DHS struggles to define its cybersecurity mission

Deputy secretary asks for help from the IT community

LAS VEGAS – The Homeland Security Department has identified cybersecurity as one of its primary missions, but after seven years it still is struggling to define the scope and goals of that mission.

“We at Homeland Security want to stimulate debate abut cyberspace,” and to increase awareness of the issues, Deputy Secretary Jane Holl Lute said Wednesday in an opening address at the Black Hat Briefings security conference.

But to an audience that was interested in nuts and bolts and bits and bytes, Lute was able to speak only in generalities.

“I don’t think there is any question of the administration’s intent to elevate cybersecurity” as a national issue, she said. She cited several accomplishments, including work on the Einstein II intrusion detection system, a National Cyber Incident Response Center that will be tested this fall during the Cyber Storm III exercises, and a draft National Strategy for Trusted Identities in Cyberspace.


Related stories:

White House just getting started on cybersecurity

DNSSEC now fully deployed on the Internet root


“These might be gestures in your minds, but we view them as important steps,” she said.

DHS has at least nominal responsibility for defending the civilian .gov domain and cooperating with the private sector in defending its infrastructure. The challenges it faces are formidable.

“Cyberspace is built on an insecure platform to begin with,” she said.

Black Hat founder Jeff Moss, in opening remarks, illustrated the challenge by saying that he could not think of any fundamental security issue that has been solved in the 13 years of the Black Hat Briefings. The one bright spot is the recent signing of the Internet Root Zone with digital signatures to implement the DNS Security Extensions. But he also noted that that took place 11 years after the finalization of the DNSSEC protocols.

Asked if DHS as waiting on an inevitable catastrophe to define its task in cybersecurity, Lute sidestepped the question by referring to the fall of the Soviet Empire and the terrorist attacks of 2001. “We have lost the right to say that anything is impossible,” she said. "But we still do not know what is inevitable.”






About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Tue, Aug 3, 2010 Jeffrey A. Williams Frisco Texas

I agree with Diane's comments on this article completely. Seems to me that many of my fellow CIO's and CSO's some of which are and have been practicing IT security professionals for years if not decades have been attempting to advise DHS regarding Cybersecurity, including Richard Clark whom provided very good if not execellent advise several years ago and was rebuffed as many of us have been.

Mon, Aug 2, 2010 Diane New Jersey

Deputy Secretary Jane Holl Lute, I understand DHS’s overall mission is huge and setting priorities is quite difficult (e.g., securing US borders vs. IT). I would like to suggest that you engage other agencies to help you with this. Reach out to the CIO’s and request their help and input. Ask that they provide you with 1 or 2 technical people to be part of the Iiger Team to focus on critical IT tasks (examples, data services, information management, standards, policies, training, logical access, etc.) Once defined, then subteams can form to come up with solutions and get the job done. Suggest that the team meet once a week or later on as needed. Even though DHS is tasked to provide security for the critical infrastructure of the US, it does not mean that you must do this alone.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group