The U.S. Department of Homeland Security has found someone to take
over the daily responsibility of running the National Cyber
Security Division. But the department has yet to fill the vacant
post of assistant secretary for cyber security and
telecommunication.
Robert S. Zitz, the special assistant to the undersecretary for
preparedness at DHS, has been tapped to oversee the day-to-day
operations of the NCSD, effectively taking over for Andy Purdy, the
acting director of the NCSD, who is leaving the department in
October. Zitz already has met with the NCSD staff and is being
brought up to speed on the current state of affairs. Zitz will
continue to report to George Foresman, the under secretary for
preparedness, who oversees the branch of DHS that includes the
NCSD.
Jarrod Agen, a spokesman for DHS, said Zitz will maintain his
other duties and will not take over the assistant secretary job,
which has remain unfilled since DHS Secretary Michael Chertoff
created it last July. However, Agen said, the department is "close
to the final stages of hiring someone" for the assistant secretary
position.
"It takes a unique person to make the personal sacrifices it
takes for this job. We're competing with the private sector, which
has virtually unlimited resources in terms of money," Agen said.
"We can't offer stock options."
DHS has been close to filling the post several other times, but
the candidates have backed out for one reason or another, some of
them citing financial considerations.
Zitz has spent more than 25 years in the intelligence community
and has an extensive background in reconnaissance and satellite
imagery. He also has some experience with information assurance.
Most recently he was a special assistant to the directors of both
the National Security Agency and the National
Geospatial-Intelligence Agency, and was involved in helping to
improve information assurance in the Department of Defence. Zitz
also spent time in the CIA and was a civilian intelligence analyst
with Army Intelligence.
Some in the security community say that regardless of
credentials or experience, whoever ends up taking the assistant
secretary job faces an uphill battle in making information security
a priority inside DHS.
"I don't think it matters who has the job because the job can't
really be done where it is," said Alan Paller, research director at
the SANS Institute in Bethesda, Md. "If you're two or three levels
down, you don't have the access you need. They should never have
taken the job out of the White House."
Before the creation of DHS, the top cybersecurity officials were
members of the White House staff and served on the President's
Critical Infrastructure Protection Board. Many in the security
community were sharply critical of the decision to dissolve the
board and move the cybersecurity function to DHS, where it has less
visibility among senior administration officials.
"The lack of permanent leadership in DHS has made it difficult
for the private sector to cooperate with the government in
developing an efficient, effective plan for cyber security," said
Pete Allor, director of operations at the Information Technology
Information Sharing and Analysis Center (IT-ISAC) industry group
and director of intelligence at Internet Security Systems Inc., in
Atlanta. He said the IT-ISAC and its sector-specific groups holdsa
daily call with US-CERT. "However, what is missing in our
information sharing is the leadership and focus of the federal
government in ensuring that intelligence from the private sector is
collected and utilised in a formalised, coordinated fashion."
The decision to put Zitz in charge of the NCSD comes at a time when
the division and DHS in general are coming under congressional
scrutiny. The Senate Committee on Homeland Security and
Governmental Affairs Friday will hold a hearing on steps that DHS
can take to work more closely and efficiently with security experts
in the private sector and industry coalitions, in an effort to
improve the NCSD's ability to respond to and recover from a major
attack.
One of the main goals of the National Strategy to Secure
Cyberspace, which was completed more than three years ago, was for
DHS to form lasting, effective partnerships with key private-sector
organisations. Some progress was made on that front during the
tenure of Amit Yoran, the former director of the NCSD who resigned
in 2004. A former software executive himself, Yoran worked closely
with groups such as the ISAC groups to open lines of communication
among top government and industry leaders.
But since Yoran's departure, the level of communication between
the two sides has dropped off sharply, hampering efforts to
implement a planned early-warning system for widespread attacks and
make needed improvements to the nation's security
infrastructure.
"We've been running in place really since the national strategy
came out," said Paul Kurtz, executive director of the Cyber
Security Industry Alliance, and a former White House advisor on
security issues who helped develop the National Strategy to Secure
Cyberspace. "The level of liaison with DHS right now is very low.
DHS relies a lot on the private sector but no one knows who to work
with [at DHS]. What's the government's role right now? This is not
unbelievably complex. While we're standing still, the threats and
vulnerabilities are not. They're getting exponentially worse. We're
putting ourselves in a very dangerous position."
Friday's hearing, titled "Cyber Security: Recovery and
Reconstitution of Critical Networks," will feature testimony from
several government officials, including Karen Evans, administrator
for electronic government and information technology at the Office
of Management and Budget, and Richard Schaeffer, director of
information assurance at the National Security Agency. Also slated
to appear are a number of private sector experts, including Tom
Noonan, president and CEO of ISS, Roberta Bienfait, senior vice
president of global network operations at AT&T and Michael
Aisenberg, director of government relations at VeriSign Inc.