Name change, new org chart feature in NPPD reorg

The head of the National Protection and Programs Directorate at the Department of Homeland Security said integration of cyber and physical security efforts is the key to defusing an increasingly dangerous link between attacks on critical infrastructure and government facilities.

"I'm a firm believer that the first indication we are likely to have of a significant cyber incident will be seeing its physical consequences," NPPD Undersecretary Suzanne Spaulding said at a homeland security conference on Oct. 8.

She added that NPPD's current structure makes it difficult for cyber defenders to share critical information with the people in charge of physical security.

Her proposal to reorganize NPPD would place cybersecurity experts in the same offices as the NPPD personnel responsible for monitoring the physical security of federal facilities and critical infrastructure. She said the pairing could provide a vital interaction between cyber and physical security experts who could ferret out electronic links to potentially suspicious physical activity more quickly, such as near-simultaneous attacks on railway facilities in different regions of the country.

Spaulding unveiled the proposal to Congress during testimony at an Oct. 7 hearing of the House Homeland Security Committee's Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee. Under the proposal, NPPD operations would be carried out through three interconnected, operational directorates.

The Infrastructure Security directorate would focus on activities to protect infrastructure from cyber and physical risks by working with private- and public-sector owners and operators to build the capacity to assess and manage risks.

A second, as yet unnamed, directorate would focus on cyber-specific operations and DHS' mitigation and response to threats to IT and communication assets, networks and systems through an enhanced National Cybersecurity and Communications Integration Center (NCCIC), giving DHS' 24/7 hub for analyzing and disseminating cyberthreat information its own office.

The move would also align the center with the agency's two multibillion-dollar federal civilian cybersecurity efforts: Einstein and Continuous Diagnostics and Mitigation (CDM). The directorate would report directly to Andy Ozment, assistant secretary of NPPD's Office of Cybersecurity and Communications. DHS Secretary Jeh Johnson made that reporting change in August.

The third directorate, the Federal Protective Service, would continue to focus on direct protection of federal facilities and personnel nationwide using integrated law enforcement and security operations. It would also coordinate with NCCIC to protect cybersecurity aspects of federal facilities.

Spaulding said more integrated acquisition efforts are also part of the makeover.

"We're taking acquisition professionals and we're putting them together as a cadre of acquisition professionals under an acquisition professional who will provide clear guidance [and] standard operating procedures and make sure they have appropriate training [and other resources] and putting them right back into the programs they support," she said.

Those specially trained acquisition professionals will be better attuned to the users of the technology they're buying, she added. "They've got to be sitting side-by-side with those program managers, with the people who are deploying and operating Einstein and CDM every day," she said.

In addition, Spaulding hopes a name change for NPPD will be part of the realignment. At the conference, she said the NPPD moniker does not really fit with the merging of cyber and physical protection duties and added that a new name is in the works.