I attended a superb cybersecurity event, and while I would love to give you a complete blow-by-blow recount of the excellent panel presentations and the Q&A, it was all done on a non-attribution basis.
Despite that, I do feel compelled to share some of what I heard. Hopefully by not mentioning the location of the event or the actual speaker in question, I will not forfeit my seat at the table for next time.
I have been critical in the past of the fact that DHS has not done enough about cybersecurity. I believe DHS is the correct part of the federal government to lead on cyber issues, but it always seemed that everything was on hold. It turns out I was wrong.
I knew they had established the National Cybersecurity and Communications Integration Center (NCCIC), finally giving us one central op-center for cyber. But did you know they also established a Computer Emergency Readiness Team (CERT) for industrial control system (such as SCADA) incidents? This is an enormous accomplishment and includes fly away teams to do on-site investigations to protect these crucial parts of our infrastructure.
They have ratcheted up their efforts for real cooperation with industry, including more information sharing than ever before. There is still much to do, but they have made real progress.
There has also been a deep expansion of the DHS departments that deal with cyber issues. Some do not see expansion of a federal agency as a positive thing, but in this case, it is badly needed.
When you combine this with the quiet work being done by White House Cyber Coordinator Howard Schmidt, there indeed has been progress.
I offer my apologies to the fine folks at the Department. I do still have one other question: Why are you not trumpeting this from the rooftops? People want to know what you are up to. Tell them. Get out and spread the word. It is a good news story.