The new division will provide cyberspace security analysis and issue security alerts.
The Department of Homeland Security on Friday unveiled the long-anticipated formation of its National Cyber Security Division, which will work under the department's Information Analysis and Infrastructure Protection Directorate.
No decision has been made as to who will head the new agency, says a spokesman for the Department of Homeland Security. In an E-mail to InformationWeek, he said the hiring process has shifted from "quiet inquires" to "an active search to find the right person."
Whoever is selected will report directly to Robert Liscouski, the assistant secretary of homeland security for infrastructure protection.
According to a statement released by the department, the new division will provide round-the-clock cyberspace security analysis and issue security alerts. It will also improve security information sharing and aid in national-level recovery efforts.
The new division will be staffed by 60 employees and will assume many of the roles previously handled by the Critical Infrastructure Assurance Office, the National Infrastructure Protection Center, the Federal Computer Incident Response Center, and the National Communications System.
Earlier this year, some security experts criticized Homeland Security's decision not to have whoever was responsible for cybersecurity higher up the bureaucratic ladder. Cybersecurity, they said, was too important not to have a cabinet-level position. But many seem content with the decision to form the new division.
"Making cybersecurity a separate division, rather than burying it under physical security, meets a large part of the criticism that DHS had been getting. Some critics would like to have more visibility for the individual who leads that effort, but if DHS finds a person for the role who is a great spokesperson and who gets out and really pushes industry and government to do better, as Dick Clarke and Howard Schmidt did, I think DHS will do just fine," says Alan Paller, director of research at the SANS Institute, an information security cooperative research and training organization.
"I'm glad DHS stuck to its guns and did it this way," says John Pescatore, VP and research director of Internet security at Gartner. He says it's appropriate that cyber and physical security aren't kept separate. "It's not the way the world works," he says.
Pescatore says the top priority for the still-to-be-named director of the new agency isn't to stop cyberterror attacks over the Internet. "The government's priority needs to be how the DHS secures its own collaboration, how the different agencies can securely bring their systems together so they can share information," he says. "Right now, if an FBI agent thinks he's found a terrorist, he doesn't have an easy, secure way to send that information out to other agencies."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.