by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 2014
October 2014 FCW.COM 19 T welve years after its creation, the Department of Homeland Security is at a crossroads in how it handles its ever- evolving cybersecurity mission. On the one hand, the department says it lacks the legal authority to tackle the subject, and it struggles to hire and retain cybersecurity experts. On the other hand, former DHS officials say key cybersecurity programs and the department’s ability to coordinate the response to cyber threats — inter- nally, with other agencies and with industry — has markedly improved. The department’s technical effica- cy in cybersecurity might now rest on how well its separate programs of intrusion detection and Continu- ous Diagnostics and Mitigation can complement each other. That mixed report card reflects the challenges of harnessing a big bureaucracy to defend federal civil- ian networks and the emphasis the department has placed on cyberse- curity in recent years, although it has been part of the department’s mission since its inception. John Cohen, who until April was the acting undersecretary for intelli- gence and analysis at DHS, said var- ious facets of cybersecurity under the department’s charge, such as cyber intelligence and threat detec- tion, have become better integrated than they were five or six years ago. Then, two of the department’s main cyber-related divisions — DHS’ Office of Intelligence and Analysis and the National Protection and Programs Directorate — suffered from stove- piping and subpar levels of commu- nication. Threat analysis done by I&A was not very well integrated into the threat-detection activities that went on in NPPD, he said. Coordination between the two divisions has come a long way, said Cohen, who is now chief strat- egy adviser at data-protection firm Encryptics. For starters, DHS’ intel- ligence office has a seat at NPPD’s hub for monitoring cyber threats, the National Cybersecurity and Commu- nications Integration Center (NCCIC). That closer intra-agency coordi- nation was put to the test last year when President Barack Obama was considering airstrikes against the Syrian regime. Cohen said there was evidence that the Syrian Electronic Army, a hacking group sympathetic to Syrian President Bashar al-Assad, was considering retaliatory cyberattacks on U.S. assets if Washington struck Damascus. The United States has since gone on to bomb the Islamic State in Syria but not Assad, and Cohen said the intelligence office shared cyber threat information coming from the Syrian Electronic Army with NCCIC, which in turn was able to give a more cred- ible perspective of the threat to U.S. critical infrastructure. According to Cohen, that coordination would have been unlikely just a few years ago. Rob Zitz, who was deputy under- secretary of preparedness at DHS from 2006 to 2007, said the depart- ment’s cyber capability in those years was somewhat fragmented because of bureaucratic growing pains and evolving technology. For Zitz, who is now senior vice president of Leidos, the introduction of a vast intrusion-detection program called Einstein in 2005 was a turning point in the department’s prioritizing of cybersecurity. Enter Einstein Einstein is one of DHS’ primary weapons for defending federal civil- ian networks. The intrusion-detec- tion system is designed to provide the department’s U.S. Computer Emergency Readiness Team (US- CERT) with a “snapshot of the health of the federal government’s cyber- space,” as a DHS description puts it. The program installs sensors at Web access points on federal agency networks and sifts through that data looking for vulnerabilities. As of August 2013, according to an inspector general report published in March, NPPD had spent more than $321 million on intrusion-detection capabilities. (When asked for an updated tally of Einstein’s costs, a DHS spokesman referred FCW back to that figure.) Einstein is now the tip of the spear in the U.S. government’s response to the most acute cyber threats. And yet its efficacy is evidently undercut by the department’s nebulous legal man- date to implement it. Deploying Ein- stein throughout the executive branch “has been significantly delayed by the lack of clear authorities for DHS,” said then-NCCIC Director Larry Zelvin in testimony before the House Home- land Security Committee in May. Zel- vin, who left DHS in August and is now director of Citi’s Cyber Security Fusion Center, declined to be inter- viewed for this story. A DHS spokes- man also declined to make current cybersecurity officials available for an interview. Although DHS is responsible for guarding federal civilian networks, it needs permission from each agency, through a memorandum of agree- ment, to deploy Einstein on its net- work. That bureaucratic conundrum was on display in the government’s response to Heartbleed, an OpenSSL vulnerability that emerged in April. Einstein was able to detect the bug’s threat to federal networks but, as Dep- uty Undersecretary for Cybersecurity and Communications Phyllis Schneck said recently, nearly a week passed before lawyers from various agencies could agree to allow DHS’ technical team to scan agency networks and mitigate the threat. A cybersecurity adviser on the Senate Homeland Secu- rity and Governmental Affairs Com- BY SEAN LYNGAAS R?
September 30, 2014
November and December 2014