Our Newest Cyber Threat

"Every time we were beginning to form into teams we would be reorganized. I was to learn later in life that we tried to meet any new situation by reorganizing, and a wonderful method it was for creating the illusion of progress whilst producing confusion, inefficiency and demoralization." Petronius (AD 166)

This week the House Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology and the House Permanent Select Committee on Intelligence held hearings on cyber security recommendations for the next Administration. In that hearing and in the follow-on press DHS came under criticism for not doing enough to protect our nation's cyber networks. There were even calls for DHS's role in cyber security to be pulled away.

A reorganization of roles and responsibilities is the worst thing that could be done to improve our nation's security posture against very real and increasingly sophisticated cyber threats. In January 2008, the current Administration developed Homeland Security Presidential Directive 23, which established the Comprehensive National Cyber Initiative (CNCI). Since then and for the first time in the Nation's history, DHS along with its partners at the Department of Defense (DoD), FBI, and Intelligence Community have an integrated strategy and action plan to improve cyber security across federal, military and civilian networks. We have moved beyond words on paper and debate, and are now driving real improvements to our security. We cannot afford to lose that momentum and interagency unity of effort.

Within DHS, I manage the National Protection and Programs Directorate (NPPD), which has the mission to reduce security risks across both physical and cyber infrastructure as well as telecommunications and lead the Department's efforts for the CNCI. Specifically, we lead federal civilian (i.e., ".gov") and private sector network defense. Without question, it is a monumental task - one that requires interagency coordination and focus. As a nation, we cannot afford to be distracted from this mission.

In the past six months we have made great progress in this role. We have begun deployment of EINSTEIN 2 ( pdf), which will give us comprehensive, real-time intrusion detection capabilities and one point of situational awareness across all executive branch agencies. We have engaged the private sector to develop partnerships and to improve information sharing. And we have built the core of a management team with the experience and expertise to continue to lead this effort into the future. We have accomplished much in a relatively short amount of time. Securing our nation's cyber networks is a complex and expansive problem, and it took years of growing cyberspace dependence to put us in this position - it will take a solid plan and resolve to accomplish results.

I respect the strong resumes and experience of many of the people that are publicly weighing in on these issues, and, in fact, many of them were previously in key posts that had an opportunity to impact our nation's cyber security. I encourage them to actually spend some time with DHS discussing our plan before they finalize their conclusions and go public with their recommendations.

I certainly agree that we can still do much to continue to improve cyber security in our nation, but calls for reorganization at this point simply makes no sense. We have a plan and are on a path that will address these serious national cyber vulnerabilities. We must stay the course.

Robert D. Jamison
Under Secretary National Protection & Programs