*Well, you heard it here first, unless you read
SANS like I do, in which case, you heard it here
second.
–House Subcommittee Approves Bill to Create Assistant Secretary for Cyber Security Position at DHS
(20 April 2005)
The House Subcommittee on Economic Security, Infrastructure Protection and Cyber Security has approved HR 285, the Department of Homeland Security Cybersecurity Enhancement Act which would create an assistant secretary for cybersecurity position at DHS.
(((I hope they drew a breath after all those polysyllables.)))
Presently, the highest ranking cybersecurity position at DHS is the director of the National Cyber Security Division; industry has been pushing for a higher ranking cyber security position. (((Industry, and, uh, millions of victims of rampant cybercrime worldwide.)))
Among the assistant secretary's responsibilities would be "establishing a national cyber security response system, ... a national cyber security threat and vulnerability reduction program, ... and ... a national cyber security awareness and training program."
http://www.infoworld.com/article/05/04/20/HNhousesecurity_1.html
Text of HR 285: http://www.govtrack.us/congress/billtext.xpd?bill=h109-285
(((This is the best part here: the jaundiced commentary
(yet accurate) by the much-burned insiders.)))
[Editor's Note (Schneier): I predict more failure. This is still
lacking any sort of coordinated plan. Awareness is all very well, but
it doesn't accomplish much.
(Pescatore): Big sigh. We are still lacking what Presidential Decision
Directive 63 called for waay back in 1998: a coordinated focus on the federal government becoming a model citizen in Internet security, and using its buying power to move the market forward. Bully pulpits are fine, the government actually moving forward would be much more effective.
(Paller): John and Bruce are exactly right. DHS has not led the way in
using its procurement power to buy safer systems. Perhaps a new
Secretary and a new - yet to be named - CIO at DHS will enable the
Department to lead by example and then begin to help other agencies improve their security through smarter use of available funds.
(Ranum): This is going to be another "failure as usual" for the
government. Here's how I can tell: already they are talking about the
responsibilities of the position and not about the authority of the
position or its power to get anything done.
(Schultz): Perhaps elevating the position of the DHS cyber security
chief will help reverse the dismal trend of quick exits of individuals
who have held this position in the past.
(Schmidt): We have said many times that the majority of the work needs to be done by the private sector (worldwide): better software, easier security, self healing, self repairing systems etc. Like any other job, the more senior the position the more likely more resources are applied and the greatly chance for success in a shorter period of time.]
Good luck, Mr Cyberczar, whoever you are:
http://wired-vig.wired.com/wired/archive/13.01/view.html?pg=4
*Oh wait. Are you Admiral Poindexter? Sorry,
but you've used up enough luck for a lifetime.
/p>
