DHS advisory council report could help NPPD
A Homeland Security Advisory Council report advocating closer coordination across infrastructure segments could boost the prospects for a reorganization of DHS' cybersecurity unit.
DHS Undersecretary Suzanne Spaulding said that despite resistance from Congress, she is not giving up on plans to transform the agency's cybersecurity efforts.
Congress has so far resisted a plan to reorganize the Department of Homeland Security's cybersecurity center, but a new report could help the effort.
"Congress doesn't seem to be buying" the reorganization plan, said Suzanne Spaulding, undersecretary for DHS' National Protection and Programs Directorate, at a meeting of the Homeland Security Advisory Council (HSAC).
Spaulding isn't giving up on the effort to transform NPPD into a new entity called Cyber Infrastructure Protection. CIP would cut across the National Cybersecurity and Communications Integration Center, the Office of Infrastructure Protection and the Federal Protective Service. The effort would have physical security experts work alongside cybersecurity staff to provide a more effective and coherent defense against cyberattacks that could cause physical and cyber damage across sectors.
Spaulding said putting all those professionals together makes sense for interdependent critical infrastructure industries.
"We'll make it happen one way or the other," she added.
HSAC presented a report to DHS Secretary Jeh Johnson during the June 2 meeting that could give a boost to the reorganization effort. The group recommended that DHS take a closer look at how cyberattacks could cut across closely intertwined critical infrastructure providers, such as financial and electrical systems.
The experts noted that there is no response plan across those multiple infrastructures, and reaction and restoration procedures must be made more understandable and less ambiguous across industries.
One of HSAC's suggestions is a new national alert system that would use escalating tiers of warnings for cyberthreats against U.S. critical infrastructure providers, similar to the defense readiness system the U.S. military uses.
The report recommends a color coded, five-tier "Cyber Condition" system as the starting point to replace the National Cyber Risk Alert Level for critical infrastructure event characterization, with CyberCon 1 being the most urgent. The five tiers would progress from green to orange to red in color codes.
The mid-orange level is where extensive coordination and collaboration would happen between government and industry in terms of dynamic protocols and procedures. The red level represents "a cyber emergency of the severest nature and greatest potential impact," the report states. In those situations, the government would "be expected to convey priorities and industry will do all that is possible to support national survival, under government direction and within a comprehensive, legal and operational framework."
Green-level threats would be relatively minor concerns that infrastructure providers and their cybersecurity vendors could address. The report states that a CyberCon 2 event should be used as the starting point for assessing cross-sector restoration challenges and National Cyber Incident Response Plan requirements.