Homeland setting cybersecurity priorities
- By Diane Frank
- May 15, 2003
National Strategy to Secure Cyberspace
Now that responsibility for the National Strategy to Secure Cyberspace has shifted to the Homeland Security Department (DHS), officials are developing a list of priorities for implementation within the next 180 days.
Among the areas being examined are education and certification, metrics and benchmarks for the private sector, and research and development, said Andy Purdy, cybersecurity adviser for the Information Analysis and Infrastructure Protection (IAIP) Directorate at DHS.
One of the initiatives likely to be included is the push to create an independent, private-sector-led security certification program, Purdy said, speaking May 14 at a symposium sponsored by the Computing Technology Industry Association in Washington, D.C. This would be a program that government and the private sector could rely on to find and develop security experts.
DHS officials also are looking at a more comprehensive method to share security vulnerability and incident information between government and the private sector, building on the work already being performed by the Information Sharing and Analysis Centers in many sectors, Purdy said.
Right now most of the information is still going from government to the private sector, with little being returned, and "it really has to be a two-way street," he said. "The importance of improving the form and structure of the two-way street is something we're working hard on and we have a ways to go."
The final version of the cybersecurity strategy was released in February, and Purdy admitted that many people expressed concern that implementation would be slowed because the White House dissolved the strategy's creator — the President's Critical Infrastructure Protection Board — and transferred responsibility to DHS. But the IAIP Directorate, and the department as a whole, is fully committed to moving forward quickly on the priorities laid out in the strategy, he said.
"DHS, under [Infrastructure Protection Assistant Secretary] Bob Liscouski's leadership, is serious about cybersecurity," he said.