Government Computer News
Another View | Getting the facts straight on cybersecurity
Commentary | DHS Under Secretary refutes Cyber Commission findings
Government Computer News’ editorial “Elevate cybersecurity” identified potential conclusions from a new study to be released in November by the Center for Strategic and International Studies’ Commission on Cyber Security for the 44th Presidency. Unfortunately, the conclusions outlined are simply incorrect. They do not represent the facts and clearly do not reflect the significant progress that the federal government has made in cybersecurity in the past year.
Digg
De.licio.us
Slashdot
Technorati
Just in the last week, the center has finally begun meeting with the Homeland Security Department’s operations leadership to discuss our plan. I look forward to continuing to work with them as they finalize their conclusions and go public with their recommendations. In the interim, however, I would like to address each of the points raised in the GCN editorial.
“The nation is not organized — and the government lacks a comprehensive national strategy — to deal with these challenges.”
Homeland Security Presidential Directive (HSPD) 23, which the president signed in January, established both the strategy and organization to deal with our cybersecurity challenges. It defined cybersecurity roles and responsibilities across the federal government and established the Comprehensive National Cybersecurity Initiative.
CNCI is a robust strategy with defined goals, measures, projects and timelines. For the first time in our nation’s history, we have more than just words on paper. We have an integrated interagency implementation effort that is translating strategy into action.
CNCI “remains overly classified and provides little direction or coordination to government agencies.”
CNCI has 12 projects aligned with the overall strategy, and measurable progress is being made on all of them. Each project has accountable leaders or co-leaders, and coordination meetings occur on at least a weekly basis at the White House. With the completion of an interagency classification guide, which required extensive vetting and coordination, the high-level details of those projects have now been made unclassified. Certain elements of CNCI must remain classified for national security reasons, but classified briefings and updates are given to congressional oversight bodies on a regular basis.
“Interaction between the federal government and critical infrastructures in the private sector…remains disjointed and inadequate to meet national security objectives.”
DHS recognizes that at least 85 percent of critical infrastructure is owned or operated by the private sector, and a comprehensive cybersecurity effort must include close collaboration with industry. To facilitate that collaboration, DHS uses a public/private partnership framework that was created through the National Infrastructure Protection Plan. We are using that framework to develop short- and long-term recommendations for increasing information sharing on cyberthreats and vulnerabilities among government and private-sector entities and for enhancing government and private-sector collaboration on cyber protection efforts.
![1105 Government Information Group [valor]](/images/1105logo_website.gif "Government Computer News [valor]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
