US Homeland Security creates cybersecurity division

The US Department of Homeland Security (DHS) has launched a cybersecurity centre, but not all cybersecurity experts welcomed the...

The US Department of Homeland Security (DHS) has launched a cybersecurity centre.

The 60-person National Cyber Security Division will report to Robert Liscouski, the assistant secretary of homeland security for infrastructure protection, and will be part of the department's information analysis and infrastructure protection directorate.

DHS is looking for a person to head the division who will have similar responsibilities to the former cybersecurity tsar at the White House.

The head of the division "would be the person whose sole focus in terms of infrastructure protection is cyber", said David Wray, a DHS spokesman.

The division is focused on reducing the vulnerabilities to the US government's computing networks and working with the private sector to help protect other critical pieces of cyberspace.

William Harrod, director of investigative response for security software supplier TruSecure, questioned the position of the division within DHS. 

"I think it downgrades the visibility of the position within the administration," Harrod said. "For organisations that want to follow someone who's carrying the banner of cybersecurity, it's a lower profile position."

With the apparently lower profile of cybersecurity within the Bush administration, Harrod said he is worried that there may be a decreased emphasis on pursuing cybercriminals.

"It's sending the message to big business that this isn't a high priority," he said.

"They're not going to have ability to generate the sway or have the leadership or commitment ... as they had with a cyberspace tsar who reported directly to Bush."

Alan Paller, research director at the information security researcher SANS Institute, said the division will have the resources to go after cybercrime, whereas former White House cybersecurity tsar Richard Clarke had few resources to do much.

If DHS wanted to downplay cybersecurity, it would bury the division under its physical terrorism division, Paller said, but this move makes cybersecurity an equal player.

"I don't think this move says the Bush administration is soft-pedaling cybercrime," Paller added. "This act today in no way confirms that. It looks to be moving in the other direction."

Robert Holleyman, president and chief executive officer of the Business Software Alliance, also welcomed the announcement. He said improving cyberspace security will require a long-term, aggressive public-private partnership.

"We all have a responsibility to make this work," Holleyman added. "Meeting the information security challenge is not just the job of the government, it is everyone's job. Industry and government can set the example by making sure that this issue is addressed at the top level of every organisation."

Grant Gross writes for IDG News Service


Read more on IT risk management