DorobekInsider.com

Focusing on six words: Helping government do its job better

Archive for the ‘Homeland Security’ Category

DorobekINSIDER: Chart of the day: DHS oversight

leave a comment »

Buried at the Homeland Security Department’s so-called “bottom up review” — a review of all DHS operations — is a very telling chart: The amount of oversight that Homeland Security undergoes

How is that for shocking!

Read the full report here. [PDF – note, the report is 72 pages] This is on the last page.

Read and hear Federal News Radio 1500 AM’s report on the bottom up review.

NextGov: DHS will establish consolidated intelligence portal

Written by cdorobek

July 19, 2010 at 9:30 AM

DorobekINSIDER: Throwing elbows over cyber-security legislation

leave a comment »

It appears that the effort to pass a cyber-security bill is going to get a bit more tough then expected.

Late last month, officials from Cisco, IBM and Oracle sent a letter to the main sponsors of the Protecting Cyberspace as a National Asset Act, S. 3480 — Senators Joe Lieberman (DI-Conn.) Susan Collins (R-Maine) and Tom Carper (D-Del.). The letter raised concerns about some provisions of the bill:

While well intentioned, it ultimately puts U.S. critical infrastructure at increased risk by threatening the intellectual property of American companies that create the IT that operates the vast majority of U.S. government and private-sector critical networks and systems.  The unintended result may be a weakening of the domestic software and hardware industry to an extent that could, ironically, leave the U.S. more dependent upon foreign suppliers for their critical IT systems.

The letter goes on to raise specific concerns about detailed provisions of the bill. You can read the full copy of the letter here.

The Senators issued a forceful response — a letter addressed specifically to the heads of those companies — and it was posted right on the Senate Homeland Security and Governmental Affairs Web site. In the response, they refer to the concerns as “mischaracterizations” of the bill:

This legislation is informed by years of oversight by this Committee and is the result of more than a year of drafting. Our staff spent considerable time working with industry representatives – including representatives from your companies – and the bill, as reported, addresses many of the concerns your companies raised during that time…

Your input on this important legislation is important to our Committee, and both our staff and yours have invested considerable time in this process. While we find the mischaracterizations of our bill in your letter inaccurate and disappointing, we welcome further discussion and hope that we can engage in a constructive dialogue going forward.

Again, you can read the full response here.

Meanwhile, Politico’s Morning Tech is reporting that the House version of the bill is having some trouble.

Staff representing the Senate’s top players in the cybersecurity debate – Rockefeller, Snowe, Collins, Lieberman, Carper – will begin huddling this week over ways to merge the chamber’s top two proposals. But the path forward in the House is still unclear.

The lower chamber’s version of the Lieberman-Collins-Carper plan, spearheaded by Reps. Jane Harman and Pete King, is still pending consideration by a slew of committees that all share jurisdiction. And the committee closest to the action – the House Homeland Security panel – plans to introduce its own bill soon, pitched by Chairman Thompson. Meanwhile, a Senate Dem aide tells Morning Tech that it is unclear whether Rep. Jim Langevin, another cybersecurity leader, is writing his own comprehensive legislation. Stay tuned.

IT WILL BE THE HOUSE SCI/TECH COMMITTEE that will take the first stab at cybersecurity once both chambers return from recess next week. The Technology and Innovation Subcommittee announced late Tuesday it had invited industry leaders from EPIC, the Institute for Defense Analyses, the Council on Foreign Relations and Ponte Technologies to its scheduled July 15 hearing – and it promises additional witness announcements to come soon.

Read Politico’s Morning Tech here.

Written by cdorobek

July 7, 2010 at 9:32 AM

DorobekINSIDER: News Channel 8 discussing cyber-war — is it real?

leave a comment »

I will be on NewsChannel 8’s Federal News Tonight at 7:30p tonight — and we’ll be talking about the ongoing debate: Is the threat of cyber-war exaggerated?

As I mentioned earlier, this question was the subject of an Intelligence Squared debate earlier this month.

You can hear the debate here… or see the debate here.

We are looking for your thoughts… how would you answer the question: The threat of a cyber-war is exaggerated?

Arguing that the threat of cyber-war was exxagerated were:
* Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC)
* Bruce Schneier, the cryptographer, computer security specialist, and writer who is the founder and chief technology officer of BT Counterpane, formerly Counterpane Internet Security. He writes the popular Schneier on Security blog.

