chertoff, may finally give the countrys cyber-security chief the power and authority needed to make real improvements, according to experts.
A new Assistant Secretary for Cyber Security and Telecommunications will be responsible for assessing the security of critical telecommunications and IT infrastructure and will replace the Undersecretary for Information Analysis and Infrastructure Protection. The news was greeted with optimism by cyber-security insiders, who have long complained that the DHS gave short shrift to the threat of computer attacks.
Elevating management of cyber-security to the assistant-secretary level and putting the job in the new Preparedness division will improve the status and clout of the position, according to industry insiders well-versed in the ways of Washington.
“Thats the division where the rubber meets the road,” said Dan Burton, chief lobbyist for Entrust Inc., based in Addison, Texas. “Its not research. It is, Are we prepared for an attack?”
Critics often pointed to the relatively low placement of the top cyber-security official in the DHS organizational chart as evidence of the Bush administrations tepid interest in the topic.
Coupling cyber-security with telecommunications preparedness was also a good idea, said Alan Paller, director of research at The SANS Institute, in Bethesda, Md.
“It sounds like a little thing, but its actually a pretty big deal,” Paller said.
Legislators who have been trying to enact a law to create an assistant secretary for cyber-security also applauded Chertoffs initiative.
“I am gratified to see that Secretary Chertoff has recognized the importance of creating the position of Assistant Secretary for Cyber Security and Telecommunications within the Department of Homeland Security,” said U.S. Rep. Zoe Lofgren, D-Calif.
To make the position work, Chertoff and the DHS will have to find the right person to fill the job and then define the DHS role in improving the nations cyber-security. Neither of those tasks has proved easy thus far, as the cyber-security position has been open for nearly a year and private-sector security experts have often complained about the departments lack of communication and coordination with the outside world.
“I think its a step in the right direction,” said Amit Yoran, the former director of the DHS National Cyber Security Division and now president of Yoran Associates, a Reston, Va., consulting company.
However, the new assistant secretary will face a long, hard road once he or she is in place, Yoran and others said.
“Reorganizations are always disruptive. Its like restructuring the military in the middle of the war,” said Ken Silva, chief security officer at VeriSign Inc., in Mountain View, Calif.
Previous DHS efforts to coordinate with the private sector have bogged down, Silva said.
“DHS has not demonstrated a lot of leadership,” Silva said. “There has been meeting after meeting, and all they have done is generate talk about more meetings.”
The new cyber-security chief should move quickly to define the exact mission and objectives of the DHS in securing cyberspace, VeriSigns Silva said.
“It would be nice if there was a single strategy for people to work off of,” he said.