recommended reading

Agencies struggling over control of cybersecurity overblown, says DHS

Reports of a struggle among agencies about who should oversee governmentwide cybersecurity are inaccurate, and the biggest problem in locking down federal networks is recruiting enough information security workers, said Homeland Security Department officials.

"The misconception that concerns me most is that infighting is happening" among the federal agencies involved in cybersecurity initiatives, said Phil Reitinger, deputy undersecretary for the National Protection and Programs Directorate in an interview with Nextgov. "I just don't see that. Are there disputes between agencies? Yes. Are there arguments between components of DHS? Yes. We're people -- that's how it works. But the degree of collaboration and joint work around the mission is really amazing. There's hard commitment in DHS and across agencies . . . and a deep well of shared experience."

Stories about the tension over who should manage the government's overall cybersecurity programs have circulated for months, with the debate focusing on DHS and the National Security Agency. It peaked on March 5, when Rod Beckstrom, director of the National Cybersecurity Center, expressed in his letter of resignation frustration over the growing influence of NSA in cybersecurity management.

He pointed to the agency increasing cybersecurity staff, developing technology to support cyber initiatives and a proposed move of two DHS organizations -- the National Protection and Programs Directorate and the National Cybersecurity Center -- to an NSA facility in Fort Meade, Md.

"This is an interagency effort," said Reitinger, who took over cybersecurity responsibility at DHS after Homeland Security Secretary Janet Napolitano moved the National Cybersecurity Center under his leadership. Previously, the center reported directly to the secretary.

"It's absolutely essential we work together," he said. "If you look across government, you'll find people who are committed and want to drive toward success regardless of any jurisdictional concerns. There's a trust that will continue to be enhanced."

People often fail to understand the complexity of the cybersecurity mission, said Bruce McConnell, who advises Reitinger on strategic and policy matters. While tax collection by the Internal Revenue Service this year will be similar to last year, "cybersecurity is very dynamic, and changing all of the time," he said. "The misconception is that we can lay out a plan and move forward in a linear fashion."

The biggest challenge DHS faces is human capital, officials said. The National Protection and Programs Directorate more than doubled its workforce in 2008, bringing the total number of employees to 109. Reitinger expects to increase the staff to 260 by 2010, with additional hires in the Cybersecurity and Communications Office, the division responsible for security of the nation's cyber and communications infrastructure.

"We've got great people here, people with significant expertise and a real commitment and passion around the area of cyber," Reitinger said. "The problem is there are just not enough of them yet. We have to hire highly technical qualified people with high-level security clearances. That's a tough group to get."

A report released by Booz Allen and the Partnership for Public Service, a Washington-based good government advocacy group, showed that recruitment and retention of cyber workers in the federal government were hindered by a cumbersome hiring process, lack of governmentwide certification standards, and insufficient training and salaries.

"You may have some ability in private sector to pay more, but DHS has things to bring to the table as well," said Greg Schaffer, assistant secretary for cybersecurity and communications at DHS. "We are at the center of the universe that is cyber, quite literally. That attracts people that are passionate about this issue and feel it's extraordinarily important to ensure the networks are protected. The fact that they go back into industry at some point -- and that inevitably does happen -- is a good thing, because we educate each other."

DHS lost a top cyber executive this month when Mischel Kwon, director of the Computer Emergency Readiness Team, resigned. In response, Reitinger said, "Change happens. People come into the government and people leave. We want to focus on bringing in the best and the brightest who have a passion of what they'll be doing."

To recruit qualified candidates, DHS participates in the Scholarship for Service program, which provides college scholarships and stipends to students who exhibit above-average cybersecurity skills. The National Science Foundation funds the program. DHS also co-sponsors with NSA the National Centers of Excellence in Information Assurance Education, a program that offers an in-depth cybersecurity curriculum to undergraduate and graduate students.

"The scope of issues that involve cybersecurity is extraordinarily large," Shaffer said. "But the progress we've made to date is also extraordinary, and we don't get the credit for what's already been accomplished and what's being accomplished on a regular basis. That doesn't mean we don't have a ton to do. It's a large beast of a problem."

Threatwatch Alert

Cyber espionage / Spear-phishing

Russia-Linked Hacker Unit Targets French Presidential Election

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.