Risk
3/15/2011
03:08 PM
Connect Directly
RSS
E-Mail
50%
50%

DHS Seeks Cybersecurity Help from Engineers, Scientists

Department of Homeland Security Secretary Janet Napolitano said the agency wants to collaborate with experts in various fields to help it tackle security and managing the flow of information.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters

The Department of Homeland Security (DHS) is seeking help from the private sector -- including experts from the engineering and science fields -- to help it solve a series of problems related to cybersecurity and the immense flow of information the department deals on an every-day basis.

Speaking at the Massachusetts Institute of Technology (MIT) this week, DHS Secretary Janet Napolitano said that it will take more than the work of the department and its IT team to solve the problems of the varied work the DHS is doing to secure borders and U.S. critical infrastructure, among other tasks. Her remarks are available online.

"At DHS, we are constantly asking and trying to answer some important questions: How do we keep travel and trade flowing across borders while at the same time enhancing security? How do we secure our nation's critical infrastructure when the vast majority of it is in private hands?" she said. "The answers to many of these questions involve harnessing science and technology to better meet our homeland security needs."

Perhaps more than any other agency, the DHS must work with myriad partners in both local and state governments as well as the private sector to accomplish its mission.

Particularly in the area of cybersecurity, the agency has set up partnerships through a series of fusion centers and joint terrorism task forces around the country to share intelligence information to protect critical infrastructure. The work includes collaborating with both private and public organizations.

Citing this "long tradition in our country of creating problem-solving partnerships between government and our research and development enterprise," Napolitano described some of the challenges the DHS hopes experts in a variety of fields will help it solve.

One key security challenge the DHS faces is what she called the "big data" problem. Being the linchpin for national security, the department receives data from a number of agencies -- such as the Federal Aviation Administration, the Transportation Safety Administration, the FBI, and the CIA -- about possible threats, both cyber and otherwise, and must disseminate that information quickly and efficiently to come up with a plan of action.

Napolitano said that the agency is always looking for better ways to extract meaningful information from "billions" of data points, and is seeking input on how to do that from experts across different fields.

"We therefore cannot overstate the need for software engineers and information systems designers. We need communications and data security experts," she said. "And we need this kind of talent working together to find new and faster ways to identify and separate relevant data."

Napolitano also mentioned the recent earthquake and subsequent tsunami in Japan to launch a discussion about how the DHS can improve emergency response in case of a similar disaster in the United States.

She said that FEMA Administrator Craig Fugate is exploring ways to use social media to achieve several crucial tasks during a disaster, such as reaching people during an emergency, locating necessary supplies, and moving them to the people and places that need them most. The federal government used the Web, including Twitter feeds, to share information with people who might be in need of help as part of its response to the recent disaster.

Napolitano also said that the DHS will seek help from scientists and engineers to create more resilient building materials that can withstand major earthquakes by engaging in nanotechnology research and getting that technology into widespread commercial use. Technology to detect nuclear radiation and to improve healthcare response to pandemics also is of interest to the department, she added.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.