DHS Scared Cyber Mission Will Get Yanked
DHS was on the hot seat last week during Congressional hearings on the ineffectiveness of the National Cyber Security Division. Private Sector experts, who were supposed to be partners in securing the nation’s cyber assets, complained that NCSD and US-CERT were failures in its mission and should be moved directly to a White House level of authority.
From CNET here:
After a week of dealing with critics arguing that some agency other than the U.S. Department of Homeland Security should handle the nation’s cybersecurity efforts, Homeland Security has come to its own defense.
DHS Undersecretary Robert Jamison said in a new blog post that “we must stay the course” and cybersecurity responsibility should not be reshuffled.
At multiple hearings last week, members of a cybersecurity commission told Congress that the DHS is incapable of handling cybersecurity, and the responsibility should be moved to the White House. In addition, the commission specifically criticized the lack of leadership from the DHS, which amounts to a direct criticism of Jamison himself.
Jamison emphasized the progress the DHS has made, which he pointed out to members of the technology industry last week. The DHS has been developing its new intrusion detection system “Einstein 2,” which the CSIS cybersecurity commission has acknowledged as a positive step, and the department is continuing to work with the private sector.
I think that moving the cyber mission to the White House would be a monumental mistake. That move would effectively make cyber security a political football to be kicked around by partisan politicians, even more so than now.
What really needs to happen is the Einstein project needs to become mandatory. Right now it is a voluntary program that Federal agencies can “opt in” to to have their networks monitored by DHS’s statistical anamoly detection engine. But even in its current configuration, Einstein is a failure because the government allowed their arm to be twisted by the privacy wonks at Carnegie Mellon, who are more aligned with EFF than the mission to secure federal networks against hackers.
If NCSD can get authority to make the program mandatory, and actually start monitoring packet payloads, US-CERT can grow into the equivalent of DISA for military networks- a top-down heirarchy of incident monitoring and network security.
But right now it doesn’t matter where you throw this turd: DHS or the Whitehouse- it will still stink.
