Homeland Security Watch

News and analysis of critical issues in homeland security

August 19, 2010

Dealing with inappropriate expectations in a relationship. (Yes, this is a homeland security blog.)

Filed under: Cybersecurity,General Homeland Security — by Philip J. Palin on August 19, 2010

Monday the House Homeland Security released a new GAO study: Key Private and Public Cyber Expectations Need to be Consistently Addressed.

The Government Accountability Office reports that the private sector is disappointed in the public sector and the reverse is also true.  From the report:

Private sector stakeholders reported that they expect their federal partners to provide usable, timely, and actionable cyber threat information and alerts; access to sensitive or classified information; a secure mechanism for sharing information; security clearances; and a single centralized government cybersecurity organization to coordinate government efforts. However, according to private sector stakeholders, federal partners are not consistently meeting these expectations… 
Public sector council officials stated that improvements could be made to the partnership, including improving private sector sharing of sensitive information. Some private sector stakeholders do not want to share their proprietary information with the federal government for fear of public disclosure and potential loss of market share, among other reasons.
Without improvements in meeting private and public sector expectations, the partnerships will remain less than optimal, and there is a risk that owners of critical infrastructure will not have the information necessary to thwart cyber attacks that could have catastrophic effects on our nation’s cyber-reliant critical infrastructure.

Our daughter just celebrated her first wedding anniversary.  I recently asked, “Have you uncovered any big expectations either of you brought into the marriage unrecognized by the other?”  I will not share her answer.  But many of us have been there and have our own answers.

Reading the GAO study, one cyber-partner expects the other to be brilliant, efficient, and consistently effective.   Meanwhile the “brilliant” cyber-partner expects the other to be generous, trusting, and communicative. 

Sounds entirely like too many just married couples.  We’ve been at this for nearly nine years now.  Where’s the realism? 

The GAO reports, “The two most expected services private sector stakeholders want from their federal partners are timely and actionable cyber threat and alert information—providing the right information to the right persons or groups as early as possible to give them time to take appropriate action. The percentages of private sector survey respondents reporting that they expect timely and actionable cyber threat and alert information to a great or moderate extent were 98 and 96, respectively.”

Sounding like a tough marriage counselor the GAO writes, “Only 27 percent of private sector survey respondents reported that they were receiving timely and actionable cyber threat information and alerts to a great or moderate extent.” 

I’m amazed the percentage is so high.  If I would take my wife’s top two expectations of me and she could confidently say I was regularly meeting those expectations 27 percent of the time… even if only to a “moderate extent.”  Well, she would probably be thrilled.

Most of the time the public sector has nothing specific to tell the private sector regarding an actionable cyber threat or alert.  Most of the time the private sector will know about the threat before the public sector.

When the GAO asked public sector cyber-professionals about their private sector partners even more good news emerged. “Many government councils reported that the private sector is mostly meeting their expectations in several areas… Four of the five government councils stated that they are receiving commitment to execute plans and recommendations and timely and actionable cyber threat information to a great or moderate extent.”  Without my ellipses the tone of the GAO report is more negative.  But the quote above is much more honest than quotes on most movie ads.

Despite the basically good news, the public sector wants the private sector to share more. (Isn’t that what the private sector is asking from the public sector?) “One issue is that private sector stakeholders do not want to share their sensitive, proprietary information with the federal government. In addition, information security companies could lose a competitive advantage by sharing information with the government which, in turn, could share it with those companies’ competitors. In addition, according to DHS officials, despite special protections and sanitization processes, private sector stakeholders are unwilling to agree to all of the terms that the federal government or a government agency requires to share certain information.”

Other than FOIA, Congressional hearings, and WikiLeaks what could those pesky private sector folks be worried about?

There are some real challenges.  Read the GAO report.  Sure, improvement is possible.  But what I read — admittedly between the lines — is the description of an amazingly productive relationship… especially if the two parties don’t focus too much on their unrealistic expectations of each other.

The following is from another website with a very different mission than HLSWatch, but in this case the advice seems appropriate:

It’s okay to have expectations. Everyone does. However, the expectations need to be achievable or the sense of disappointment, disillusionment and despair from failed expectations will bring (the relationship) to the point of wanting to call it quits.

Hopefully, your expectations will include being able to… resolve conflicts, to appreciate your differences… to respect one another, and to be able to discuss values and priorities.

It is very important to be able to identify and actually talk about expectations with one another. Together you can fine tune your expectations so that neither of you are trying to live up to something that is impossible.

I had finished the preceding before reading Mark’s Wednesday piece.  If you have not, just keep reading below.  Mark and I don’t know each other, live on opposite coasts, and usually start from very different places.  Somehow we keep meeting along the way.  After awhile recurring coincidence may suggest an emerging pattern.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by LOGGER

August 19, 2010 @ 5:52 am

In journalism, you can’t hurry the truth. That is why leaks are not journalism. Journalism saves lives and leaks can cost lives. They are calling leaks “data journalism”, whatever that means, it used to be called disinformation. There’s a place in America called Point-No Point. Go as far as you can and there is No-Point. Call when you have arrived.

