DHS creates division for cybersecurity

The Homeland Security Department is winning praise from industry for its new National Cyber Security Division, within the department's Information Analysis and Infrastructure Protection Directorate.

"This is a welcome move by the department, and industry looks forward to working closely with this important new unit of DHS," said Robert Holleyman, president and chief executive officer of the Business Software Alliance.

The new unit was announced today at a press briefing held by Robert Liscouski, assistant secretary of homeland security for infrastructure protection.

The cybersecurity division has about 60 employees right now, Liscouski said, and is drawn from the defunct Critical Infrastructure Assurance Office and National Infrastructure Protection Center, along with elements of the Federal Computer Incident Response Center and the National Communications System.

The division will identify, analyze and reduce cyberthreats and vulnerabilities, disseminate threat warning information, coordinate incident response and provide technical assistance in operations and recovery planning, DHS said in a press release.

"The theme is to think big, act small and scale fast," Liscouski said of the division's responsibilities.

He defended the time it took DHS to create the division. He said industry fears over the loss of a presidentially appointed position, such as that held by former cybersecurity czar Richard Clarke, were unfounded. Industry was concerned this move would weaken the importance of cybersecurity.

The Information Technology Association of America, pleased over the new division, is still concerned about the loss of organizational clout.

Harris Miller, ITAA president, said: "While the director position was not given the rank within the administration that we believe it merits, the fact that ? Liscouski has agreed to build an organization under him that coordinates the cybersecurity activities of the various offices within DHS and other agencies, and serves as the central point of contact for the private sector, shows his resolve to address cybersecurity challenges head-on."

Liscouski said the department is looking for someone to lead the new division. "Name recognition is important, as long as [the person] is credible," he said. Other criteria for the new position are experience in the private sector, preferably "steeped in technology," and someone visionary, he said.

One ongoing cybersecurity issue is balancing companies' protection of their information against the public's right to know of systems' vulnerabilities. Liscouski said he doesn't "have a good answer right now" over how the new division will strike that balance.