By Mark Weatherford, Deputy Under Secretary for Cybersecurity
On Wednesday, I discussed the recently-introduced Cybersecurity Act of 2012 and the ways it will help keep the American public safe from theft, fraud and loss of personal and financial data. Another important component in the proposed legislation addresses one of DHS’ core cybersecurity missions – securing the federal executive branch networks.
Protecting the “dot-gov” domain is critical because it’s not only where the government does its own business and maintains essential functions, but it’s also where we provide services to the American people. One of the ways DHS helps to secure these networks is through the National Cybersecurity Protection System, which leverages sophisticated intrusion detection capabilities. We also provide onsite technical assistance to help agencies bolster their own cybersecurity defenses and respond to incidents when they happen. The proposed legislation would enable DHS to be more effective and efficient in its protection of federal networks by clarifying DHS’ authorities in this space and enabling better sharing of cybersecurity information from other federal agencies to DHS. At the same time, strong privacy and civil liberties protections have been incorporated into the proposal to protect the rights of federal employees and other uses of federal systems.
Supporting Federal civilian departments and agencies in enhancing their cybersecurity posture is a priority for the Obama Administration as evidenced in the President’s FY 2013 budget request, which allocates an additional $200 million above FY 2012 to further reduce risk in the Federal cyber domain. This funding will enable improved continuous monitoring at departments and agencies, and support other critical cybersecurity capabilities to thwart advanced, persistent cyber threats. The legislation would further this effort by modernizing the Federal Information Security Management Act (FISMA) to focus agencies’ network security efforts on the implementation of actual security measures instead of costly and ineffective paperwork exercises.
None of these robust cybersecurity operations are possible without a world-class workforce. Over the past two years, DHS has increased the size of its cybersecurity workforce by approximately 500 percent, and the Department’s FY 2013 budget request continues to support high-quality, cost-effective cybersecurity education and training to develop and grow a robust cybersecurity workforce. The proposed legislation will enhance DHS’s ability to attract and retain cybersecurity professionals to execute our complex and challenging mission by providing additional hiring and compensation flexibilities.
Cybersecurity is complex and always changing. The Cybersecurity Act of 2012 aligns closely with the Administration’s proposal and serves to better define what is expected of DHS and what tools are at our disposal to accomplish the cybersecurity mission. In short, it will enable us to execute on our current mission more efficiently and effectively to protect the federal government’s computer networks.