Homeland Security’s Cyber, Communications Units to be Shuffled Soon—Official
SANTA CLARA, Cal. -- The Dept. of Homeland Security will shuffle the National Cyber Security Div. and National Communications System in the next few months, said an official of the cyber security unit Wed. The reorganization will reflect convergence technologies such as VoIP that have scrambled traditional boundaries between communications and IT and the separate structures of federal law affecting them, said Joe Jarzombek, the Div.’s software assurance dir.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The shuffle will occur in line with work to improve the Federal Emergency Management Agency, Jarzombek told a software security event here organized by ITAA and Nasdaq. He related it to the arrival of Greg Garcia, Homeland Security asst. secy. for cyber security & telecom, a post long vacant.
Homeland Security does “a lot of networking” with the FBI, Jarzombek said in response to a question. Pressed on FBI cyber security work based on an official’s Sept. presentation, he said: “You've got large organizations that don’t even know what the rest of the organization’s doing.” Carol Henton, ITAA Western region vp, said Cal.’s state CIO has resisted adopting Federal Information Security Management Act standards. Jarzombek said Sarbanes-Oxley has shown the value of making top officials accountable for compliance with such security standards.
Jarzombek repeatedly said old code, not written in anticipation of network security demands, will remain a weak spot -- especially as developers seize on it for reuse in new products. The problem is compounded by ubiquitous dependence on software in all kinds of critical systems, he said: “We have a material weakness as a nation with respect to our software.”
The IT/software supply chain is vulnerable to insertion of malicious code, along with simple slip-ups, Jarzombek said: “Our supply chain is not as clean as we think… You're buying from that vendor’s supply chain as well… We need more focus on supply chain management to reduce risk.”
“There will be some who say the problem is foreign [software] development,” Jarzombek said: “Folks, that is not a problem.” Poor development knows no borders, he said. Of U.S. developers, Jarzombek said he would stop short of calling some “clueless, but they're not factoring security into their development.”