And in opposition:
* Mike McConnell, former vice admiral in the Navy, the former director of the National Security Agency and the former Director of National Intelligence. He now works for Booz Allen Hamilton.
* Jonathan Zittrain, professor of Internet law at Harvard Law School and a faculty co-director of Harvard’s Berkman Center for Internet & Society. He writes the Future of the Internet blog and is on Twitter.

Some additional resources:

There currently are more than 40 cyber-security bills somewhere in the legislative process on Capitol Hill.

After heading up the President’s 60-day Cyberspace Review last year, Melissa Hathaway has some analysis. She has complied all that knowledge in a 31-page report which broke down the different bills into sections. Nine bills make the legislation to watch list, including updates to FISMA. Hathaway also says there great need for more public awarness for cybersecurity issues both in the U.S. and abroad.

That assessment came before Sens. Joe Lieberman (DI- Conn.), Olympia Snowe (R-Maine) and Tom Carper introduced the Protecting Cyberspace as a National Asset Act, which was discussed at a hearing today. (More information on the hearing here.) Today on Federal News Radio 1500 AM’s Dorobek Insider, we spoke to Bob Gourley, the former chief technology officer at the Defense Intelligence Agency and the the editor in chief of CTOVision.com, said he thinks the bill would be a step forward. (Read his post here.)

Finally, Gen. Dayle Meyerrose, former CIO of the Office of the Director of National Intelligence, addressed this issue on Federal News Radio 1500 AM’s In Depth with Francis Rose. More here.

Written by cdorobek

June 15, 2010 at 5:55 PM

DorobekINSIDER: Crowdsourcing Gulf Coast oil spill info

leave a comment »

Government as a platform — in the Gulf Coast oil spill.

NASA photo

We have covered a lot of the cases of people coming together to help in crisis situations — many of them around so-called Crisis Camps, but we’ve also seen Random Hacks of Kindless, and even post-Haiti, there were remarkable efforts of people coming together to use available tools to share vital information.

While NOAA is tracking the spill — and there are even NASA satellites tracking the slick — but the Louisiana Bucket Brigade is banding together to track the slick on their own.

A band of people calling themselves the Louisiana Bucket Brigade that are using those tools to track the massive oil spill — called the Oil Spill Crisis Map.

As the massive Deepwater Horizon oil spill disaster drifts toward land, residents of the Gulf Coast can report sightings of fishermen out or work, endangered wildlife, oil on shore, oil sheens, health impacts and other problems using a new tool known as the Oil Spill Crisis Map. The reports, submitted via text message, the web or email will appear on a web based map of the Gulf Coast, alerting officials and the public alike of the extent of the damage.

“The Oil Spill Crisis Map compiles and maps eyewitness accounts of the oil’s effects in real time,” said Anne Rolfes of the Louisiana Bucket Brigade. “This is a tool for all of us to understand the extent of the damage.”

Reports can be made and viewed at http://oilspill.labucketbrigade.org.

How does it work?

Mobile phone users can text reports to (504) 27 27 OIL
Reports can also be sent to bpspillmap@gmail.com
Twitter with the hashtag: #BPspillmap.

Eyewitness reports for the map require a description, and location information such as address, city and state, zip‐code or coordinates. Citizen reporters can remain anonymous or disclose their contact information. Photos and video can be uploaded via the web.

Written by cdorobek

May 5, 2010 at 4:12 PM

DorobekINSIDER: AFCEA Homeland Security Conference panel on cyber-security — the liner notes

leave a comment »

I am moderating a panel at AFCEA’s 9th Annual Homeland Security Conference — creatively named DHS – The 7-Year Itch – Renewing the Commitment: The Definitive Dialogue on Critical Homeland Security Issues. Specifically, the panel that I’m moderating is titled President’s Comprehensive National Security Initiative. And we have a good panel to discuss these issues, even if the title of the panel doesn’t fully capture it:

Thursday, February 25
9:15 a.m. – 10:30 p.m.

Panel 6: President’s Comprehensive National Security Initiative
Industry insight into streamlining the cyber security effort through all levels of government. Thoughts and recommendations on policy, strategy and guidelines necessary to secure federal systems; integrate existing federal government resources; and anticipate future cyber threats and technologies.

