GovernmentExecutive.com

Return to Article: Senator details plan for cybersecurity director

• 91174
  

  I agree (somewhat) with Lee and Bruce on placing cybersecurity in DHS. They are in NO position to dictate cyber policy for the entire government. Perhaps an Agency-off-shoot corporation from Commerce. NIST is should be in close proximity since it is the federal networks (military & civilian) that must follow established (and future) standards.

  Lee...Obama is NOT going to fix all the "situations" you expect him to fix. He can start the foundation but this should NOT be a partisan issue. Remember, ALL government systems support ALL party members and the public regardless of affiliation.

  DoTheRightThing Posted November 4, 2009 9:01 AM
• 91157
  

  Cybersecurity needs to have its own department located away from any other federal agency or department. It also needs to have the authority to enforce the law or in regards to federal employees who fail to follow their own regulations to punish them accordingly. Currently, it does not matter who or where you put this Department, if you dont provide the department with the legal authority to fire, demote, lessen a paycheck or to revoke a security clearance; then you have failed to provide the department to enforce the federal laws, directives of the president or even departmental policy.

  Robert Edwards Posted November 4, 2009 6:56 AM
• 91066
  

  I'm not sure where this position should reside but at this point don't think DHS is the ideal place. It's IT security posture is not a shinging star. It would be difficult to give them credibility for managing the rest of governments IT security when they don't seem to be able to manage their own. However the arguement that their focus is just on infrastructure not IT misses the key point that the internet and IT have become its own infrastructure that many public and privite entities rely on. Regardles of who or where, there are in my opinion three things that have to occur for suce a position/office to be successful. 1) Some authority to influence the budgets of at least all civilian departments and agencies. Nothing happens in Federal Government unless you can either influence or control the purse strings. 2) Authority to shut down insucure systems and willingness to do so before not after a compromise. 3) Better measurements of what a secure system is. NIST has done a great job but FISMA annual snapshots do not make a secure system. Current trend to continuous monitoring is encouraging but there needs to be better awareness, commitment, and accountability at mid and upper level managment. The C&A process has become a paper drill and while I'm sure it helps believe too much emphasis is placed on it after systems are up and running and too little on day to day risk management.

  Bruce Posted November 3, 2009 9:58 AM
• 90986
  

  This is irrational. The unstable DHS has neither the compentancies nor the authority to provide OVERSIGHT for cyber-security issues, their job is concentrated on physical infrastructure and is unrelated to the diverse commerce and institutional systems which must be covered by a true authority not a brokering overpriced entity and must be capable of handling the real issues such as the Department of Commerce?s direct sponsorship of exploit through patents and FCC policy, factors which are simply not within the realm of DHS nor will be. Military topics are unrelated to civilian infrastructure in the USA. DHS is simply not qualified for oversight, no less any other antics.

  More important, someone needs to teach Obama how to count and verify system integrity by hand himself, teaching with him the entire population and industry of exploit. There is no excuse for these situations to exist in the first place.

  lee Posted November 2, 2009 6:17 PM