Risk
3/18/2010
11:40 AM
Connect Directly
RSS
E-Mail
50%
50%

DHS To Share Intelligence With Some CIOs

A Department Of Homeland Security pilot program allows some state, local, and private-sector officials to access classified information about cyberthreats.

Some public- and private-sector CIOs and chief security officers (CSOs) now have access to intelligence about security threats to critical infrastructure from state and local fusion centers through a new Department of Homeland Security (DHS) pilot program.

Through the program, underway now, CIOs and CSOs from state and local governments as well as private-sector organizations that partner with the federal government will periodically be allowed to read classified e-mails from fusion centers regarding cyber threats, said Amy Kudwa, a DHS spokeswoman.

Fusion centers coordinate counter-terrorist information and data collected by both government agencies and private companies.

CIOs and CSOs taking part in the program may also participate in quarterly cybersecurity briefings and discussions via secure video teleconference and/or audio teleconference, and access classified communications channels in the event of a cybersecurity incident, she said.

Greg Schaffer, the DHS assistant secretary for Cybersecurity and Communications, first publicly referenced the pilot in his remarks at the RSA Conference in San Francisco earlier this month.

The DHS hasn't decided whether or not the pilot will become an actual program and has set no deadline for making that decision, Kudwa said.

The DHS collaborated with the Department of Justice in 2003 to set up fusion centers that coordinate counter-terrorist information and data collected by both government agencies and private companies.

According to the DHS, it has invested more than $327 million to fund fusion centers, of which there are now more than 70, between fiscal 2004 and fiscal 2008.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.