recommended reading

Agencies struggling over control of cybersecurity overblown, says DHS

Reports of a struggle among agencies about who should oversee governmentwide cybersecurity are inaccurate, and the biggest problem in locking down federal networks is recruiting enough information security workers, said Homeland Security Department officials.

"The misconception that concerns me most is that infighting is happening" among the federal agencies involved in cybersecurity initiatives, said Phil Reitinger, deputy undersecretary for the National Protection and Programs Directorate in an interview with Nextgov. "I just don't see that. Are there disputes between agencies? Yes. Are there arguments between components of DHS? Yes. We're people -- that's how it works. But the degree of collaboration and joint work around the mission is really amazing. There's hard commitment in DHS and across agencies . . . and a deep well of shared experience."

Stories about the tension over who should manage the government's overall cybersecurity programs have circulated for months, with the debate focusing on DHS and the National Security Agency. It peaked on March 5, when Rod Beckstrom, director of the National Cybersecurity Center, expressed in his letter of resignation frustration over the growing influence of NSA in cybersecurity management.

He pointed to the agency increasing cybersecurity staff, developing technology to support cyber initiatives and a proposed move of two DHS organizations -- the National Protection and Programs Directorate and the National Cybersecurity Center -- to an NSA facility in Fort Meade, Md.

"This is an interagency effort," said Reitinger, who took over cybersecurity responsibility at DHS after Homeland Security Secretary Janet Napolitano moved the National Cybersecurity Center under his leadership. Previously, the center reported directly to the secretary.

"It's absolutely essential we work together," he said. "If you look across government, you'll find people who are committed and want to drive toward success regardless of any jurisdictional concerns. There's a trust that will continue to be enhanced."

People often fail to understand the complexity of the cybersecurity mission, said Bruce McConnell, who advises Reitinger on strategic and policy matters. While tax collection by the Internal Revenue Service this year will be similar to last year, "cybersecurity is very dynamic, and changing all of the time," he said. "The misconception is that we can lay out a plan and move forward in a linear fashion."

The biggest challenge DHS faces is human capital, officials said. The National Protection and Programs Directorate more than doubled its workforce in 2008, bringing the total number of employees to 109. Reitinger expects to increase the staff to 260 by 2010, with additional hires in the Cybersecurity and Communications Office, the division responsible for security of the nation's cyber and communications infrastructure.

"We've got great people here, people with significant expertise and a real commitment and passion around the area of cyber," Reitinger said. "The problem is there are just not enough of them yet. We have to hire highly technical qualified people with high-level security clearances. That's a tough group to get."

A report released by Booz Allen and the Partnership for Public Service, a Washington-based good government advocacy group, showed that recruitment and retention of cyber workers in the federal government were hindered by a cumbersome hiring process, lack of governmentwide certification standards, and insufficient training and salaries.

"You may have some ability in private sector to pay more, but DHS has things to bring to the table as well," said Greg Schaffer, assistant secretary for cybersecurity and communications at DHS. "We are at the center of the universe that is cyber, quite literally. That attracts people that are passionate about this issue and feel it's extraordinarily important to ensure the networks are protected. The fact that they go back into industry at some point -- and that inevitably does happen -- is a good thing, because we educate each other."

DHS lost a top cyber executive this month when Mischel Kwon, director of the Computer Emergency Readiness Team, resigned. In response, Reitinger said, "Change happens. People come into the government and people leave. We want to focus on bringing in the best and the brightest who have a passion of what they'll be doing."

To recruit qualified candidates, DHS participates in the Scholarship for Service program, which provides college scholarships and stipends to students who exhibit above-average cybersecurity skills. The National Science Foundation funds the program. DHS also co-sponsors with NSA the National Centers of Excellence in Information Assurance Education, a program that offers an in-depth cybersecurity curriculum to undergraduate and graduate students.

"The scope of issues that involve cybersecurity is extraordinarily large," Shaffer said. "But the progress we've made to date is also extraordinary, and we don't get the credit for what's already been accomplished and what's being accomplished on a regular basis. That doesn't mean we don't have a ton to do. It's a large beast of a problem."

Threatwatch Alert

Network intrusion / Software vulnerability

Hundreds of Thousands of Job Seekers' Information May Have Been Compromised by Hackers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.