DHS Creates New Cyber & Telecom Czar Position

DHS Deputy Secy. Michael Jackson told Washington Internet Daily that while he’s not ready to say who will fill the post, the agency felt that the “threat vectors” in the cyber and telecom arenas were meaningful and deserved to be fully represented inside DHS and across federal agencies. “Putting telecom and cyber together is plain common sense,” Jackson told us: “They travel the same pipes, wired and wireless.” Merging the focus areas doesn’t mean attention to either will be “diluted in a precise sense,” he said. Those involved in both areas will benefit from working together under the same leadership, he said.

A number of lawmakers, especially House Homeland Security Committee members, were persistent in calling for creation of the position. Reps. Thornberry (R-Tex.), Lofgren (D-Cal.), Cox (R-Cal.), Thompson (D-Miss.), Lungren (R-Cal.) and Sanchez (D-Cal.) led that charge. High-tech businesses and advocacy groups also pressed for establishing the position in recent months.

The assistant secretary will be responsible for identifying and assessing the vulnerability of critical telecom infrastructure and assets; providing timely, useful threat information; and leading the national response to cyber and telecom attacks. In the revamped DHS, the assistant secretary for cyber & telecom will report to the undersecretary for preparedness. Others reporting to that official include the soon-to-be-named chief medical officer, assistant secretary for grants and training, assistant secretary for infrastructure protection, the fire administration and the national capital region director.

The creation of the new post is “what we've always envisioned,” said Information Technology Assn. of America (ITAA) Vp-Information Security Greg Garcia: “You really can’t have physical security without cybersecurity since most of our nation’s critical infrastructure is riding on IT,” he said. The Administration had tried integrating physical and cybersecurity into one position but “it’s pretty hard to find one individual who is an expert and is passionate in both cybersecurity and physical security at the same time,” Garcia said. It’s going to be difficult to find a senior-level official to fill the post, he said, adding that the person could come from the Administration or outside. ITAA hasn’t heard any names dropped but Garcia said DHS will want a “credentialed Republican [and] someone who really understands industry and government agencies very well.” The successful candidate will have to be someone who is a “Washington hand and understands industry dynamics,” he added: “There aren’t many people like that.”

Chertoff’s announcement “marks a huge step forward in the fight to protect our nation’s critical information infrastructure,” Cyber Security Industry Alliance (CSIA) Exec. Dir. Paul Kurtz said. He praised DHS under Chertoff’s leadership for exercising “great leadership and vision” by creating the new job. “DHS has created the foundation needed to move forward with the execution of a comprehensive approach to cybersecurity that will successfully build on public and private sector efforts to date,” Kurtz said. For the first time, govt. will have a senior staffer with programmatic authority to look after cybersecurity issues, he told us. Even in the days when the White House had a cyber czar, he coordinated issues but lacked the clout to make change and set priorities, Kurtz said.

The Business Software Alliance (BSA) applauded the move. BSA CEO Robert Holleyman said “physical security and cybersecurity must be addressed in tandem in today’s digital world.” He said the DHS plan “serves as a profound step in the right direction.” The group’s members recently met with Chertoff as part of the group’s annual CEO Forum in June to address many of the issues outlined in the plan unveiled Wed. Former DHS cybersecurity chief Amit Yoran was also “very supportive” of the announcement. “Clearly Secretary Chertoff and his team have done an in-depth review and are structuring the department to best meet it mission requirements going forward,” he told us. But more details are needed about resources being given to the assistant secretary and the programmatic implications of the post, he said.

CSIA said the new assistant secretary has 2 tiers of priorities to address. The most pressing issues include early warning of cyberattack, contingency planning for communicating to govt. and the private sector when a disaster occurs, and recovery and reconstitution efforts, Kurtz said. Second tier issues include addressing improved cybersecurity R&D, software assurance issues and high-tech awareness, he said. Kurtz refused to guess who might be tapped for the post but said “the game is clearly on.” He was also unsure whether the job would require Senate confirmation.

Another notable reform includes a more prominent role for information sharing between DHS, state and local agencies and the private sector. “You are the front line of defense,” Chertoff said, noting that sharing data is a 2-way street. He said he'd move forward to help forge common federal tools for information sharing, but also work with state and local officials and private sector infrastructure owners to fuse and share a richer intelligence base. A new Office of Intelligence & Analysis will ensure that information is gathered from all relevant field operations and other parts of the intelligence community, Chertoff said.

He also spoke to improving management systems -- particularly core IT systems, financial and human capital policies -- to promote greater situational awareness. A consolidated policy directorate will also be created and led by a new undersecretary on enactment of required legislation. That directorate will encompass an international affairs office, the private sector liaison, the Homeland Security Advisory Council, the Office of Immigration Statistics and a senior asylum officer. Many of the proposed changes to DHS can be executed under Chertoff’s existing authority but others require congressional approval.