Modernizing Authentication — What It Takes to Transform Secure Access
Department of Homeland Security (DHS) Secretary Tom Ridge announced Friday the agency has created the National Cyber Security Division (NCSD) to combat Internet-based attacks against government and critical private sector backbone networks.
The new department will be under the DHS' Information Analysis and Infrastructure Protection Directorate (IAIP), which reports directly to Ridge. Robert Liscouski, the Assistant Secretary of Homeland Security for Infrastructure Protection, will oversee NCSD while it seeks a permanent director, who will essentially be the nation's cyber czar.
Liscouski told the media over the weekend a director for the 60-person department should be appointed within the next 30 days.
The blueprint for the NCSD is the National Strategy to Secure Cyber Space, a report issued by the Bush Administration in February that depends more on private industry cooperation than government mandates and regulations.
Shortly after the administration issued its report, it dismantled a special cyber security board that reported directly to the White House, transferring its duties and responsibilities to the DHS.
The White House's director of the board, Richard Clarke, refused to head the new organization created at the DHS, saying there would be too many bureaucratic layers between him and Ridge.
Clarke, who spent 30 years in government working for three presidents and is widely regarded as one of the nation's top counter-terrorism experts, now works for ABC news and is a consultant to several private security vendors.
Howard Schmidt, Clarke's deputy on the White House Board, resigned in May to become to the chief information security officer for eBay.
The IAID, which will oversee the new cyber secruity department, consists of a number of agencies that were sprinkled throughout the vast national bureaucracy, including the former National Infrastructure Protection Center (NIPC) that was under control of the FBI, the Department of Commerce's Critical Infrastructure Assurance Office, and the General Services Administration's Federal Computer Incident Response Center (FedCIRC).
According to a statement by the DHS, the new department aims to respond to major incidents, aid in national level recovery efforts, issue alerts and warnings, and conduct ongoing cyberspace analysis.
"Cyber security cuts across all aspects of critical infrastructure protection. Most businesses in this country are unable to segregate the cyber operations from the physical aspects of their business because they operate interdependently," Ridge said in the DHS statement. "This new division will be focused on the vitally important task of protecting the nation's cyber assets so that we may best protect the nation's critical infrastructure assets."
Those assets, according to a report by the Computer Emergency Response Team (CERT) at Carnegie Mellon University, are under escalating attacks by hackers. CERT reported receiving more than 42,000 reports of unauthorized network intrusions in the first quarter of this year, more than double all the attacks reported in 2002.