Garcia sees 'sense of common purpose' emerging in security community
- By William Jackson
- Apr 09, 2008
SAN FRANCISCO ' During the past year, cyber security has gone from a silo industry sector to a business enabler and a critical element of national security, said Greg Garcia, the Homeland Security Department's assistant secretary for cyber security and communications.
'The private sector is now seeing a shared sense of purpose in cyber security,' Garcia said in an interview with Government Computer News at the RSA Security conference. 'I've seen a swelling of interest, a greater recognition of individuals accepting responsibility that this is bigger than ourselves.'
DHS and the Bush administration have made cyber security a priority in the last year of the current administration, he said with the centerpiece of their efforts being the Cyber Security Initiative. At the same time, the private sector has begun looking at cyber security as a mission critical element of business operations rather than a necessary evil.
Garcia's mission at the conference, along with DHS Secretary Michael Chertoff, who spoke at Tuesday's opening sessions, was to help ensure the momentum continues into the next administration.
Garcia's appointment as assistant secretary for cyber security in Oct. 2006 was greeted with enthusiasm in the security community, in part because the new office had been vacant, but also because of the person chosen to fill it.
'I think when I came on I had a certain level of trust,' because he had come from the private sector and also had had experience on Capitol Hill, Garcia said. He is spending his time at RSA leveraging that trust.
Garcia described the role of DHS as an amplifier for information technology security, leveraging the efforts of federal, state and local government, academia and industry; building a culture of security and helping with the exchange of information and best practices, all without regulatory authority.
'That doesn't stop us from hounding,' he said. 'You have to hold people responsible. But you could argue it would be even harder with a regulatory model,' because of the difficulty of creating and enforcing productive regulations.
He said the department's greatest achievement in the last year was the release in May 2007 of 17 sector-specific plans for the protection of the nation's critical infrastructure.
'That was an affirmation of the strength of the partnership,' between DHS and industry and set the stage for the president's multi-hundred-million-dollar Cyber Security Initiative announced earlier this year.
However, information sharing between government and the private sector is still a hurdle.
'I think it is improving, but we do recognize that we need to do a better job.' he said. US-CERT is doing a better job of disseminating information to the private sector. But the private sector still is concerned about release of proprietary information shared with government under the Freedom of Information Act, and government still is concerned about the release of sensitive and classified information to the private sector.
'We have too tight a grip on some information,' Garcia said. 'It isn't any good if it isn't shared.' He would like to see some steps toward loosing that grip and sharing more information with companies that control the bulk of the nation's critical infrastructure.
Overall, we are safer today than we were a year ago, he said. 'But we have to raise our guard and step up our game,' because the threats are becoming more serious and attacks more sophisticated.
As a political appointee, Garcia expects to be gone when the next administration takes office and builds its own team. In the remaining months of his tenure, he wants to lay the groundwork to help ensure that momentum developed in the past year carries over to the next assistant secretary and that progress continues in both the public and private sectors.
William Jackson is a Maryland-based freelance writer.