Diffused Cyber Security Responsibilities

This was written by Michael Cheek on Monday, November 30, 2009, 15:03.

In the cyber security realm, a number of professionals have advocated for a centralized approach. The US military has stood up a Cyber Command to coordinate cyber security for the DoD and DHS has gained the lead role in securing civilian government networks. Yet, one expert questions this highly centralized approach to cyber security.

In a recent interview with Nextgov, Mischel Kwon, former head of USCERT and currently serving as VP for RSA’s Public Sector Security Solutions, questioned this model and advocated spreading the cyber responsibilities around while doing better to educate the private sector, rather than dictate what must be done.

Kwon discussed the problem of consistently seeing DHS as a dumping ground for new solutions. She would rather like to see if DHS can handle its current load without continuously giving it more responsibilities.

She also believes that FISMA was actually well written, but poorly implemented. As the government considers its cyber security policy, Kwon cautions against being “overly prescriptive.” She also believes that the security model needs to change from compliance in time limits to considering the issue as a series of competing priorities. The area that is of highest priority should be focused on but time limits are counterproductive according to Kwon.