DHS advisory council report could help NPPD
- By Mark Rockwell
- Jun 02, 2016
DHS Undersecretary Suzanne Spaulding said that despite resistance from Congress, she is not giving up on plans to transform the agency's cybersecurity efforts.
Congress has so far resisted a plan to reorganize the Department of Homeland Security's cybersecurity center, but a new report could help the effort.
"Congress doesn't seem to be buying" the reorganization plan, said Suzanne Spaulding, undersecretary for DHS' National Protection and Programs Directorate, at a meeting of the Homeland Security Advisory Council (HSAC).
Spaulding isn't giving up on the effort to transform NPPD into a new entity called Cyber Infrastructure Protection. CIP would cut across the National Cybersecurity and Communications Integration Center, the Office of Infrastructure Protection and the Federal Protective Service. The effort would have physical security experts work alongside cybersecurity staff to provide a more effective and coherent defense against cyberattacks that could cause physical and cyber damage across sectors.
Spaulding said putting all those professionals together makes sense for interdependent critical infrastructure industries.
"We'll make it happen one way or the other," she added.
HSAC presented a report to DHS Secretary Jeh Johnson during the June 2 meeting that could give a boost to the reorganization effort. The group recommended that DHS take a closer look at how cyberattacks could cut across closely intertwined critical infrastructure providers, such as financial and electrical systems.
The experts noted that there is no response plan across those multiple infrastructures, and reaction and restoration procedures must be made more understandable and less ambiguous across industries.
One of HSAC's suggestions is a new national alert system that would use escalating tiers of warnings for cyberthreats against U.S. critical infrastructure providers, similar to the defense readiness system the U.S. military uses.
The report recommends a color coded, five-tier "Cyber Condition" system as the starting point to replace the National Cyber Risk Alert Level for critical infrastructure event characterization, with CyberCon 1 being the most urgent. The five tiers would progress from green to orange to red in color codes.
The mid-orange level is where extensive coordination and collaboration would happen between government and industry in terms of dynamic protocols and procedures. The red level represents "a cyber emergency of the severest nature and greatest potential impact," the report states. In those situations, the government would "be expected to convey priorities and industry will do all that is possible to support national survival, under government direction and within a comprehensive, legal and operational framework."
Green-level threats would be relatively minor concerns that infrastructure providers and their cybersecurity vendors could address. The report states that a CyberCon 2 event should be used as the starting point for assessing cross-sector restoration challenges and National Cyber Incident Response Plan requirements.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.