I attended a superb cybersecurity event, and while I would love to give you a complete blow-by-blow recount of the excellent panel presentations and the Q&A, it was all done on a non-attribution basis.

Despite that, I do feel compelled to share some of what I heard.  Hopefully by not mentioning the location of the event or the actual speaker in question, I will not forfeit my seat at the table for next time.

I have been critical in the past of the fact that DHS has not done enough about cybersecurity. I believe DHS is the correct part of the federal government to lead on cyber issues, but it always seemed that everything was on hold. It turns out I was wrong.

I knew they had established the National Cybersecurity and Communications Integration Center (NCCIC), finally giving us one central op-center for cyber. But did you know they also established a Computer Emergency Readiness Team (CERT) for industrial control system (such as SCADA) incidents?  This is an enormous accomplishment and includes fly away teams to do on-site investigations to protect these crucial parts of our infrastructure.

They have ratcheted up their efforts for real cooperation with industry, including more information sharing than ever before. There is still much to do, but they have made real progress.

There has also been a deep expansion of the DHS departments that deal with cyber issues. Some do not see expansion of a federal agency as a positive thing, but in this case, it is badly needed.

When you combine this with the quiet work being done by White House Cyber Coordinator Howard Schmidt, there indeed has been progress.

I offer my apologies to the fine folks at the Department. I do still have one other question: Why are you not trumpeting this from the rooftops? People want to know what you are up to. Tell them. Get out and spread the word. It is a good news story.

Dr. Steven Bucci is director of the Allison Center for Foreign Policy Studies at The Heritage Foundation. He was previously a lead consultant to IBM on cyber security policy. Bucci’s military and government service make him a recognized expert in the interagency process and defense of U.S. interests, particularly with regard to critical infrastructure and what he calls the productive interplay of government and the private sector. Read More
  • mattfoosaner

    Just completed an Information Assurance grad program at the National Defense University. A project we worked dealt with proposing that there be a new independent commission established, the “National Cyberspace Commisssion” similar to the FCC. The hypothesis to this argument is that Cyberspace is now a full-blown Critical Infrastructure unto itself with implications into all elements of society. It demands full funding and expertise to protect and DHS is simply spread to thin to continuously attempt to manage these issues along with natural disaster, oil spills, immigration enforcement, anti-terrorism, etc…the department can't be effective in all things at all times.

    The FCC has been incredibly effective at bridging government requirements with private sector management of the infrastructure, BUT Cyber is so unique and complex that given the other FCC initiatives, they would be overtaxed as well.

    I am not an advocate of bigger government, but in certain instances the creation of specific oversight and leadership organizations is important and I believe that this is one of those times.

  • former dhs'r The control systems response activity has been around for quite some time.

  • Steve Bucci

    I now know that, but the fact that it has been around for a while, and no one knows about it is just my point. Lord knows they get hammered by so many people for NOT doing anything positive, why not get the word out when they do? It would sure increase the confidence of the public. Steve