Government Considers Cybersecurity Projects
U.S. cybersecurity experts focus first on staffers working out in the field.
One of DHS's chief priorities is incubating and funding research projects that could find a practical application in the field.
Here at the GovSec conference, the annual trade show for government security workers and contractors, DHS officials appealed for proposals for security and communications projects, emphasizing that the department is primarily focused on the state and local levels.
Work at the federal level is "just a little piece of what we do," said DHS Director David Boyd. "We're working with sovereign jurisdictions here."
"The states don't have time to wait for a large pie-in-the-sky federal model," he said, adding that field operatives are only interested in projected that have gone through rigorous testing. "One of the things we've discovered is local chiefs aren't going to buy anything unless they know it works."
Boyd described DHS's work in cybersecurity and interoperable communications for first responders as a "bottom-up model" where the department is often tasked with mediating intra-agency turf wars and serving as a liaison between equipment manufacturers and the people in the field who actually use the technology.
At the federal level, the department's role in cybersecurity is at the center of a lively debate in Washington. Last week, Rod Beckstrom resigned as head of DHS' National Cyber Security Center, a group tasked with coordinating the various agencies' cybersecurity initiatives. Beckstrom complained that the National Security Agency had too much authority in the area, and that DHS' role had been marginalized.
Yesterday, DHS Secretary Janet Napolitano appointed Microsoft executive Phil Reitlinger as a deputy undersecretary, heading up cybersecurity operations within the department.
In the area of interoperable communications for first responders, DHS is still coordinating between states to develop and sync up systems on the various bands of spectrum it has at its disposal. The Federal Communications Commission is still trying to figure out how to allocate a swath of 700 MHz spectrum for public safety that failed to trigger the minimum bid in an auction last year.
In the meantime, the department continues to promote standards in communications sectors like voice over Internet protocol (VoIP) to ensure that first responders in different jurisdictions can communicate.
"Voice over IP isn't anything new," said Luke Berndt, CTO at the department's Office of Interoperable Communications. "It's a great thing. The problem is people are implementing it differently."
Similarly, the department stepped in when firefighters around the country began reporting problems with their digital radios. Initially, they complained to the device manufacturers that transmissions were getting scrambled, but the problem was often attributed to operator error.
DHS commissioned independent testing of the radios, and developed a working group with device makers to correct the problem, which was essentially rooted in the conversion of speech to the ones and zeroes that comprise a digital transmission.
"The user community isn't necessarily technical enough to sit in on all the working groups," Berndt said.
In the cybersecurity arena, DHS is funding an array of projects in concert with businesses, universities and other groups. Toward the top of its list of priorities are research in botnets and new metrics to measure the severity and pervasiveness of threats.
"We don't have any way today to do sophisticated metrics to say whether our systems are secure," said Doug Maughan, DHS's brand chief for cybersecurity.
The department is also pressing forward with its work in domain name system security (DNSSEC), and continues to operate a secure testbed for researchers to put malware solutions through their paces.
"Our goal is the full spectrum," Maughan said. "When we fund research let's make sure that we don't just fund research that goes on the shelf and let it collect dust."
In both cybersecurity and networking, the officials said that once a technology passes the testing and standardization processes, people in the field are generally able to implement it quickly. Coordinating among the numerous agencies, however, is a different story.
"It isn't just the technology that drives the train," Boyd said, emphasizing that getting everyone involved on board is often the more significant challenge. "Technology is only one component, and it's not the most important component."
This article was first published on InternetNews.com.