Risk
8/27/2009
11:44 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Q&A: DHS Cybersecurity Chiefs Speak Out

The Department of Homeland Security aims to grow its cybersecurity workforce and technical capabilities, Phil Reitinger and Greg Schaffer say.

Philip Reitinger
Philip Reitinger
As the federal government continues to try to figure out ways to effectively manage cybersecurity, the Department of Homeland Security is gaining prominence as one of several major players in protecting government computer networks from attack.

At the center of the DHS' effort are the agency's cybersecurity top official, deputy undersecretary of the Department of Homeland Security for the National Protection and Programs Directorate and director of the National Cyber Security Center Phil Reitinger, and Greg Schaffer, assistant secretary of DHS' Office of Cybersecurity and Communications. InformationWeek recently spoke with them.

InformationWeek: I wanted to start by talking about your role, your goals and some of the things that are going on there right now.

Reitinger: Cybersecurity always has been and always will be a distributed effort. If people want to say, well, there's a single locus of cybersecurity and anything and everything will be handled from one point, I say, dream on. We want to build cybersecurity into the DNA of the infrastructure, into the DNA of the businesses, into the DNA of all the government entities.

Our role is to work to bring one team, one fight from DHS to address cybersecurity, to work with partners to help enable progress across dot gov, and particularly with the Cybersecurity Coordinator when appointed.

The top priorities I'm focused on, are, one, building capability. That's primarily about people. I have some awesome people here at DHS; we have a great team, but we just don't have enough of them yet, and we're in strict competition with the private sector to get the best and brightest to work on these issues. I'm a firm believer that organizations succeed or fail based on the people you have.

Second is building partnerships. There are people with responsibilities across the organization, across the federal government and across the private sector, and we've got to continue to work on the right way to build a partnership among those entities. We're defining our partnership models, making sure they're as efficient as possible, that they let the private sector work effectively with us and as one, and we're starting the process of developing a national cyberincident response process that will enable all of the entities across government and the private sector to work together as one nation to respond to cybersecurity emergencies.

The third is addressing the ecosystem of the future, making sure that we're building the Internet and the cyberinfrastructure of the future that will have the foundations of a more secure tomorrow. There are a number of things that go into that.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

CVE-2014-0762
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.

CVE-2014-2380
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.

CVE-2014-2381
Published: 2014-08-27
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.

CVE-2014-3344
Published: 2014-08-27
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq31129, CSCuq3...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.