Risk
8/27/2009
11:44 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Q&A: DHS Cybersecurity Chiefs Speak Out

The Department of Homeland Security aims to grow its cybersecurity workforce and technical capabilities, Phil Reitinger and Greg Schaffer say.

Philip Reitinger
Philip Reitinger
As the federal government continues to try to figure out ways to effectively manage cybersecurity, the Department of Homeland Security is gaining prominence as one of several major players in protecting government computer networks from attack.

At the center of the DHS' effort are the agency's cybersecurity top official, deputy undersecretary of the Department of Homeland Security for the National Protection and Programs Directorate and director of the National Cyber Security Center Phil Reitinger, and Greg Schaffer, assistant secretary of DHS' Office of Cybersecurity and Communications. InformationWeek recently spoke with them.

InformationWeek: I wanted to start by talking about your role, your goals and some of the things that are going on there right now.

Reitinger: Cybersecurity always has been and always will be a distributed effort. If people want to say, well, there's a single locus of cybersecurity and anything and everything will be handled from one point, I say, dream on. We want to build cybersecurity into the DNA of the infrastructure, into the DNA of the businesses, into the DNA of all the government entities.

Our role is to work to bring one team, one fight from DHS to address cybersecurity, to work with partners to help enable progress across dot gov, and particularly with the Cybersecurity Coordinator when appointed.

The top priorities I'm focused on, are, one, building capability. That's primarily about people. I have some awesome people here at DHS; we have a great team, but we just don't have enough of them yet, and we're in strict competition with the private sector to get the best and brightest to work on these issues. I'm a firm believer that organizations succeed or fail based on the people you have.

Second is building partnerships. There are people with responsibilities across the organization, across the federal government and across the private sector, and we've got to continue to work on the right way to build a partnership among those entities. We're defining our partnership models, making sure they're as efficient as possible, that they let the private sector work effectively with us and as one, and we're starting the process of developing a national cyberincident response process that will enable all of the entities across government and the private sector to work together as one nation to respond to cybersecurity emergencies.

The third is addressing the ecosystem of the future, making sure that we're building the Internet and the cyberinfrastructure of the future that will have the foundations of a more secure tomorrow. There are a number of things that go into that.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0845
Published: 2015-04-17
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

CVE-2015-0967
Published: 2015-04-17
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

CVE-2015-0968
Published: 2015-04-17
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

CVE-2015-0969
Published: 2015-04-17
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

CVE-2015-0970
Published: 2015-04-17
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.