DHS feels growing pains in cybersecurity role

The federal government is looking expectantly to the Homeland Security Department to take the lead on cybersecurity, and while officials there say they are ready to step up, it’s not an effort without inherent growing pains.

Real progress is being made toward becoming a cohesive, effective frontrunner for federal cybersecurity, according to Mark Weatherford, DHS undersecretary of cybersecurity for the National Protection and Program Directorate. However, he admits it isn’t an easy journey.

“DHS is nine years old now, and that sounds like we should be a really mature organization. But I can tell you, when you put this many different independent, large organizations together and say, ‘OK, now you’re one large DHS organization,’ which is what happened in 2003 – we’re still maturing,” Weatherford said Oct. 17 at an (ISC)2 event in Arlington, Va. “Some of these other organizations like DOD and [Energy Department] have a long lead time on us. But I think we’re doing very well, especially in the cyber arena.”

In particular, DHS is developing the components critical to national cybersecurity, including the National Cybersecurity and Communications Integration Center (NCCIC), designed to be the nerve center of the government’s civilian cyber and information-sharing operations. A number of DHS and other federal officials have mentioned NCCIC lately – especially in appearances associated with National Cybersecurity Awareness Month – and Weatherford said it has been a boon for crucial information-sharing.

“NCCIC is new organization; it’s been in place for a little over two years. But it’s just now starting to hit its stride. The beauty of it is that it’s the nexus of information-sharing for the federal government and private sector,” he said of the organization, which includes participation from local, state and federal entities as well as the Secret Service, FBI and information and analysis centers for the electric and financial sectors.

“This may not sound like a big deal, but I can tell you when you get people in a room like this working together on a daily basis, there’s information-sharing that just never would have ever happened before. There’s a richness that we’re starting to realize out of that sharing of information that is really helping the entire nation.”

Weatherford said he’s also tackling other struggling areas of DHS’ cyber efforts, including building up a workforce with essential cyber skills, emphasizing the situation’s gravity.

“Something that’s a problem for DHS, the federal government, the state governments and for almost every private sector organization I talk to…it’s the one thing that continues to come up, that there’s a lack of true cybersecurity talent. I mean the real ninja kind of guys and gals that you can build your security program around,” he said. “I don’t think it’s overstating to say this is a national emergency.”