Moderator: Christopher J. Dorobek (confirmed)
Co-anchor, Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris
Editor-in-chief, the DorobekINSIDER.com

Panelists:
Mr. Shawn Carroll (bio in PDF)
Executive Director of Engineering & CTO
QWEST Government Services

Mr. John Nagengast (bio in PDF)
Executive Director for Strategic Initiatives
AT&T

Mr. Marcus Sachs (bio in PDF)
Executive Director for National Security & Cyber Policy
Verizon

Credit where credit is due: I’m just the moderator. I did not pull the panel together. So I want to credit specifically Wray Varley, Qwest Government Service’s director of advanced programs, DHS & DoJ, for pulling all the pieces together.

As I mentioned, our title is just a tad bid misleading because it really doesn’t capture the scope of what we hope to talk about. (I’m not sure people know what the President’s Comprehensive National Security Initiative even is. I’ve put some background below, including a March 2009 report from the Congressional Research Service that lays it out.)

In the end, what we hope to talk about cyber-security broadly — and our discussion will really go beyond that rather governmental sounding initiative.

It is clear that times are changing in the cyber world. Cyber-security is becoming more of a check-list item to becoming a real national security priority. People are hearing about cyber-security repeatedly, but I’m not sure they know what they can — and should — be doing.

A few data points:

* The Google hack: This comes from Google’s announcement that the company was considering pulling out of China following a massive hack. Of course, we learned that these attacks were actually against a number of private sector companies and investigators are still searching for where these attacks came from. And on Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris, we spoke with George Kurtz, the CTO for cyber-security company McAfee, about those attacks. Hear that conversation here. McAfee and the Center for Strategic and International Studies recently came out with a new report that found people are under attack more then they generally know. You can hear the authors of that report, titled In the Crossfire: Critical Infrastructure in the Age of Cyberwar, here.

* The ZeuS attacks: After Google came word from NetWitness that some 2,400 organizations — including government agencies — had been attacked.

* Could the U.S. lose a cyber-war? That was the stark warning from Mike McConnell, the former director of national intelligence during testimony before the Senate Commerce, Science and Transportation Committee, according to GovInfoSecurity.com. McConnell told lawmakers earlier this week that if a cyberwar were to break out today — “the United States would lose.” He went on to say that this is not because the U-S doesn’t have talented people or cutting edge technology. It is simply because the country is the most dependent and the most vulnerable — and because the country has not made the national commitment to understanding — and securing — cyberspace.

During the discussion, we are going to review this from several perspectives:
* Carrier operations — Nagengast is going to discuss what the telecommunications carriers can/should/are doing to address these important issues.
* Policy issues — Sachs is going to discuss the public and private policy issues that can/should/are helping to address this issue.
* What agencies need to do — Finally, Carroll will go review what agencies can/should/are doing to address these issues.

And my guess is that somewhere in there, we will talk about Networx, which was widely hailed as a real opportunity for agencies to upgrade their network security infrastructure. And earlier this month, the Federal Trade Commission was one of the first agencies to use the Networx contract’s provisions for the Trusted Internet Connection initiative. TIC is an OMB initiative that seeks to reduce the number of government connections to the Internet to better enable agencies to secure data that passes through those connections, and OMB has been pushing agencies to move forward with TIC implementation.

Some resources — and I’ll add to these if there are links mentioned during the session:

* Congressional Research Service report: Comprehensive National Cybersecurity Initiative: Legal Authorities, Policy Considerations [March 10, 2009] Report thanks to OpenCRS — and you can download the PDF of the report from their site here.

* Center for Democracy and Technology analysis of the Comprehensive National Cybersecurity Initiative

* The China threat: Here is some appointment listening — and reading. Last week on Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris, we spoke to James Fallows of The Atlantic magazine, who wrote a fascinating piece about China generally, but also that country’s role as a cyber-attacker, which he argues is somewhat exaggerated… although he goes on to say that he doesn’t believe we are paying enough attention to cyber-security generally. Hear our conversation here. I think you’ll find the conversation — and his article — illuminating.

Written by cdorobek

February 25, 2010 at 7:15 AM

DorobekInsider: Meet “the good bureaucrat” — Dwight Ink

with one comment

Government workers generally despise the term “bureaucrat” — mostly because it has all sorts of negative connotations. Generally politicians use it dripping with derision as they scoff at the work done by government workers. And so the term has come to be synonymous with red tape and government problems.

Today on Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris, we spoke to “the good bureaucrat” — Dwight Ink.

