Yoran: Locals must lead IT security

DHS infrastructure protection

Related Links

Local officials must take the lead in securing the information infrastructure within their jurisdictions, but the Homeland Security Department is standing by ready to help, according to Amit Yoran, director of the department's National Cyber Security Division.

Cybersecurity is still several steps behind physical security when it comes to the attention and priority of officials at all levels of government, officials stressed at the midyear conference of the National Association of State Chief Information Officers in Chicago. One of the most worrying examples of this is the lack of mention of information infrastructure in grants guidance from DHS' Office of Domestic Preparedness, said Randy Potts, the chief information security officer for Nevada.

"It has been all about boots and suits for a very long time," agreed Aldona Valicenti, the former president of NASCIO and CIO of Kentucky, now with Oracle Corp. She urged Yoran to use his and other's political influence to make cybersecurity more visible in the official language and requirements for homeland security at the federal level.

Some states are already putting cybersecurity among the top issues on their homeland security lists. Indiana has created three task forces for particularly urgent areas within the state: agriculture, transportation and cybersecurity.

The cybersecurity task force has taken a bit longer than the others to get off the ground because of confusion over where the industry viewpoint fits in, said Clifford Ong, homeland security director for Indiana. "We haven't really defined the population or what it is we want to try to do," he said.

However, the state has already dedicated $1 million to an intrusion detection system for all of the state's information networks while the task force gets going, Ong said. The guidance for passing on federal homeland security grant funding to local jurisdictions also includes a requirement that cybersecurity must be involved in the solution, he said.

At the federal level, the NCSD and its parent organization, the Information Analysis and Infrastructure Protection Directorate, are doing what they can to make sure that the physical experts are also thinking about the cyber vulnerabilities and consequences, Yoran said.

Exercises seem to be one of the best ways to foster this type of broader understanding, said Stuart McKee, CIO for the state of Washington. The TopOff exercise conducted in part of that state last year significantly changed the perspective of many officials about the importance of cybersecurity, and that change has lasted, he said.

There are further exercises planed

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.