DHS official lays out cybersecurity responsibilities

SAN JOSE, Calif. – The Homeland Security Department wants its technology procurements to meet recognized standards for security and privacy, a senior DHS official said yesterday.

DHS is working with industry and standards bodies to create procurement requirements that meet those standards, said Jonathan Frankel, director of law enforcement and information-sharing policy in DHS’ Office of Policy Planning and International Affairs.

Once the standards are in place, the procurement policies will ensure that the government only buys from vendors that meet them, Frankel said at the RSA Conference 2006 here. He spoke during a panel discussion about the role of government in information technology security.

Speaking for DHS, Frankel said the department’s role is establishing a national strategy and providing an overarching vision of cybersecurity. DHS has already taken steps through the National Strategy to Secure Cyberspace that President Bush established in 2003, Frankel said.

DHS is improving its situational awareness of cyberattacks through the U.S. Computer Emergency Response Team, he said. The department is also working to manage cyberattack risks through the National Infrastructure Protection Plan.

DHS is still trying to understand the extent of its authority over critical infrastructure, 85 percent of which is owned by the private sector, Frankel said. He said he expects the final version of the Protected Critical Infrastructure Information regulations to be released soon.

The department must prioritize activities and establish partnerships with industry and academia, Frankel said. “We look to industry to lead by example,” he said, pointing to the private sector’s success in following common security standards and meeting the public’s demand for more secure online commerce and communications.

DHS must also educate the public about cyberthreats and provide tips and tools to help people avoid or fix them, he said. The department is collaborating on the National Cybersecurity Alliance, which provides information at www.staysafeonline.org.

Government has a role to play in punishing cybercriminals and has added jail time and other penalties through the Identity Theft Penalty Enhancement Act of 2005, Frankel said.

In response to government and industry pressure to have effective cybersecurity leadership, DHS created the position of assistant secretary for cybersecurity and telecommunications, Frankel said.

The department is considering candidates for the post but does not know yet when it will choose one, he said.