Quick Study

By Brian Robinson

Blog archive

Teetering on the brink of critical infrastructure protection

Are the ducks finally lining up on cybersecurity? The recent memorandum of agreement between the departments of Defense and Homeland Security, who for years have been butting heads on cybersecurity responsibilities, is one positive sign.

If we depart from the cynical view, which would have this as nothing more than window dressing for the public and Congress, then we can expect better coordination and information sharing between the two departments going forward. Hopefully, that ultimately means a much better approach to protecting critical infrastructures.

And none too soon. The Stuxnet worm that reportedly devastated Iran’s energy infrastructure is being seen as the most visible evidence of a trend toward more “professional” coding of malware aimed at country’s infrastructures. Some are calling it the blueprint for a new generation of cyberweapons that will be used in a rapidly developing Cyber War.

A DOD official was quoted as saying the agreement with DHS was needed because the United States doesn’t have either the time or the money to develop cyberdefenses twice over. DHS Secretary Napolitano and DOD Secretary Gates called it the beginning of a new framework for coordination and joint program planning between the departments.

If this all works out as planned then it will be quite few steps on from where the public perception is right now, with a large majority in a recent Narus poll saying government is wildly unprepared to defend against cyberattacks. Industry didn’t fare much better.

How much does this positive outweigh the negatives? Good question. Symantec’s 2010 Critical Information Infrastructure Protection survey reported that more than half of America’s infrastructure providers have experienced politically-motivated cyberattacks. Those were presumably made by the kinds of people who launched Stuxnet, not the relatively unsophisticated hacker stuff that predominated in years past. And it’s likely to only get worse.

Outside of the feds and industry, state and local governments also have a big responsibility for critical infrastructure, of course, and they are getting hammered by the recession. A new study found that nearly four-fifths of state chief information security officers reported stagnant or slashed budgets that pose “a serious problem that stifles their ability to adequately handle growing internal and external threats.”

So which is it? Are we marching forward, falling back, or staggering to a standstill?

Posted on Oct 14, 2010 at 12:20 PM

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Thu, Nov 18, 2010 Patricia Titus, CISCO, Unisys

The joint agreement between the Department of Homeland Security (DHS) and the Department of Defense (DoD) is yet another example of the continued cultural changes that are happening throughout the public and private sectors. Acknowledging that cyber attacks are growing and recognizing there are dwindling budgets and resources to address the problem requires us to pull together in a way we haven’t been able to in the past. I see this as a positive move. As a former chief information security officer at the Transportation Security Administration, I’ve been concerned about where DHS would find qualified resources. In this climate, pooling talent with DoD makes economic sense. This agreement also illustrates that one single department alone cannot address the magnitude of these attacks. The Einstein network intrusion detection program is a good example of this. The National Security Agency and DHS pooled together to assure that tax dollars are being used optimally to create the most sophisticated solution possible. Einstein, a system for monitoring network traffic, was originally the brainchild of the US-CERT within DHS. The project has been subject to budget difficulties, but I am hopeful the program will fulfill its potential to provide a new and expanded cyber defense capability. With this new agreement in place, there may also be an opportunity for the private sector to take part in this initiative. Currently, DHS works in partnership with the private sector through the Information Technology Sector Coordinating Council. I anticipate we may now see DoD joining our meetings.

Thu, Nov 18, 2010 Dr. Rocky Termanini USA

I get sick in my stomach every time I see FCW talk about the same nonsense. FCW’s purpose in life is to get readers excited about any kind of brouhaha that talks about securing the infrastructures of the country.…lots of foreplay and no action. When we tried to submit a scientific paper to address the core of this problem, FWC stalled and did not have the brain to digest it. We’re going to hear over and over the same prayer…DOD and DHS are planning to get in bed to tackle the Stuxnet disease. So what is the next step…more elusive solicitation gibberish with poor funding and ruthless deadlines.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group