Former Bush official praises cybersecurity consolidation

ORLANDO, Fla.-A former Bush administration official said on Tuesday that consolidation of the government's cybersecurity responsibilities within the Homeland Security Department will enhance efforts to protect physical and electronic infrastructures.

The White House last week released an executive order that would dismantle the President's Critical Infrastructure Protection Board, which had been charged with coordinating the government's cybersecurity effort. The order comes as Homeland Security begins absorbing oversight of infrastructures such as power grids and transportation systems.

John Tritak, former head of the Commerce Department's Critical Infrastructure Assurance Office, defended the move. "The idea there is to consolidate and leverage the core competencies of these individual organizations in a way we couldn't do before," he said. Abolishing the board "does not suggest deviation of concern" about cybersecurity within the White House.

"The functions of the board will continue under the Homeland Security Department. ... All the agents that were previously members of the board will still play." And federal law requires that Homeland Security assume the responsibility, he added.

Speaking as part of panel at a government technology conference here, Tritak praised the development of an organization within the new department that combines efforts to analyze security information and guard critical infrastructure.

"This notion of mapping threat information into identified vulnerabilities to produce information that helps better inform appropriate protective measures is a new thing," he said in an interview. "You are producing information that will empower government and private-sector stakeholders to take appropriate action. That is a major step forward."

But Tritak and others acknowledged that a key component of improving infrastructure protection will be the ability to disseminate information among governments and the private sector.

Homeland security officials in Florida, for example, have devised a geographical information system to obtain a "spatial view of different critical infrastructures and how they relate to each other," said Larry Powell of the state's Law Enforcement Department.

Understanding links between critical infrastructures enables emergency officials to craft response plans during an incident, and the plans then can be shared throughout the state via data systems such as ThreatNet, a database that allows law enforcers and emergency agencies to share anti-terrorism and other key information, Powell said.

But sharing information requires more than new technology, said Dow Williamson, vice president of marketing at Trusted Computer Solutions. His firm is helping link information systems at the U.S. Northern Command military installation with the Homeland Security Department. The company provides a "bridge" that connects information in existing data networks, he said.

But it requires "both a technical capability along with proper policies and procedures put in place," he said. Users have to "make a conscious decision as to whether that information can flow" to other government organizations. "It's not the technology making that decision."

Powell also described major challenges that Florida officials have encountered using their statewide information system. One of the biggest roadblocks has been the inconsistent terminology used to classify information and the policies for determining who can access data.