Homeland Security Watch

News and analysis of critical issues in homeland security

January 25, 2006

Reports on DHS cybersecurity state and local outreach

Filed under: Infrastructure Protection,State and Local HLS — by Christian Beckner on January 25, 2006

The Democratic staff of the House Homeland Security Committee released a report today entitled “Falling Short in Securing Cyberspace on the State and Local Level.” The report derives its analysis from a survey conducted by the National Association of State Chief Informational Officers (NASCIO) and the Metropolitan Information Exchange (MIX).

The recommendations in the report and the survey have a common theme of “DHS should do more to help state and local governments with cybersecurity.” Specific recommendations focus on areas such as DHS outreach to state and locals, training programs, and the coordination of alerts. Some of these recommendations (e.g. better coordination of alert systems) are solid, but on many others, my gut reaction is “why is this a federal responsibility?”

Take the issue of training as an example. The NASCIO report recommends that DHS be more active about providing training opportunities to state and local cybersecurity officials, and even goes as far as suggesting that DHS create fellowships for state and local officials to go to the NCSD for six months:

Twenty (77%) of state CISOs indicated that they would consider sending employees to federally funded, short-term (e.g., 180 day) fellowships in Washington, DC with the National Cyber Security Division (NCSD) where they could learn more about NCSD’s mission and capabilities.

Naturally state and local officials are going to be in favor of this idea if they don’t have to pay for it. But should the federal government really pay to train state employees on cybersecurity? Is there a compelling national value to providing federal training in this area, or should the federal role simply be limited to standard-setting, and allowing the states to fund their own training if needed? I’d have to say the latter.

The House Democratic report also notes that most of the state and local CIOs surveyed were not familiar with the DHS National Infrastructure Protection Plan, and suggests that DHS should have done more to enhance awareness of it:

For instance, when asked about their awareness of the Interim National Infrastructure Protection Plan (Interim NIPP), a majority of state officials were not “familiar” with the plan, though the NIPP is the base plan for protecting the nation’s federal, state, and local cyber infrastructure. The Department must do a better job of marketing and promoting these documents directly to the state and local information security officers…

Is this really DHS’s fault? Don’t these local officials have some responsibility to find out on their own initiative about what’s going on at DHS? The NIPP is not exactly a secret; as CQ noted last month, the latest version of it received 5,000 public comments in December.

The Department’s cybersecurity efforts need to improve in many ways, as I’ve noted previously. But on some of the critiques in these reports, I’m not convinced.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>