Risk
3/15/2011
03:08 PM
50%
50%

DHS Seeks Cybersecurity Help from Engineers, Scientists

Department of Homeland Security Secretary Janet Napolitano said the agency wants to collaborate with experts in various fields to help it tackle security and managing the flow of information.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters

The Department of Homeland Security (DHS) is seeking help from the private sector -- including experts from the engineering and science fields -- to help it solve a series of problems related to cybersecurity and the immense flow of information the department deals on an every-day basis.

Speaking at the Massachusetts Institute of Technology (MIT) this week, DHS Secretary Janet Napolitano said that it will take more than the work of the department and its IT team to solve the problems of the varied work the DHS is doing to secure borders and U.S. critical infrastructure, among other tasks. Her remarks are available online.

"At DHS, we are constantly asking and trying to answer some important questions: How do we keep travel and trade flowing across borders while at the same time enhancing security? How do we secure our nation's critical infrastructure when the vast majority of it is in private hands?" she said. "The answers to many of these questions involve harnessing science and technology to better meet our homeland security needs."

Perhaps more than any other agency, the DHS must work with myriad partners in both local and state governments as well as the private sector to accomplish its mission.

Particularly in the area of cybersecurity, the agency has set up partnerships through a series of fusion centers and joint terrorism task forces around the country to share intelligence information to protect critical infrastructure. The work includes collaborating with both private and public organizations.

Citing this "long tradition in our country of creating problem-solving partnerships between government and our research and development enterprise," Napolitano described some of the challenges the DHS hopes experts in a variety of fields will help it solve.

One key security challenge the DHS faces is what she called the "big data" problem. Being the linchpin for national security, the department receives data from a number of agencies -- such as the Federal Aviation Administration, the Transportation Safety Administration, the FBI, and the CIA -- about possible threats, both cyber and otherwise, and must disseminate that information quickly and efficiently to come up with a plan of action.

Napolitano said that the agency is always looking for better ways to extract meaningful information from "billions" of data points, and is seeking input on how to do that from experts across different fields.

"We therefore cannot overstate the need for software engineers and information systems designers. We need communications and data security experts," she said. "And we need this kind of talent working together to find new and faster ways to identify and separate relevant data."

Napolitano also mentioned the recent earthquake and subsequent tsunami in Japan to launch a discussion about how the DHS can improve emergency response in case of a similar disaster in the United States.

She said that FEMA Administrator Craig Fugate is exploring ways to use social media to achieve several crucial tasks during a disaster, such as reaching people during an emergency, locating necessary supplies, and moving them to the people and places that need them most. The federal government used the Web, including Twitter feeds, to share information with people who might be in need of help as part of its response to the recent disaster.

Napolitano also said that the DHS will seek help from scientists and engineers to create more resilient building materials that can withstand major earthquakes by engaging in nanotechnology research and getting that technology into widespread commercial use. Technology to detect nuclear radiation and to improve healthcare response to pandemics also is of interest to the department, she added.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink,  10/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.