Homeland Security forms groups to bolster cybersecurity
Hoping to leverage the security expertise of the federal government's information technology professionals, the Homeland Security Department has created three groups of government technology officials to share information in an effort to strengthen computer security and coordinate responses to future computer attacks.
The first group is the Government Forum of Incident Response Teams, or G-FIRST. It will include federal agencies' chief security information officers and computer experts from the U.S. Computer Emergency Response Team, Pentagon and civilian federal agencies. The second group, the Chief Information Security Officers Forum, will be a venue for informal information sharing. And the Cyber Interagency Management Group will serve as a forum for defense and law enforcement officials to coordinate a response to a major cyber attack.
"These three groups were established to fill a need for information sharing in government," Larry Hale, deputy director of the department's cyber-security division, said in an interview.
G-FIRST, which Hale described as the most active of the three groups, targets officials who monitor the government's networks around the clock and allows its 100-plus members to communicate anytime over a secure Web portal.
"It has really caught on because of a strong need for a place for 24-7 incident teams to collaborate with each other," Hale said. "There's a real lively exchange of information going on around the clock using this forum."
While Congress ordered every federal agency to appoint a chief security information officer in 2003, "there was no group established for them to share information on their level," he said. Unlike the CIO group, "the security community did not have a similar venue for information sharing," he added. Here, the officers "can ask others if they're having problems with their systems, get advice and share information about getting their jobs done more effectively."
The Cyber Interagency Management Group has a different, action-oriented focus, Hale said. It was created in December as part of a Bush administration presidential directive calling on Homeland Security to coordinate with the Defense, Justice and State departments, along with the intelligence agencies, to manage the response to computer attacks.
The White House directive stipulated that Homeland Security coordinate in the event of an attack. When the department conducted the "Livewire" cyber drill last year, Hale said, "We saw the need for a special group to focus on interagency management of a response to a cyber attack."
But given the likelihood that a major cyber attack could affect physical infrastructure as well, other agencies must become involved, he said. "If it's an international incident, State may have information. If there's a law enforcement component, Justice will be involved."
Members of the Cyber Interagency Management Group meet in person every four to six weeks to discuss issues and policy, Hale said, adding that members also use a secure portal for more frequent, informal contact. "We can pull this group together in a very short period of time" to address an emergency, he said.