Risk
8/27/2009
11:44 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

Q&A: DHS Cybersecurity Chiefs Speak Out

The Department of Homeland Security aims to grow its cybersecurity workforce and technical capabilities, Phil Reitinger and Greg Schaffer say.

Philip Reitinger
Philip Reitinger
As the federal government continues to try to figure out ways to effectively manage cybersecurity, the Department of Homeland Security is gaining prominence as one of several major players in protecting government computer networks from attack.

At the center of the DHS' effort are the agency's cybersecurity top official, deputy undersecretary of the Department of Homeland Security for the National Protection and Programs Directorate and director of the National Cyber Security Center Phil Reitinger, and Greg Schaffer, assistant secretary of DHS' Office of Cybersecurity and Communications. InformationWeek recently spoke with them.

InformationWeek: I wanted to start by talking about your role, your goals and some of the things that are going on there right now.

Reitinger: Cybersecurity always has been and always will be a distributed effort. If people want to say, well, there's a single locus of cybersecurity and anything and everything will be handled from one point, I say, dream on. We want to build cybersecurity into the DNA of the infrastructure, into the DNA of the businesses, into the DNA of all the government entities.

Our role is to work to bring one team, one fight from DHS to address cybersecurity, to work with partners to help enable progress across dot gov, and particularly with the Cybersecurity Coordinator when appointed.

The top priorities I'm focused on, are, one, building capability. That's primarily about people. I have some awesome people here at DHS; we have a great team, but we just don't have enough of them yet, and we're in strict competition with the private sector to get the best and brightest to work on these issues. I'm a firm believer that organizations succeed or fail based on the people you have.

Second is building partnerships. There are people with responsibilities across the organization, across the federal government and across the private sector, and we've got to continue to work on the right way to build a partnership among those entities. We're defining our partnership models, making sure they're as efficient as possible, that they let the private sector work effectively with us and as one, and we're starting the process of developing a national cyberincident response process that will enable all of the entities across government and the private sector to work together as one nation to respond to cybersecurity emergencies.

The third is addressing the ecosystem of the future, making sure that we're building the Internet and the cyberinfrastructure of the future that will have the foundations of a more secure tomorrow. There are a number of things that go into that.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

Best of the Web