DHS advisory council report could help NPPD

Suzanne Spaulding,  Under Secretary for the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security.

DHS Undersecretary Suzanne Spaulding said that despite resistance from Congress, she is not giving up on plans to transform the agency's cybersecurity efforts.

Congress has so far resisted a plan to reorganize the Department of Homeland Security's cybersecurity center, but a new report could help the effort.

"Congress doesn't seem to be buying" the reorganization plan, said Suzanne Spaulding, undersecretary for DHS' National Protection and Programs Directorate, at a meeting of the Homeland Security Advisory Council (HSAC).

Spaulding isn't giving up on the effort to transform NPPD into a new entity called Cyber Infrastructure Protection. CIP would cut across the National Cybersecurity and Communications Integration Center, the Office of Infrastructure Protection and the Federal Protective Service. The effort would have physical security experts work alongside cybersecurity staff to provide a more effective and coherent defense against cyberattacks that could cause physical and cyber damage across sectors.

Spaulding said putting all those professionals together makes sense for interdependent critical infrastructure industries.

"We'll make it happen one way or the other," she added.

HSAC presented a report to DHS Secretary Jeh Johnson during the June 2 meeting that could give a boost to the reorganization effort. The group recommended that DHS take a closer look at how cyberattacks could cut across closely intertwined critical infrastructure providers, such as financial and electrical systems.

The experts noted that there is no response plan across those multiple infrastructures, and reaction and restoration procedures must be made more understandable and less ambiguous across industries.

One of HSAC's suggestions is a new national alert system that would use escalating tiers of warnings for cyberthreats against U.S. critical infrastructure providers, similar to the defense readiness system the U.S. military uses.

The report recommends a color coded, five-tier "Cyber Condition" system as the starting point to replace the National Cyber Risk Alert Level for critical infrastructure event characterization, with CyberCon 1 being the most urgent. The five tiers would progress from green to orange to red in color codes.

The mid-orange level is where extensive coordination and collaboration would happen between government and industry in terms of dynamic protocols and procedures. The red level represents "a cyber emergency of the severest nature and greatest potential impact," the report states. In those situations, the government would "be expected to convey priorities and industry will do all that is possible to support national survival, under government direction and within a comprehensive, legal and operational framework."

Green-level threats would be relatively minor concerns that infrastructure providers and their cybersecurity vendors could address. The report states that a CyberCon 2 event should be used as the starting point for assessing cross-sector restoration challenges and National Cyber Incident Response Plan requirements.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.