U.S. Still Coming to Grips with Cybersecurity Management

by












  Space News Business

U.S. Still Coming to Grips with Cybersecurity Management

By GREGG CARLSTROM

posted: 10 October 2008
04:14 pm ET





WASHINGTON — U.S. military services have not yet determined how best to conduct operations in the cyberspace mission area, but are hard at work on the problem, according to U.S. Air Force Gen. Kevin Chilton, commander of U.S. Strategic Command.

“We don’t have adequate forces. By that, I mean personnel. I don’t think our services quite yet have come to grips on how best to organize, train and equip forces to support this mission area – it’s not because they’re not working the problem hard. They are. It’s just new,” Chilton said In a Sept. 30 interview with editors of Army Times publishing company’s publications, including Defense News and C4ISR Journal. “We have a long way to go, I think, in that area with regard to operating, defending and thinking about how we might attack in this domain of cyberspace.”

U.S. Strategic Command is responsible for operating and defending the military portion of the Pentagon’s www.mil, and www.smil, the classified network. Its mandate also is to eventually mount plans for cyberspace attacks if necessary.

The President’s National Cybersecurity Initiative gives the U.S. Department of Homeland Security (DHS) the job of defending the United States in other cyber domains, including the dot.gov area but also commercial areas.

Chilton said U.S. Strategic Command is supporting DHS’s efforts “in a big way right now. If nothing else, we are sharing a lot of the lessons learned that we have garnered in our efforts to increase security and operational robustness of the dot.mil and the dot.smil, which we think directly apply over to other domains that you may want to protect.”

A commission of policy experts has told U.S. lawmakers that the nation’s infrastructure remains highly vulnerable to a cyberattack and that it has no confidence in the Homeland Security Department’s ability to oversee the government’s civil cybersecurity strategy.

The panel’s members, including James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, urged lawmakers to transfer management of cybersecurity from DHS to the White House. “While DHS has improved, oversight of cybersecurity, [it] must move elsewhere. Only the White House has the authority to oversee cybersecurity,” Lewis said. “But this is not a call for a czar. Longing for a czar is a symptom of dissatisfaction with how the government works.”

The government’s security strategy has been hampered by disorganized policymaking at DHS and lacks a coherent direction, according to the panel, called the Center for Strategic International Studies’ Commission on Cybersecurity for the 44th Presidency, which has been studying the issue since October.

Members of the commission outlined their preliminary recommendations at a Sept. 16 hearing before the House Homeland Security subcommittee on emerging threats, cybersecurity, and science and technology, which commissioned the report.

Administration officials defended the government’s cybersecurity program. Paul Schneider, deputy secretary of Homeland Security, said cybersecurity will remain a top priority at the department into the next administration.

“From this administration to the next … the challenge is to make sure that it is a seamless transition,” Schneider said.

“When you look across DHS, you have an undersecretary, an assistant secretary for policy, and others who are supposedly working side by side, but they’re not,” said commission member Paul Kurtz. “There are several people with their hands on the steering wheel, and there’s really no common direction.”

DHS has not worked closely enough with industry to protect privately owned networks, particularly in key sectors such as finance, telecommunications and the power grid. And since DHS lacks the authority to set government-wide policy, it has failed at preparing the federal government for an attack, the commission members said.

The panel will issue a final report in November in which it is expected to recommend reforms similar to those that reshaped the intelligence community in 2006.

Staff writer Lon Rains contributed to this article from Washington.