Security Strategy, Plan, Budget

DoD, DHS to align cybersecurity capabilities

The U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) announced plans Tuesday to streamline their cybersecurity capabilities to better protect the nation's networks.

Late last month, Secretary of Homeland Security Janet Napolitano and Secretary of Defense Robert Gates signed an agreement that formalizes processes for the two agencies to work together to protect U.S. networks and critical infrastructure.

The agreement outlines a framework whereby the agencies will provide cybersecurity support to one another, and was intended to improve collaboration as the two departments carry out their respective cybersecurity missions.

Under the agreement, DoD cyber analysts will work within the DHS in support of the National Cybersecurity and Communications Integration Center (NCCIC), an incident response facility that opened late last year.

In addition, a full-time senior DHS leader, along with a support team of DHS privacy, civil liberties and legal personnel, will work in the National Security Agency (NSA), part of DoD. The DHS leader will also act as the DHS' cybersecurity representative to the Defense Department's new U.S. Cyber Command, responsible for protecting U.S. military networks.

“We look forward to building on this vitally important step toward greater collaboration as we continue to work together on new and better ways to protect our economy and critical networks against evolving threats by those who seek to harm the United States,” Gates and Napolitano said in a joint statement issued Wednesday.

The new partnership appears to be part of an effort to move past previous agency turf wars.

Last March, for example, Rod Beckstrom resigned from his position as director of the DHS' National Cyber Security Center, citing insufficient funding and support. In his letter of resignation to Napolitano, Beckstrom said the DHS's cybersecurity efforts are "controlled" by the NSA.

Meanwhile, it is not uncommon for government departments and agencies to enter into formal agreements to work together on certain issues and to “swap” employees to improve synchronization, Marcus Sachs, director of the SANS Internet Storm Center, told on Thursday.

This agreement is particularly important because the DoD and DHS have a joint mission to protect the United States in cyberspace, he said.

“Cyberspace works in a millisecond environment when threats manifest themselves and you can't have any waste of time trying to coordinate a response,” Sachs said. “If they are already linked together and have this command structure and have exchanged physical bodies, then if something bad happens and we have to react to it as a nation, that relationship is in place, so a lot of time is saved upfront.”

Without such a relationship, the agencies might inadvertently work at odds with one another, he said.

Robert Rodriguez, founder and chairman of the Security Innovation Network, an organization focused on advancing cybersecurity innovation through public-private collaboration, told on Monday that the agreement is “critically important” and will lead to better information sharing.

But while the agreement is an important step forward, formal relationships around cybersecurity should also be formed with other departments, as well as the private sector, Rodriguez said.

The timing of the agreement is appropriate given that DoD's U.S. Cyber Command began operating earlier this year, Sachs said. The command likely also will develop formal relationships with other government entities, such as the Department of Justice.

Sachs said he was pleased the agreement was made public.  

“It is good for transparency," he said. "It is something we need to do more of with cybersecurity and not lock it behind closed doors."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.