DHS struggles to define its cybersecurity mission
Connecting state and local government leaders
Cybersecurity is one of the Homeland Security department’s core missions, but the department still is working to define the scope and goals of that mission, and Deputy Secretary Jane Holl Lute today asked the security community for its assistance.
LAS VEGAS – The Homeland Security Department has identified cybersecurity as one of its primary missions, but after seven years it still is struggling to define the scope and goals of that mission.
“We at Homeland Security want to stimulate debate abut cyberspace,” and to increase awareness of the issues, Deputy Secretary Jane Holl Lute said Wednesday in an opening address at the Black Hat Briefings security conference.
But to an audience that was interested in nuts and bolts and bits and bytes, Lute was able to speak only in generalities.
“I don’t think there is any question of the administration’s intent to elevate cybersecurity” as a national issue, she said. She cited several accomplishments, including work on the Einstein II intrusion detection system, a National Cyber Incident Response Center that will be tested this fall during the Cyber Storm III exercises, and a draft National Strategy for Trusted Identities in Cyberspace.
Related stories:
White House just getting started on cybersecurity
DNSSEC now fully deployed on the Internet root
“These might be gestures in your minds, but we view them as important steps,” she said.
DHS has at least nominal responsibility for defending the civilian .gov domain and cooperating with the private sector in defending its infrastructure. The challenges it faces are formidable.
“Cyberspace is built on an insecure platform to begin with,” she said.
Black Hat founder Jeff Moss, in opening remarks, illustrated the challenge by saying that he could not think of any fundamental security issue that has been solved in the 13 years of the Black Hat Briefings. The one bright spot is the recent signing of the Internet Root Zone with digital signatures to implement the DNS Security Extensions. But he also noted that that took place 11 years after the finalization of the DNSSEC protocols.
Asked if DHS as waiting on an inevitable catastrophe to define its task in cybersecurity, Lute sidestepped the question by referring to the fall of the Soviet Empire and the terrorist attacks of 2001. “We have lost the right to say that anything is impossible,” she said. "But we still do not know what is inevitable.”