The near-complete overhaul of the
Department of Homeland Security, announced last week by department Secretary
Michael Chertoff, may finally give the country's cyber-security chief the power
and authority needed to make real improvements, according to experts.
A new Assistant Secretary for Cyber
Security and Telecommunications will be responsible for assessing the security
of critical telecommunications and IT infrastructure and will replace the
Undersecretary for Information Analysis and Infrastructure Protection. The news
was greeted with optimism by cyber-security insiders, who have long complained
that the DHS gave short shrift to the threat of computer attacks.
Elevating management of cyber-security
to the assistant-secretary level and putting the job in the new Preparedness
division will improve the status and clout of the position, according to
industry insiders well-versed in the ways of Washington.
"That's the division where the rubber
meets the road," said Dan Burton, chief lobbyist for Entrust Inc., based in
Addison, Texas. "It's not research. It is, 'Are we prepared for an
attack?'"
Critics often pointed to the relatively
low placement of the top cyber-security official in the DHS organizational chart
as evidence of the Bush administration's tepid interest in the topic.
Coupling cyber-security with
telecommunications preparedness was also a good idea, said Alan Paller, director
of research at The SANS Institute, in Bethesda, Md.
"It sounds like a little thing, but
it's actually a pretty big deal," Paller said.
Legislators who have been trying to
enact a law to create an assistant secretary for cyber-security also applauded
Chertoff's initiative.
"I am gratified to see that Secretary
Chertoff has recognized the importance of creating the position of Assistant
Secretary for Cyber Security and Telecommunications within the Department of
Homeland Security," said U.S. Rep. Zoe Lofgren, D-Calif.
To make the position work, Chertoff and
the DHS will have to find the right person to fill the job and then define the
DHS' role in improving the nation's cyber-security. Neither of those tasks has
proved easy thus far, as the cyber-security position has been open for nearly a
year and private-sector security experts have often complained about the
department's lack of communication and coordination with the outside
world.
"I think it's a step in the right
direction," said Amit Yoran, the former director of the DHS' National Cyber
Security Division and now president of Yoran Associates, a Reston, Va.,
consulting company.
However, the new assistant secretary
will face a long, hard road once he or she is in place, Yoran and others
said.
"Reorganizations are always disruptive.
It's like restructuring the military in the middle of the war," said Ken Silva,
chief security officer at VeriSign Inc., in Mountain View, Calif.
Previous DHS efforts to coordinate with
the private sector have bogged down, Silva said.
"DHS has not demonstrated a lot of
leadership," Silva said. "There has been meeting after meeting, and all they
have done is generate talk about more meetings."
The new cyber-security chief should
move quickly to define the exact mission and objectives of the DHS in securing
cyberspace, VeriSign's Silva said.
"It would be nice if there was a single
strategy for people to work off of," he said.
