DHS plans expansion of cybersecurity workforce
From: Federal Times
The Department of Homeland Security plans to grow its cybersecurity workforce by more than 50 percent, as lawmakers and the White House work to expand the department’s authority in securing both government and private-sector websites.
By October 2012, DHS’ cyber staff will grow from 260 to 400 workers, Philip Reitinger, deputy undersecretary of the department’s National Protection and Programs Directorate, said at a Senate committee hearing Monday.
A new legislative proposal released by the White House this month not only places DHS as the lead defender of the dot-gov domain but also gives the department expanded authority.
The DHS secretary would require companies to disclose annually “high-level summaries” of their cybersecurity plans and whether risks have been properly addressed. The secretary would also create a process for designating critical infrastructure such as power plants and electric grids.
“DHS will be the new sheriff in cyber town that we need,” said Sen. Joe Lieberman, I- Conn., chairman of the Senate Homeland Security and Governmental Affairs Committee.
The White House proposal, in many ways, is similar to bipartisan legislation introduced earlier this year by Sens. Lieberman, Susan Collins, R-Maine, and Tom Carper, D-Del. The 2011 Cybersecurity and Internet Freedom Act would amend the 2002 Federal Information Security Management Act, and would also create a White House Office of Cyberspace Policy and provide liability protection for operators of critical infrastructure that comply with security standards.
At Monday’s hearing, the senators showed support for the White House proposal while raising some concerns.
Collins said she is troubled by language in the White House proposal to publicly disclose the security level of companies that operate infrastructure, such as power plants and electric grids that, if attacked, could cause chaos and even death. “We don’t want to give those who would do us harm a road map to how to attack our critical infrastructure,” she said.
Rather than using the “name and shame” approach, Collins suggested DHS use sanctions and also consider using liability protection as an incentive for companies to improve their cybersecurity.
Both proposals endorse greater partnerships between DHS and the private sector, which owns and operates most of cyberspace. Reitinger estimated that industry operates more than 75 percent of the cyber arena.