Comment by William R. Cumming

August 19, 2010 @ 6:03 am

Yes the marriage is in trouble because of the paradigm that 85% of all critical infrastructure is developed, implemented and operated without governmental assistance financial or technical.
I would go back almost 13 years to the so-called “Marsh” report of the Presidents Commission on Critical Infrastructure Protection which split for all time the security of Critical Infrastructure into the physical security aspects and the cyber security aspects.
Like the physical reality of couples facing each other at coffee over breakfast or the first bounced check perhaps a reality check needs to be made.
What is of interest is that the cyber world grows and grows. I think the notion that imposition of security after the development, implementation and operation of cyber systems and processes is just wrong. The tough issues, the “Wicked Issues” as the public administration types would say need to be addressed at the ground floor not after the sky scraper is built. And by the way since 9/11 if you number the buildings of over 40 floors in the US being constructed in US very minimal. In Shanghai alone over 200 under construction.
So again what should be done? First a Joint Congressional Committee on Cyber and Computer Security should be established much like the much honored and successful Joint Committee on Defense Production that operated from the Korean War to late 70’s and even mandated a RENEGOTIATION BOARD to recapture excess profits from the “Merchants of Death” who made them in WWII and the Korean War. Second, it is clear that DHS does not have the funding or staffing to carry a lead role in cyber security which is one reason that it has not accomplished its second most important mission (first being WMD policy and issues, third being civil liberties and privacy) and perhaps just having GAO do a simple breakdown of staffing and funding for cyber and computer security across the Executive Branch would reveal the accuracy of my statement. By the way it is interesting that GAO seldom documents its recommendations in budget exectution and staffing levels anymore and wondering exaclty why this is so?
Third, cyber and computer security should be combined across the Executive Branch in its components and this should be made a direct report to the head of each agency and not through some Deputy Secretary or Under Secretary for Management or other subordinate even if high-ranking PAS. And this problem needs to be a person appointed without regard to partisnship to a 5-7 year term of Office and given a special pay rate to attract the best and the brightest. Perhaps reference to the VA’s special pay standards for medical specialists would make a good start.
And finally of course, DHS needs the regulatory and standard setting authority it has been deprived of in this arena since the beginning, together with a broader FCC role and that probably needs a rewrite of its basic statutory authority starting with the FEDERAL COMMUNICATIONS ACT of 1934! Hey time to get work for all involved and pull together and time to depoliticize an area that may make or break US in the future.

Comment by A Broken America!

August 20, 2010 @ 7:35 am

America, our beloved Republic is already broken, 13+ trillion times and as we are now poised for precipitous decline both in the Dow and in Middle America, We who love her so, embrace her with the utmost Respect and Care, our great Republic’s “core” has been besieged, raped by Goldman Sachs’ fellas in this administration and to date, unless a savvy enough reporter cares to look into exposing the past and present, indirect and direct GS affiliations and presents to the majority of We here on Main Street USA Homeland Security’s real adversaries, even the professional DHS will lose its relevancy…

many of us would like to demand that DHS and Immigration officials show us this Chicago city community organizer’s birth certificate, any other relevant personal materials and his Wife’s, College Thesis on White and Black America which seems to be their obsession rather than vreating new jobs, helping America get out of the grips of the pompous Cambridge Professor types, the elitists and help us in Middle America get to really know the FirstLady and her narrow minded pereptions which affetc the Prez just as the preacher who let us all know what the Prez has been listening to in his sermons!

Cretainly our esteemed DHS folks should be making cybersecurity their daily focus, however let’s start from teh federal government demanding that we truly find out the character and the composition of who is truly in the White House and from there, we can give directive as the populace in a democracy does as to what we see as priority and one first priority, certainly no mosque to afford the fundamentalist Islamic factions another “mosque” in history to signify some kind of victory!

To the Islamic fundamentalists, the fall of our Ground Zero buildings were not your glee, but our failure to be vigilant from within – We allowed the twin towers to fall and we have allowed our home to be overrun with hoodlums, oops the Hank Paulson/Barney Franks pal “bankers” and the White House staffers led by the wet behind the ear kid from Chicago and his warped entourage to lead us to Mecca, however Germany in its reemergence will soon address the Islamic Fundamentalist with its fast deployment Army and new shiny battle ships in the Meditarannean as the new Middle East power broker seeking “oil” to lubricate its mighty manufacturing agenda….

Christopher Tingus
aka Citizen Joe

Comment by LOGGER

August 21, 2010 @ 9:01 am

The difference between a prejudice and a conviction is that you can explain a conviction without getting angry. Stay cool.

Comment by VICEMAYOR

August 22, 2010 @ 10:40 am

Mexican police helped murder the mayor.

They depoliticized the town. No mayor and now less police. More crime naturally. Once your made you’re made for life and life is, like it or not, political. It’s good for defense lawyers and the police might walk. Has to be awkward in jail. Make new friends. No company is better than bad company, so I don’t have many friends. I drink alone with Old Granddad.

Comment by VICEMAYOR

August 22, 2010 @ 10:51 am

“I like this no-razzle-dazzle bouquet a lot; at palate entry, it begins rather meekly, then in an explosive midpalate it bursts forward with biscuity, vanilla-wafer, and white chocolate tastes that capture the attention of the taste buds – riding a wave of manageable heat into the punchy aftertaste, OGD mellows out in the throat after about 30 seconds; this is what premium bourbon is all about – direct, almost reckless whiskey enjoyment that’s a touch sweet, a bit warm, and appealing all the way home.” Kindred Spirits

The flip side is sour, cold and not appealing and nobody is home. As you like it.

Comment by VICEMAYOR

August 22, 2010 @ 4:03 pm

They can kill me only once. In politics you can be killed many times. I think we better keep it political and teach them a good lesson. This is going to turn into a Mexican night mayor situation. It’s better if they see it coming. As the eye doctor would say, yes he saw it. He didn’t have time to think about it though. You aren’t dealing with an enemy who knows how to think. They can see. It’s hot down here.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>