Morning Keynote Address: DHS Undersecretary Rand Beers (Symposium Summary)
Wednesday, March 31, 2010
Summary by Gaspar Modelo-Howard
Day two opened with a keynote from Under Secretary Beers, who has had a long and interesting career of over 34 years, including military service and working as staff member for the National Security Council, under four U.S. Presidents. During his talk, he provided an introduction of the National Protection and Programs Directorate (NPPD) and DHS, discussed the importance and role of cyber security to protect the overall security of the United States, how DHS is continually evolving to meet the changing landscape and its mission, and current challenges and problems faced by NPPD.
Under Secretary Beers began with a discussion of the responsibilities of DHS and NPPD in particular. DHS has five goals or missions, listed here in no particular order: (1) counterterrorism, (2) securing U.S. borders, (3) immigration, (4) response to disasters, and (5) cyber security. This last goal refers to protecting cyberspace for civilian side of government and working with private sector to achieve physical Critical Information Infrastructure Protection (CIIP).
DHS is a pretty new department, formed in late 2002, so they are currently embarking on the transformation of its workforce. Main reason is a number of professional disciplines were brought together to start the Department but there were at time very few professionals to start DHS. So it is an evolving organization. Currently, NPPD has equal number of private contractors and federal employees working in the Directorate but there are several initiatives to fill more permanent positions. In terms of cyber security, the Department is looking to hire 1,000 people in cyber security in the next 3 years. They also expect to increase NPPD cyber security workforce to 260 by end of FY 2010.
Under Secretary Beers mentioned the difficulty faced when hiring cyber security specialists is that academic institutions do not currently produce enough graduates to meet the federal demand. Such statement considers that not all of the needs are for pure technical positions. Much to the surprise and amusement of the audience, the Under Secretary mentioned there are not enough lawyers in DHS. It takes a long time for DHS leaders to get legal advice on some topics because there are more questions than the lawyers can answer. Some of this would also be rectified by having better laws relating to cyber security.
Generally speaking, DHS and NPPD in particular, are looking to draw knowledge and experience from math, science and cyber security communities to build a strong federal department. DHS objective is to forge stronger links with educational institutions such as Purdue University, to better prepare itself to deal with cyber security matters.
During his presentation, Under Secretary Beers made an important point to help define the national cyber security strategy: 85% of cyberspace in U.S. exists outside the government. That is why the Directorate works closely with private sector. For example, the Office of Infrastructure Protection (IP) takes 18 critical sectors of the American economy (water, power, finance, etc.) and work with them to develop security plans (standards, strategies, best practices) and improve preparedness to respond to emergencies. Mr. Beers also stressed the role cyber security plays within DHS, as it is part of every other part. Cyber security works as a cross sector, for example between the communication and information sectors.
The Under Secretary noted that cyber threats are increasing on a daily basis and they also include physical attacks, because of the potential impact they can have in cyberspace. He shared two examples: (1) a bond trading company which had to evacuate during the first World Trade Center attack of 1993 and (2) the train derailment and fire in Baltimore, 2001. In the first story, the investment company had to evacuate the World Trade Center but did not backup systems off-site. It took a presidential order to allow them to re-enter the building since the fire marshal had prohibited anyone from doing so. In the train story, the fire disrupted communication links going thru the same tunnel where the disaster occurred. Such cables were major Internet links that slowed down service around the US.
NPDD cyber security daily operations include monitoring of attacks, protecting the .gov domain and monitoring Internet connections from/to government networks. US-CERT, the cyber security operational arm within NPDD, uses the Einstein intrusion detection program to work on these responsibilities. (I think it was cool that he mentioned Einstein as usually high-ranking U.S. Government officials avoid such topics). Mr. Beers also noted that under President Obama’s cyber security 60-day review, DHS had to create a Computer Emergency Response Team (CERT) plan to deal with cyber security threats and crisis. It has been done and involved government at different levels (federal, state, local) and private sector. Also, DHS opened last October the National Cyber security and Communications Integration Center to improve national efforts to address threats and incidents affecting U.S. critical cyber infrastructure.
To finish his presentation, the Under Secretary talked about several of the current and future cyber security challenges faced by DHS. First, they are currently working on developing systems that make it possible for different cyber security players to share information. This is a common problem when requesting or managing information from different sources, for example the private sector, because such information is highly sensitive to its owner. Second, DHS is also increasingly responsible for cyber security awareness and outreach initiatives. They are working with academic institutions to foster and identify potential government employees. Third, in terms of global involvement, US-CERT is partnering with similar institutions in other countries to work on international incidents and to create stronger ties. DHS is fully aware of the interconnectivity of networks, regardless of physical location. It actively participates in the annual Meridian Conference for international CIIP collaboration and invites representatives of foreign countries to their biennial Cyber Storm exercises.
In the Q&A session, a member of the audience asked Mr. Beers if he could prioritize DHS cyber security needs in terms of the human capital. This is important as cyber security is an interdisciplinary field and there is need for professionals with technical and non-technical backgrounds. Mr. Beers listed three needs: (1) people with computer science background to operate the cyber security centers; (2) people with system design and administration skills; (3) people with business background to deal with contracting issues and proficiency to understand technical requirements. This last group is important as government has a responsibility to define as clear and specific as possible the requirements and objectives so other sectors can determine how to comply. He then mentioned that government might have to start training centers as there are not enough graduates coming from college.
As a follow up question to his comment on cyber security savvy lawyers, he was asked if real problem is that U.S. does not have the appropriate laws to protect its cyber infrastructure and also if DHS is advocating for new legal frameworks. Mr. Beers agreed that a better legal framework is required and DHS is indeed advocating for this to happen. In a later question, he also pointed out that legal and cyber security communities need to further discuss issues affecting both sides and such exchanges should also happen outside the government (because of restrictions a federal employee might have by law).
The next two questions were about international efforts taken by DHS, citing the United Nations is working on developing cyber security laws and best practices. The Under Secretary mentioned that DHS cannot work at international level and that time has come for State Department to step up.
A question then was made regarding the difficulties when physical and cyber security communities interact. Mr. Beers noted it is a recurring but expected problem when working with entities from public and private sectors. Sometimes they find cases where both exist under one directorate, but in general this is not the case and it is part of the evolution of security.
A member of audience asked about briefing on current and future strategies with U.S. Cyber Command and NSA. The Under Secretary mentioned that major elements of collaboration are still under development. There are discussions on having DHS deputy and employees at Cyber Command and NSA and vice versa.
A final question was made on comparing costs of training employees in cyber security with costs of scholarship, suggesting the second option might be cheaper. Therefore there might be an incentive to increase number of scholarships. Mr. Beers agreed to the suggestion and said DHS is looking into additional opportunities to fund students/institutions but was also quick to point out that not every cyber security professional has to come from an academic setting.
Overall, it was an interesting talk by the Honorable Beers, providing an overview of the structure, mission and challenges faced by NPPD and DHS. He stressed out the importance of cyber security as part of the primary mission of the Department and the relevance of working with different partners to successfully achieve the mission.