NPPD to become Cyber Infrastructure Protection
The reorganization of DHS's cyber agency aims to showcase spectrum of physical and IT protections.
Andy Ozment of DHS says a pending reorganization of the agency's cyber outfit will better employ its capabilities.
A plan to reorganize the Department of Homeland Security's National Protections and Programs Directorate, currently under review on Capitol Hill, would recast the organization into a form that better employs its capabilities, from cyber to physical protections, according to Andy Ozment, DHS' assistant secretary for Cybersecurity and Communications.
In remarks to the Information Security and Privacy Advisory Board on March 24, Ozment said the plan would rename NPPD to Cyber Infrastructure Protection and cut across current stovepipes of the National Cybersecurity and Communications Integration Center, the Office of Infrastructure Security and Federal Protective Services.
"The name seems silly," said Ozment, "but it's important" because it is a plain explanation of what NPPD does in a form it currently doesn't have.
The reorg would combine all technical cyber activity such as the Continuous Diagnostics and Mitigation program and the Einstein network security system under NCCIC, an organization that will be led by an assistant secretary. NCCIC also includes cyber early warning organizations US-CERT and ICS-CERT, which cover threats to private sector and industrial networks.
"The NCCIC will be the primary interface with the Federal civilian executive branch customers for their agencies' cybersecurity issues and will provide technical operational capability as needed," according to the plan.
The blog Lawfare first reported on the release of the plan to Congress on March 21.
The new organization plan, which was floated by DHS last fall, would allow the department to say, "here's everything we can do for you from the physical to cyber," Ozment said.
Currently, Ozment said, agents in the NPPD Office of Infrastructure Security, who talk to critical infrastructure providers about physical security, might not be able to explain the agency's myriad cyber protection services and vice versa. That kid of synergy is at the heart of the plan that NPPD Undersecretary Suzanne Spaulding previewed last fall.
"I'm a firm believer that the first indication we are likely to have of a significant cyber incident will be seeing its physical consequences," Spaulding said at an Oct. 8 cybersecurity conference.