The Dept. of Homeland Security is tasked with combatting cybersecurity, but in the absence of a dedicated assistant secretary and a comprehensive reporting system, the agency will continue to struggle, DHS' cybersecurity lead told a security conference this week, Government Computer News reports.
“We believe there is a significant cyber-risk in this country,” Andy Purdy, acting director of the National Cyber Security Division, said at the 2006 International Conference on Network Security. “We can take no solace from the fact that we haven’t seen the attacks yet.”
DHS' problems in filling key positions - recently in the news with the delayed appointment of David Paulison as head of FEMA - continue with the assistant secretary for cybersecurity position, which Sec. Chertoff announced in July 2005 and is still unfilled.
“Homeland Security is working with the White House on coming up with a candidate,” Purdy said. He said an announcement is expected “in the near future.”
DHS has to find a way to create a national cyber-response system to provide risk management for IT threats and a process for sharing information among agencies and with the private sector. As usual, it's a question of crossing departments, computer systems and reporting requirements. “There are so many players, so many different people doing different things,” Purdy said.
Some elements of a system for sharing information already are in place, such as a host of industry-specific information sharing and analysis centers which communicate with lead government agencies for their sectors. But many in the private sector still are leery about sharing information with the government and there is no system to coordinate information sharing between industry sectors and various federal agencies. Also lacking is an engine for collating this data so that it can become useful intelligence.
Some in Purdy’s audience were skeptical of Homeland Security’s ability to create a risk analysis system without comprehensive reporting requirements used by other departments to produce useful statistics. Purdy acknowledged this difficulty and said DHS still is waiting on a comprehensive data collection system.