Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

The DHS cyber agency has a key role in a new strategy

Thursday, March 12, 2020

Categories: ASCF News National Preparedness Cyber Security

Comments: 0

major report by the Cyberspace Solarium Commission wants to position the Department of Homeland Security’s cybersecurity agency as the “key” agency in strengthening cybersecurity efforts within the federal government and the private sector as part of a broader overhaul of the U.S. strategy for securing cyberspace.

The recommendations in the report are another signal that Congress views DHS’ Cybersecurity and Infrastructure Security Agency, which is charged with protecting federal networks and critical infrastructure from cyberattacks, as a critical piece of national security moving forward and plans to take action to bolster its authorities. The agency’s critics, however, question whether CISA is toothless, without the authorities it needs to do its job. Outside of federal government, CISA is largely dependent on voluntary cooperation to deal with what is a a vast attack surface.

The report, which makes 75 recommendations as part of a three-pronged “layered deterrence” strategy, emphasizes that it’s imperative that the federal government and private sector strengthen their relationship. Central to that effort is CISA.

“The key is CISA, which we have tried to empower as the lead agency for federal cybersecurity and the private sector’s preferred partner,” commissioners wrote in the executive summary.

The underlying challenge for CISA is that most assets labeled critical infrastructure are operated by the private sector, like the electric grid, or by state and local governments, like election infrastructure — and CISA doesn’t have the authority to direct their actions.

To achieve a better relationship with the private sector, commissioners wrote that Congress needs to designate more funding for CISA’s private-sector initiatives. According to the report, 60 percent of CISA’s budget is for federal cybersecurity, with only 15 percent going toward private-sector initiatives.

“Congress should review CISA’s budget and consider giving proportionally greater resources to projects and programs intended to support private-sector cybersecurity, to promote public-private integration, and to increase situational awareness of threat,” the report says.

CISA also needs to do more to protect federal networks, the commission wrote, recommending that Congress strengthen CISA’s ability to do continuous threat hunting on .gov networks.

“Continuous threat hunting on the .gov domain will enable CISA to quickly detect, identify and mitigate threats to federal networks,” commissioners wrote. “Resulting information on malware, indicators of compromise, and adversary tactics, techniques and procedures can be shared with public and private critical infrastructure, which may be similarly targeted by these actors, to bolster their defenses.”

The commission also suggests raising the agency to an operational agency within DHS and making its director a deputy secretary.

The Cyberspace Solarium Commission was created by the 2019 National Defense Authorization Act and included members from inside and outside of government.

The reality is that CISA will need more funding in order to achieve the overhauls recommended in the report. But not all the recommendations need immediate funding, according to CISA Director Chris Krebs.

“There’s a significant amount of the recommendations that we can implement right now,” said Krebs, testifying in front of the House Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection, & Innovation March 11.

A CISA spokesperson didn’t respond to a request seeking clarification of which recommendations CISA could implement right now.

New offices and tasks

The commission report recommends that Congress direct the executive branch to start a one-year, comprehensive systems analysis of federal cyber and cybersecurity centers in order to improve information sharing, in part because of its “unique position” as the middleman between government and critical infrastructure operators.

The review would identify challenges and potential solutions to better integrate federal cyber centers and the private sector with CISA’s efforts.

Another recommendation suggests the creation of a Joint Cyber Planning Cell, housed at CISA, where staff from federal agencies with “operational cyber capabilities” will plan defense cybersecurity operations and will “integrate” planning with the private sector.

“The cell will be charged with coordinating planning for campaigns and operations to respond to and recover from a significant cyber incident or limit, mitigate, or defend against a coordinated, malicious cyber campaign targeting U.S. critical infrastructure,” the commission recommends. “These plans should be developed through a deliberate planning process, accounting for all participating federal agency cyber capabilities and authorities.”

The plans that the cell would create would help inform action by the National Security Council “when an adversary campaign is identified or significant cyber incident occurs.”

Workforce realities

The potential for new responsibilities for CISA means the agency will need more skilled employees. At his agency’s budget hearing March 11, Krebs said his agency has more than 650 empty positions, with about 150 cybersecurity-related.

To try to reduce the hiring time, Krebs said that the agency is trying to reduce the amount of time it takes to get a job. Recently, he said, his agency launched a task force tasked with finding options to reduce time to hire. One of the challenges that Krebs wants to solve is the requirement that most cybersecurity jobs require a Top Secret clearance. In the hearing, Krebs said that he doesn’t think that the CISA employees in the field necessarily need a TS clearance, whereas a Secret clearance could do.

Solarium commissioners, meanwhile, want CISA to attract the top talent in the country.

“We want working at CISA to become so appealing to young professionals interested in national service that it competes with the NSA, the FBI, Google, and Facebook for top-level talent (and wins),” the commissioners wrote.

Asked by Rep. Mike Rogers, R-Ala., if his agency’s salary and benefit package is adequate in the hearing, Krebs said he’s confident in the tools his agency has, like tuition reimbursement and a retention bonus.

“I can actually I think generally compete in the market,” Krebs said. “Certainly not on the top, top, top end, but we can provide between mission and pay and just quality of life, we think we can do a pretty good job here.”

Photo: A new report wants to bolster the role of the DHS cybersecurity agency. (metamorworks/Getty Images)

Link: https://www.fifthdomain.com/congress/capitol-hill/2020/03/11/the-dhs-cyber-agency-has-a-key-role-in-a-new-strategy/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search