DHS cybersecurity leader keeps an eye on the critical infrastructure
Editor's note: This story was updated at 1:30 p.m. May 21, 2007. Please go to Corrections & Clarifications to see what has changed.
You could say that the Homeland Security Department’s Greg Garcia has a single-track mind because he’s focused on one thing: protecting the country’s critical information technology infrastructure from multiple simultaneous cyberattacks.
When Garcia took the newly created assistant secretary position that oversees the 240-person Office of Cyber Security and Communications at DHS, he saw only the big picture and not the daunting details of his job — much to the delight of the cybersecurity community.
“What really pleased me was that rather than focusing on the technical things, he was focused on the larger-picture point of view,” said Guy Copeland, vice president of information infrastructure advisory programs at Computer Sciences Corp.
As assistant secretary for cybersecurity and telecommunications, Garcia is responsible for advising and coordinating the public and private organizations that handle the country’s vast infrastructure of information and communications systems. His coordination role contributes to national security because the private sector owns 85 percent of the country’s critical infrastructure.
DHS officials spent almost a year trying to fill the position, making some members of Congress unhappy. Garcia was named to the post in September 2006, largely because of his experience as vice president of information security programs at the IT Association of America. Before that, Garcia worked on IT security issues as a staff member on the House Science Committee.
Meanwhile, congressional expectations for Garcia’s leadership are high. “The agency has an enormous amount of work ahead of it,” Sen. Joe Lieberman (I-Conn.) said last year in a letter about Garcia’s appointment.
Garcia said he is somewhat nervous about the job, especially because he has no immediate predecessors. “There is no blueprint for success,” he said.
Nonetheless, Garcia is confident that he knows what must be done to secure the national infrastructure. Close collaboration is most important, he said. Garcia believes the connections he fostered as an industry liaison for the House committee give him a big advantage.
When organizations work together, he said, “you have a collective awareness of where our vulnerabilities are and where the attacks are coming from, so we are better prepared.”
Garcia said that as a manager, he draws on experiences from past jobs. For example, he’s learned to seek perspectives and opinions from staff members. “When I took office, I made a point to listen to the needs and concerns of my staff and key stakeholders,” he said. “This has given me a greater understanding of the challenges they face.”
Indeed, the ability to communicate with people is one of Garcia’s primary assets, according to colleagues. Tim Clancy, principal research associate at George Mason University’s critical infrastructure protection program and former Science Committee chief of staff, said Garcia’s skill at convening government and industry leaders is why Garcia was successful when he worked for the committee.
“The [committee] had mostly strong relations with the academic and research communities, but we didn’t have a tremendous amount of expertise in the private IT worlds,” Clancy said. “That was a big reason why Greg was brought on, because of his expertise.”
Clancy said Garcia played an integral role in crafting the Cyber Security Research and Development Act of 2002. That law authorized funding for cybersecurity programs at the National Science Foundation and the National Institute of Standards and Technology to support education and research efforts nationwide.
Security industry representatives said Garcia communicated well with industry leaders during his tenure on the committee. Copeland recalls that Garcia sent letters asking IT security companies to identify their priorities.
Garcia “showed us not only how [how the committee’s] priorities were very much in sync with ours, but how they fit into our actions that were already under way,” Copeland said.
After nearly eight months on the job at DHS, Garcia said he finds his work exhilarating, but stressful. “The pressure is really in the form of knowing that we could face multiple cyberattacks on our critical infrastructure at any time,” he said.