[ISN] Homeland Security CIO calls for cybersecurity, communications standards

From: InfoSec News (isn@private)
Date: Fri Nov 14 2003 - 06:46:02 PST

  • Next message: InfoSec News: "Re: [ISN] Cyber terrorism not real: Gartner"

    Forwarded from: William Knowles <wk@private>
    
    http://www.computerworld.com/securitytopics/security/story/0,10801,87098,00.html
    
    Story by Lucas Mearian 
    NOVEMBER 13, 2003 
    COMPUTERWORLD 
    
    COLUMBUS, Ohio -- Steven Cooper, the new CIO at the Department of
    Homeland Security, said he has had "some pretty candid conversations"
    with Microsoft Corp. CEO Steve Ballmer and other company officials
    about software security concerns.
    
    "And I think, believe it or not, that we're really influencing them as
    a community," Cooper told a gathering of about 150 CIOs at a CIO
    Symposium put on here by the Columbus Technology Council and the
    Center for Information Technologies in Management.
    
    While Cooper didn't go so far as to say his agency is partnering with
    Microsoft to fix vulnerabilities in the company's Windows operating
    system, he did say, "We are collaborating with them very closely with
    working to improve ... software."
    
    Cooper said he met with nearly 75 government CIOs earlier this week,
    most of whom said their departments now have internal cybersecurity
    plans that include some kind of vulnerability and risk assessment, use
    third parties for penetration testing and have put in place some type
    of patch management process.
    
    "And yes, at the top of the list was Microsoft," Cooper said. "No
    surprise, I suspect. I've had some pretty candid conversations with
    Steve Ballmer and the Microsoft gang."
    
    On a different topic, Cooper acknowledged that the first version of
    his department's national enterprise architecture, released in late
    September and available online or by CD, still needs work. And he
    asked CIOs from various industries and from state and local
    governments to help make it better. "Help us add the granularity from
    your perspective," he said.
    
    "How many of you would buy Release 1.0 of anything?" he said of the
    document. "It's about an inch deep and a mile long. [But] the safety
    and security of all of us depend on our ability to rapidly get this
    enterprise architecture right. It really does have that magnitude of
    impact."
    
    "What do you expect folks like us to do?" asked John Deane, CIO at
    Dublin, Ohio-based Wendy's International Inc.
    
    Cooper suggested that even fast-food restaurants could help
    disseminate information by putting cybersecurity pamphlets on their
    counters. He also pointed to an initiative in which the government has
    appropriated $12 million for CIOs to develop a dozen or so
    information-sharing pilot projects, each costing less than $1 million.
    
    "All we're asking initially [is] if you'd give us some kind of concept
    paper, one or two pages," he said. "Just share with us what you'd like
    to do: 'Here's what we can do for x amount of dollars.'"
    
    Cooper said he would like to deliver some business value from any
    pilot programs that get seed money within three to six months to show
    how IT can enable rapid and effective information sharing between the
    private, local, state and federal sectors.
    
    Joe Gottron, CIO at Columbus-based Huntington Bancshares Inc., said
    it's important to know how the department will measure progress toward
    its goals. "Calculating progress will help in getting people engaged
    and be part of that process. The task is so enormous," Gottron said.  
    "He [Cooper] needs to create a sense of purpose similar to that
    created around the Apollo 13 landing."
    
    Cooper said his department is using "cycle time" and information
    quality, admitting "those are not exactly the right matrixes. At the
    department level, we don't have those [processes] in place yet."
    
    Jesse Jones, CIO of Columbus' Department of Technology, asked Cooper
    how information submitted to the Department of Homeland Security would
    trickle down to state and local governments.
    
    Cooper said he's been working with CIO associations at the state and
    national levels, but he pointed out that there are 56 states or
    territories, 33,000 counties and 89,000 municipalities in the U.S. "I
    haven't found the right organization or body that gets to all those
    cities and counties."
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Nov 14 2003 - 09:45:28 PST