Giving credit where credit is due, the idea comes from William Eggers, global director of Deloitte’s public sector research program and co-author of the wonderful book If We Can Put a Man on the Moon: Getting Big Things Done in Government. (Hear Eggers here.) Eggers and his co-author John O’Leary of Harvard University, have a column in Government Executive today titled, “The Silent Leader,” in which they write about Dwight Ink.

History tends to adore the person at the helm, the president who calls the shots from the Oval Office. Overlooked are the bureaucrats who actually carry out the commands. Out of the limelight, Ink served seven consecutive presidents, from Dwight Eisenhower to Ronald Reagan. Now retired, this unassuming bureaucrat was often the one doing the heavy lifting.

Read the full column here.

But Eggers got me photos of Ink through the years.


Kennedy & Test Ban


Kennedy & Nuclear Space

LBJ & Alaskan Recovery

LBJ & HUD Leadership

Nixon & Ink

Ford & Arab Embargo

Reagan & CSA Closeout

Bush & Agency Termination

Written by cdorobek

January 14, 2010 at 4:54 PM

The DorobekInsider reader: Howard Schmidt as cybersecurity coordinator

leave a comment »

Somehow it feels that the White House it clearing off its desk before the end of the year. What else would explain Tuesday’s announcement that Howard Schmidt would be the Obama administration’s cybersecurity coordinator — just shy of seven months after the creation of the post was originally announced.

The announcement is curious because Schmidt was one of the first names that was tossed around — and in so many ways, he seems to have the skills necessary for this still-being-defined post.

But this strikes me as an important — and complex — job. So, as we often do around these kinds of big events, I like to pull together resources, analysis and opinions around key topics. (Previous DorobekInsider readers: Obama cyber-security policy review, the Defense Department’s National Security Personnel System pay-for-performance reports and Veterans Day.)

Obama-Schmidt

President Obama meets with cyber-coordinator Howard Schmidt

Right at the top, I should note that the DorobekInsider reader: Obama cyber-security policy review has links to the administration’s policy review and much more.

From the White House itself:

* WhiteHouse blog: Introducing the New Cybersecurity Coordinator, which includes a short video with Howard Schmidt.

* To see how Schmidt’s thinking has evolved, read the National Strategy to Secure Cyberspace, which he helped craft before he left the Bush administration. Find the report from DHS here.

Federal News Radio 1500 AM and FederalNewsRadio.com coverage

Federal News Radio 1500 AM has has team coverage of the announcement.

* On Federal News Radio 1500 AM’s Daily Debrief with Chris Dorobek and Amy Morris… we spoke with Karen Evans, former administrator of e-government and information technology at the Office of Management and Budget, and Randy Sabett, a partner at Sonnenschein Nath & Rosenthal, where he is a member of the Internet, Communications & Data Protection Practice. Sabett served on the Commission on Cybersecurity for the 44th Presidency, which had recommended the creation of the cyber-coordinator post.

Evans:

Now, think about it. He was doing cybersecurity in Microsoft when it wasn’t cool. So, for him to be able to do that — that experience there within a company as big as that company is and the focus that they had, which was at that point pretty consumer-oriented, [but] has now switched to a very comprehensive type of cybersecurity strategy going forward with solutions for consumers, as well as other folks — that’s due to Howard’s insight and education. That experience will really help when he’s talking with private industry people and what their part is in this.

Sabett:

The difference between the two relates to the areas where the frustration has been felt in the past. The so-called cyber czars — many of them, including Howard — have expressed the idea that they had all of the responsibility but they didn’t have the authority. I think the difference here is the emphasis on coordination, which is a recognition that that there are many pockets, both within the government and within the private sector, of excellence — of people doing really good things in the cybersecurity area. Those don’t need to be shaken up. At the same time, they do need to be coordinated and . . . having this position be the Executive Office of the President is, I think, a significant difference from where the so-called cyber czar positions have been in the past.

You can hear and read parts of those interviews here.

* Federal News Radio’s Jason Miller culled reaction from industry, while Federal News Radio’s Max Cacas got the reaction from Capitol Hill — Cacas notes that one of the more interesting comments came from Sen. Susan Collins (R-ME).

Ranking minority member of the Homeland Security Committee, Senator Susan Collins from Maine, was even more blunt, releasing a statement outlining her “disappointment at the Administration’s decision to add yet another czar at the White House.” Collins wants Schmidt’s new job elevated to one that would be subject to Senate confirmation.

