U.S. CERT is still getting its footing
- By William Jackson
- Apr 02, 2004
Criticism that the Bush administration has not placed a priority on protecting the nation's critical infrastructure against computer attacks is off the mark, the Homeland Security Department's Lawrence Hale says.
The President's Critical Infrastructure Protection Board and the White House Office of Cybersecurity were eliminated last year after the February release of the National Strategy to Secure Cyberspace. The strategy itself has been criticized as lacking teeth.
The Office of Cybersecurity had served its purpose with the creation of the strategy, said Hale, deputy director of the U.S. Computer Emergency Readiness Team. He spoke last month at FOSE 2004 in Washington.
'Our answer to that is, that office produced the strategy,' Hale said. 'When it comes time to implement the strategy, that is more appropriately done in the departments.'
The strategy's implementation at DHS has included creation of the National Cyber Security Division and U.S. CERT, both announced last September.Merging four centers
Four cyberevent watch centers had been brought into the new department when it was formed in March 2003: The Federal Computer Incident Response Center, the National Communications System, the National Infrastructure Protection Center and the DHS watch center.
These centers are being folded into a single organization, which is cooperating with the CERT Coordination Center at Carnegie Mellon University to form the U.S. CERT.
The new organization coordinates national responses to cyberattacks and identifies threats before they develop into attacks.
What has changed in the six months since the announcement of U.S. CERT is the mission of its components, Hale said.
'We're in an evolutionary process,' he said. 'We have a sound basic capability today, solid analytic capability' and around-the-clock monitoring of networks.
But integrating the components into a single national threat detection and response center is still ongoing. This is the first year that DHS had its own budget, Hale pointed out.
'We're still in the process of getting fully staffed,' he said. He hopes that the 2005 budget will allow full staffing. 'It is a growth process.'
William Jackson is a senior writer of GCN and the author of the CyberEye blog.