[ISN] Why DHS, Not White House, Took Lead on RSA Breach Response

From: InfoSec News <alerts_at_private>
Date: Tue, 22 Mar 2011 00:40:52 -0600 (CST)
http://www.govinfosecurity.com/articles.php?art_id=3454

By Eric Chabrow
Executive Editor
GovInfoSecurity.com
March 21, 2011

Pondering government cybersecurity leadership, first thoughts might go 
to the White House and the office of Cybersecurity Coordinator Howard 
Schmidt. But the voice of IT security in the Obama administration often 
seems to be the Department of Homeland Security, not the White House. 
And, the government's face on cybersecurity matters could be that of 
Philip Reitinger, deputy undersecretary for the National Protection and 
Programs Directorate, DHS's highest ranking cybersecurity executive.

When RSA announced last week that it was under a sophisticated attack 
targeting its SecurID products, inquiries to Schmidt's White House 
office, the Pentagon and the National Security Agency about how the 
federal government is responding to the virtual assault and what impact 
it was having on government IT security were referred to DHS. DHS 
initially didn't have a response. By late Friday, DHS issued a 119-word 
statement that provided scant details but said the government was 
working with RSA on the problem and that federal agencies have been 
notified about the breach that involved the two-factor authentication 
product (see DHS Responds to RSA SecurID Attack).

DHS provided the government's reaction to the RSA breach because 
Homeland Security is responsible for operational responses to cyber 
incidents in civilian agencies and key private-sector IT systems, said 
Karen Evans, who served as the de facto federal chief information 
officer in the Bush White House. The White House, she said, is focused 
on cybersecurity strategy.

(The NSA, a Defense Department agency, serves as the primary IT security 
agency for DoD and the intelligence community, while providing its 
technical expertise to civilian agencies through DHS. The NSA director 
also serves as commander of the U.S. Cyber Command.)

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Mar 21 2011 - 23:40:52 PDT

This archive was generated by hypermail 2.2.0 : Mon Mar 21 2011 - 23:49:10 PDT