Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

4/22/2010
03:59 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

DHS Fills Key Cybersecurity Posts

Department of Homeland Security hires fill leadership gaps at US-CERT and the National Cyber Security Division, two of the most important players in the nation's critical security infrastructure.

The Department of Homeland Security filled two key cybersecurity positions this month, a DHS spokesman confirmed, hiring former Defense Information Systems Agency CIO Bobbie Stempfley to head up the agency's National Cyber Security Division and giving interim U.S. Computer Emergency Readiness Team director Randy Vickers a permanent job.

Stempfley takes over for Peter Fonash, who had been acting director of NCSD since Cornelius Tate left last year. Stempfley comes to DHS from DISA, where she worked for 10 years (over the last year as CIO), helping serve the Department of Defense with its networking and computing needs. While at DISA, Stempfley oversaw the continued evolution of the agency's rapid access computing environment private cloud computing platform.

As head of NCSD, Stempfley will head up a broad cross-section of the government's cybersecurity efforts, including public-private partnerships to secure critical infrastructure, the national cyberspace response system to alert government and industry of threats and respond to those threats, and a national cyber risk management program.

DHS has asked for $379 million for NCSD next year, with a number of goals in mind. Stempfley will be bringing the new National Cybersecurity and Communications Integration Center, a sort of mega-security operations center, to full speed. She'll also be helping to push forward the deployment of the federal government's Einstein intrusion protection and prevention systems. And she'll be part of a big cybersecurity hiring trend at DHS, which has said it will be hiring up to 1,000 cybersecurity professionals in the next couple of years.

Vickers, meanwhile, takes over for Mischel Kwon, who left US-CERT in August to head up professional services at RSA. Much of NCSD's proposed budget -- $315 million, to be exact -- will go to US-CERT, which helps to coordinate responses to cybersecurity threats by sharing information on vulnerabilities and exploits through an alert system.

US-CERT has taken a high profile inside government in recent years, as it has overseen the Einstein projects and Trusted Internet Connections initiative (an effort to consolidate government network connections).

Over the next fiscal year, according to testimony earlier this week from DHS deputy under secretary Phil Reitinger, who heads up the agency's National Protection and Programs Directorate, US-CERT will perform numerous red team assessments of other agencies' cybersecurity efforts and begin deploying the latest iteration of Einstein (Einstein 3), in addition to carrying out its usual duties.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-20001
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
CVE-2020-36317
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
CVE-2020-36318
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
CVE-2021-28875
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
CVE-2021-28876
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety r...