Yoran: Locals must lead IT security

DHS infrastructure protection

Related Links

Local officials must take the lead in securing the information infrastructure within their jurisdictions, but the Homeland Security Department is standing by ready to help, according to Amit Yoran, director of the department's National Cyber Security Division.

Cybersecurity is still several steps behind physical security when it comes to the attention and priority of officials at all levels of government, officials stressed at the midyear conference of the National Association of State Chief Information Officers in Chicago. One of the most worrying examples of this is the lack of mention of information infrastructure in grants guidance from DHS' Office of Domestic Preparedness, said Randy Potts, the chief information security officer for Nevada.

"It has been all about boots and suits for a very long time," agreed Aldona Valicenti, the former president of NASCIO and CIO of Kentucky, now with Oracle Corp. She urged Yoran to use his and other's political influence to make cybersecurity more visible in the official language and requirements for homeland security at the federal level.

Some states are already putting cybersecurity among the top issues on their homeland security lists. Indiana has created three task forces for particularly urgent areas within the state: agriculture, transportation and cybersecurity.

The cybersecurity task force has taken a bit longer than the others to get off the ground because of confusion over where the industry viewpoint fits in, said Clifford Ong, homeland security director for Indiana. "We haven't really defined the population or what it is we want to try to do," he said.

However, the state has already dedicated $1 million to an intrusion detection system for all of the state's information networks while the task force gets going, Ong said. The guidance for passing on federal homeland security grant funding to local jurisdictions also includes a requirement that cybersecurity must be involved in the solution, he said.

At the federal level, the NCSD and its parent organization, the Information Analysis and Infrastructure Protection Directorate, are doing what they can to make sure that the physical experts are also thinking about the cyber vulnerabilities and consequences, Yoran said.

Exercises seem to be one of the best ways to foster this type of broader understanding, said Stuart McKee, CIO for the state of Washington. The TopOff exercise conducted in part of that state last year significantly changed the perspective of many officials about the importance of cybersecurity, and that change has lasted, he said.

There are further exercises planed

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.