informa
/
Risk
News

DHS Protections Found Wanting

The Department of Homeland Security (DHS) does not fully address critical funding and information sharing issues

RESTON, Va. -- The Department of Homeland Security (DHS) does not fully address critical funding and information sharing issues in its recently finalized National Infrastructure Protection Plan (NIPP), according to a report released today by INPUT, the authority on government business. NIPP is defined as a “comprehensive risk management framework that clearly defines critical infrastructure protection roles and responsibilities for all levels of government, private industry, non-governmental agencies and tribal partners.”

“NIPP is a good first step towards the vitally important objective of protecting our Nation’s critical infrastructures,” said Bruce Brody, vice president, information security at INPUT. “NIPP will also provide IT vendors with significant opportunities to get involved in the various planning and protection activities required to harden our infrastructures. Unfortunately, in its present form, NIPP does not go far enough.”

The largest issue with NIPP is the lack of clarity on where the funding for the necessary activities will come from. Instead of allocating specific funding, NIPP relies on existing agency budgets to fund these additional federal-level activities. Another shortcoming of the plan is that it requires the private sector to provide sensitive critical infrastructure information to the federal government. In the wake of recent large-scale data loss incidents at various federal departments and agencies, this will be a difficult request to make of industry vendors.

Despite DHS’ failure to address these critical issues aggressively, INPUT anticipates potentially lucrative business opportunities for vendors providing the relevant technologies and services. “Tracking and pursuing these opportunities will require vendors to have a solid understanding of the core elements of critical infrastructure protection, as well as the capability to deliver efficient and cost-effective solutions across a range of disparate customers,” stated Brody. “In addition, those vendors who can offer common services, capabilities, and technologies that cross sectors and provide maximum protections with the highest level of efficiency will be rewarded.”

Input

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5