DHS, Other Agencies Prioritizing Cybersecurity, Officials Say
The recently publicized Heartbleed bug (CD April 11 p13 ) is part of a “continuous cycle of weaknesses” that federal agencies regularly identify as they work to improve federal networks’ cybersecurity, said Rear Adm. Robert Day, commander of the U.S. Coast Guard Cyber Command, during an Armed Forces Communications & Electronics Association event Monday. The Department of Homeland Security (DHS), which is responsible for cybersecurity on the .gov domain, said Friday that “core” publicly facing .gov sites are not vulnerable to Heartbleed and that it’s coordinating with other agencies to ensure other .gov sites are protected.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
DHS is also responsible for implementing major parts of President Barack Obama’s cybersecurity executive order (CD Feb 14/13 p1). DHS is the federal agency most publicly associated with federal cybersecurity efforts because of its .gov responsibilities and because of public programs like the National Initiative for Cybersecurity Education, but many other agencies also have stakes in cybersecurity protections, said Day, who’s also the Coast Guard’s chief information officer. Officials from DHS, Customs & Border Protection (CBP) and the Secret Service said during the event they are continuing to make cybersecurity a priority.
DHS’s cyber priorities include implementation of the Structured Threat Information eXpression (STIX) language for cybersecurity information sharing and the Trusted Automated eXchange of Indicator Information information transport mechanism, said Peter Fonash, chief technology officer for DHS’s Office of Cyber Security and Communications. The STIX language, developed in partnership with the nonprofit Mitre, provides a standardized way of sharing information with officials across agencies and sectors, Fonash said. The STIX language will allow officials to respond quickly to threats because it will facilitate machine-to-machine communications, he said. DHS plans to expand the scope of STIX’s use from its base in the financial sector to other critical infrastructure sectors within the next six months, and plans to submit it to international standards bodies, Fonash said.
DHS’s Science and Technology (S&T) Directorate also plays a role in cybersecurity but continued cuts to its budget have required the office to become “highly innovative” in how it participates in the agency’s cybersecurity activities, said Stephen Dennis, technical director for the Homeland Security Advanced Research Projects Agency. The office operates on 1.2 percent of the DHS budget but participates in activities across a wide swath of issues DHS is interested in, he said. S&T has used private sector partnerships to help utilize S&T’s expertise to drive innovation, Dennis said.
CBP and the Secret Service are also prioritizing cybersecurity as part of their missions, those agencies’ officials said. CBP continues to examine its cybersecurity policies because the agency views itself as a major threat vector due to its dual missions of protecting against terrorism and facilitating trade and travel, said CBP Chief Technology Officer Wolf Tombe. The agency is also examining its use of mobile technology and cloud computing, he said. The agency has needed to think creatively about its technology priorities because its Office of Information Technology’s budget was reduced by nearly 50 percent over the last four years, Tombe said. The Secret Service’s role includes investigating cyber crimes, and it also gas an interest in increasing its operational cybersecurity because the agency relies on mobile technology, said Scott Cragg, chief information officer. The Secret Service is continuing its ongoing Information Integration and Technology Transformation program, he said.