Read and hear Cacas’s full story here.

* Federal News Radio’s Jason Miller is hearing Sameer Bhalotra, a staff member from the Senate Select Committee on Intelligence, is a leading candidate to be the deputy cyber coordinator. Miller also spoke to Melissa Hathaway, the former senior director for cyberspace for the National Security Council under President Obama and now president of Hathaway Global Strategies:

“I would advise him to visit those centers and know what they are doing and have a good operational understanding of what’s out there,” she says. “He should know how the partnership is growing between the different departments and agencies.”

Read and hear Miller’s full report here.

Just as an aside, something worth reading: Hathaway’s Five Myths about Cybersecurity. Number 3: Government has the solutions and will protect me. Not necessarily, Hathaway says. Read more here.

* The Federal Drive with Tom Temin and Jane Norris, soon after the announcement, Alan Paller, director of research at the SANS Institute, praised Schmidt’s appointment.

Paller:

Of all the people they were looking at, only two had on the ground experience, and this is a field you can’t do without on the ground experience. This is a job you can’t do without on the ground experience because you get lied to by people, and if you don’t have the experience of having actually managed security, you just can’t do the job.

Read more and hear the full interivew here.

And this morning on the Federal Drive with Tom Temin and Jane Norris, Jim Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies spoke about the appointment. Hear that interview here.

Other coverage…

Needless to say, there was a whole lot of coverage of Schmidt’s appointment, so if you’re looking for everything, Google News can do that. I’m just pulling some of the more interesting stories that have some above-and-beyond insights to highlight here.

* As attacks increase, U.S. struggles to recruit computer security experts [WP, 12.22.2009]
My favorite quote was right at the end from Bob Gourley, the former CTO at the Defense Intelligence Agency.

Cybersecurity lawyers, researchers and policymakers are also in short supply. The Pentagon, for instance, lacks a career path to develop “expert decision-making in the cyber field,” said Robert D. Gourley, a former Defense Intelligence Agency chief technology officer. “The great cyber-generals are few and far between.”

* Workforce Hurdles for New Cyber Czar [NextGov’s WiredWorkplace blog, 12.22.2009]
Along the lines of Gourley’s comments:

Underlying all of these goals is the challenge of improving the recruitment and retention of a top-notch federal cyber workforce. In July, the nonprofit Partnership for Public Service released a report that found that the federal government faces major human resource challenges, such as difficulty in recruiting and retaining high-skilled workers, poor management and a lack of coordination that leaves some agencies competing against one another for talent. Such problems are particularly acute within the federal cybersecurity workforce, the Partnership found.

* Obama cyber czar pick looks to secure smartphones, social nets [ComputerWorld, 12.22.2009]
Calls on social media firms to alert users about various security threats

* Finally, A Cyber Czar [Forbes.com, 12.22.2009]
The new U.S. cybersecurity coordinator, Howard Schmidt, is an impressive leader in government and industry. He’s also Obama’s fourth choice at best

At least three other candidates had been privately offered the position and turned it down, as Forbes reported in July (see: “Obama’s Unwilling Cyber Czars“). Cybersecurity industry watchers told Forbes at the time that was because the position had been stripped of much of its power in an effort to ensure that new cyber regulations didn’t hamper economic recovery.

In a campaign speech at Indiana’s Purdue University in July of 2008, Obama promised to “declare our cyber-infrastructure a strategic asset, and appoint a national cyber advisor who will report directly to me.” In the year that followed, cybersecurity has only grown as a public issue following a steady drumbeat of foreign hacking incidents that have allowed cyberspies to steal military information and breach the power grid.

But Schmidt will hardly report directly to Obama. Instead, according to a report that resulted from a 60-day government cybersecurity review ending in May, the cyber coordinator position will be “dual-hatted,” reporting to both the National Security Council and the National Economic Council under Obama’s economic advisor Larry Summers.

How Dangerous is the Cyber Crime Threat? [PBS’s NewsHour, 12.22.2009]
Talking to Jim Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies

* National cybersecurity coordinator choice widely applauded [GCN.com, 12.22.2009]

* Obama’s New Cyber Security Chief, Howard A. Schmidt, Speaks in Gibberish, but Not the Highly Technical Kind [Seattle Weekly, 12.22.2009]