Kwon: More collaboration needed

Policy-makers and incident responders need to work together more closely to improve federal cybersecurity, the director of the office that monitors and protects the federal civilian computer network said today.

Mischel Kwon, director of the Homeland Security Department’s U.S. Computer Emergency Readiness Team (US-CERT), said computer security policy-makers and those who respond to cyber incidents have traditionally stayed in separate worlds, and that should change. Kwon made the comments during a presentation at the FOSE trade show in Washington.

“The only way we are going to get somewhere with what we’re doing is if we move our worlds and allow this to be one security world,” she said. “We need to start getting the policy side of the house and the incident-response side of the house to be partners, and we do this through reflection.”

US-CERT, the operational arm of DHS’ National Cybersecurity Division, analyzes threat capabilities throughout government and industry, disseminates warning information, and coordinates incident-response activities.

As one of the five pillars of cybersecurity, Kwon listed reflection, which she described as the time after a cyber incident when people reassess policies, procedures and technology to prevent it from happening again. The other pillars are knowing about the threat, assessing systems’ vulnerabilities, detecting attacks and mitigating them.

“I think of security as a well-designed system, a well-built system and a well-maintained system because if you have that, your vulnerabilities are small,” Kwon said. “I really do feel that life-cycle management is the panacea for security. It is the solution.”

Kwon said it was important to prioritize threats based on the potential effects they could have on an agency's mission and get as much information about an incident as early as possible.

She also said US-CERT is expanding its workforce and improving its technical tools for visualization and increased analysis, among others.

Civilian agencies reported a total of 18,050 cyber incidents to US-CERT in fiscal 2008, compared with 12,986 in fiscal 2007 and 5,144 in fiscal 2006, according to DHS officials.

“We’re seeing an increase in attacks…but we’re also much more aware that these attacks are happening,” Kwon said. “Yes, they are happening more, but we are also looking more, and when you look more, the incident rates go up.”

She added that the way incidents are currently tracked is inaccurate because agencies report cyber incidents individually even if they are part of the same cyberattack that affects multiple targets.

However, Kwon said, US-CERT is working on a new way of tracking incidents that would let the government more clearly report what is happening.

“With the new way of tracking through a master incident and mapping tickets to a master incident, we’ll get better metrics and we’ll be able to more clearly report what is happening," she said.

The 1105 Government Information Group, Federal Computer Week's parent company, sponsors FOSE.

About the Author

Ben Bain is a reporter for Federal Computer Week.

The Fed 100

Read the profiles of all this year's winners.


  • Shutterstock image (by wk1003mike): cloud system fracture.

    Does the IRS have a cloud strategy?

    Congress and watchdog agencies have dinged the IRS for lacking an enterprise cloud strategy seven years after it became the official policy of the U.S. government.

  • Shutterstock image: illuminated connections between devices.

    Who won what in EIS

    The General Services Administration posted detailed data on how the $50 billion Enterprise Infrastructure Solutions contract might be divvied up.

  • Wikimedia Image: U.S. Cyber Command logo.

    Trump elevates CyberCom to combatant command status

    The White House announced a long-planned move to elevate Cyber Command to the status of a full combatant command.

  • Photo credit: John Roman Images /

    Verizon plans FirstNet rival

    Verizon says it will carve a dedicated network out of its extensive national 4G LTE network for first responders, in competition with FirstNet.

  • AI concept art

    Can AI tools replace feds?

    The Heritage Foundation is recommending that hundreds of thousands of federal jobs be replaced by automation as part of a larger government reorganization strategy.

  • DOD Common Access Cards

    DOD pushes toward CAC replacement

    Defense officials hope the Common Access Card's days are numbered as they continue to test new identity management solutions.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group