menu

Since the beginning of October, DHS’ leadership has been working what seems to be double overtime on top of their already over-burdened schedules in talking about cyber security.  This past Tuesday was no different as Sec. Chertoff addressed an audience of public and private sector members at the US Chamber of Commerce.

Per his usual speaking style, the Secretary was very methodical in explaining the very real cyber security threats posed by nation-states (Russia & China), criminal enterprises and terrorists.  Chertoff also stressed the collective responsibility of the public and private sectors (as well as individual citizens) to work together to address these threats.

His remarks largely echoed the points that he and other DHS leaders have made throughout the month.  What has struck me about the amount of energy that Sec. Chertoff and others have spent on this subject is the unspoken ‘campaign’ it seems to have waged in doing its cyber security outreach.

In the weeks prior to October’s National Cyber Security Awareness Month outreach, there were numerous reports, media stories, Congressional hearings and discussions about who was in charge of America’s cyber security, what plan will be put in place, and who was going to manage all of the billions of dollars being spent on this problem.

As this was going on, various federal agencies waved their hands positioning to be the cyber lead (and to get their share of the money).  At the same time the GAO issued another series of reports expressing their concerns about the issue while Members of Congress and Presidential candidates chimed in.

Since the beginning of October, DHS’ leadership has been working what seems to be double overtime on top of their already over-burdened schedules in talking about cyber security. This past Tuesday was no different as Sec. Chertoff addressed an audience of public and private sector members at the US Chamber of Commerce.

Per his usual speaking style, the Secretary was very methodical in explaining the very real cyber security threats posed by nation-states (Russia & China), criminal enterprises and terrorists. Chertoff also stressed the collective responsibility of the public and private sectors (as well as individual citizens) to work together to address these threats.

His remarks largely echoed the points that he and other DHS leaders have made throughout the month. What has struck me about the amount of energy that Sec. Chertoff and others have spent on this subject is the unspoken ‘campaign’ it seems to have waged in doing its cyber security outreach.

In the weeks prior to October’s National Cyber Security Awareness Month outreach, there were numerous reports, media stories, Congressional hearings and discussions about who was in charge of America’s cyber security, what plan will be put in place, and who was going to manage all of the billions of dollars being spent on this problem.

As this was going on, various federal agencies waved their hands positioning to be the cyber lead (and to get their share of the money). At the same time the GAO issued another series of reports expressing their concerns about the issue while Members of Congress and Presidential candidates chimed in.

While all of this back and forth kibitzing went on, the White House made the call and put DHS in charge.

There was immediate criticism. The minute that announcement came out, you could hear the laughter and snide remarks coming from the other federal agencies, the Congress and the media. “DHS? In charge? Yeah right… This is a joke right? They can’t manage anything.”

However, since the White House tapped DHS, Chertoff and his team have not looked back using every possible opportunity they can to talk about what cyber security is, why it matters, what they (DHS) are doing about it, and who they plan to work with along the way (that would be most everyone). While some of the snide remarks and chuckles are certainly deserved in some areas, the Department has not been shy about talking about its cyber security plans

DHS has been overtly making their case to any and every audience it can on why we should feel confident in their leadership on this matter. Their argument, along with the existing Departmental mechanisms and the manner in which DHS has conducted this campaign, might just work too.

Given that cyber and IT are essentially the central nervous system to every bodily organ and system (critical infrastructure/key resource) we have in this country, whatever command is relayed through this system is ultimately followed. In the five years that we’ve charged DHS to keep the homeland ‘body’ secure, it has built a number of structures and systems (NIPP, sector coordinating councils, etc.) to monitor our overall infrastructure health and well-being. While these structures and systems are by no means perfect, they provide a better system to give the homeland a check-up, dispense medicine or urgent care than any other means available in the federal sphere.

While it may be really novel and headline grabbing to run a mission of this type out of the White House as some have suggested, the fact that it has no real mechanisms aside from a bully pulpit to make things happen leaves an effort like this almost undoable.

If you’re looking for proof of that concept – look at the lessons experienced by then-Homeland Security Advisor to the President, former Gov. Tom Ridge. He had a mission where failure was not an option; he had a great title, a cool White House office, microphones and cameras when he wanted them (and also when he didn’t) and several other perks that are novel to being ‘the President’s guy.’ In the end though, he did not have the authority programmatically, operationally or budget-wise to make things happen like he needed. The parties he had to work with – Justice, Transportation, Treasury, etc. all smiled, slow-rolled and many times outright ignored him and his efforts. No mission can succeed in those conditions.

We can’t afford failure in cyber and that is why Chertoff’s and the Department’s argument/campaign is so surprisingly strong.

Much like a quarterback, DHS’ work in cyber security will be judged by a fairly straightforward set of metrics in grading its overall performance:

* Can they move the ball downfield?
* Can they adapt to a threatening environment?
* Can they keep possession of the ball?
* Can they ‘audible’ if necessary?
* Do fellow players respond to their leadership?
* Are they able to put points on the board?

We don’t know the answers to these questions yet but I can guarantee that all eyes, ‘armchair quarterbacks,’ and critics are certainly watching to see how DHS will perform in this most challenging of missions.

While Chertoff will not have the opportunity to ‘coach’ DHS beyond January 2009, he has put the Department in as good a position as possible to succeed with the ‘game plan’ he has put on the chalkboard. We can only hope DHS has the mechanisms, players and bench strength in place to see the cyber security mission through some very challenging contests and seasons ahead.

Rich Cooper blog primarily on emergency preparedness and response, management issues related to the Department of Homeland Security, and the private sector’s role in homeland security. Read More