Janet Napolitano is hitting the ground running in her new role as Secretary of the Department of Homeland Security (DHS) — a pace that aims to help DHS respond to criticism it faced in the wake of Hurricane Katrina and a rash of security vulnerabilities.
In her first week on the job, the new DHS chief issued directives calling for an oral report on cybersecurity, as well as on infrastructure protection, risk analysis, interagency intelligence sharing and transportation security. Those reports are expected to be delivered on Monday and Tuesday, InternetNews.com has learned — potentially setting the stage for action in each of those areas.
The flurry of activity will help the department cope with charges of mismanagement and lax security at DHS. Though it is tasked with keeping America safe, the department has also run up a record of high-profile failures during its short history. Its role in the response to Katrina, followed by a series of data breaches, led to Congressional criticism of the department’s former secretary, Michael Chertoff, and its CIO, Scott Charbo.
Cybersecurity in particular has emerged as a major area of concern for DHS and other U.S. agencies in the wake of major lapses in government and corporate database security. For Homeland Security, it’s proved especially vexing: According to congressional testimony, the department suffered 844 data breaches during its fiscal 2005 and 2006, leading a House subcommittee on tech and cybersecurity to accuse Charbo in 2007 of not doing his job.
Concerns over the nation’s cybersecurity last month prompted the Center for Strategic and International Studies (CSIS), a Washington, D.C.-based bipartisan think tank, to propose a sweeping set of changes on the matter for the incoming Obama administration.
The proposals included the creation of new cybersecurity offices and closer ties between the Obama administration and the private sector on how to best secure cyberspace.
Forming a plan
In her directives last week, Napolitano, the former governor of Arizona, indicated she wants to examine the department’s authorities and responsibilities for protecting both the public and private sectors from cyber threats.
According to her directives, the new DHS secretary also will be weighing her department’s relationships with other agencies, especially the departments of Defense, Treasury and Energy and the National Security Agency. While an oral report on cybersecurity is set for Tuesday, the final report on cybersecurity is scheduled to be delivered to her by Feb. 17.
Amy Kudwa, acting press secretary at the DHS, said the reports will help inform Napolitano’s next steps.
“She’s taking on a broad review of all the department programs, plans and initiatives,” Kudwa told InternetNews.com. “Changes in policy have not been outlined yet, but stay tuned.”
Napolitano will also have to ensure the DHS retains and enlists dependable in-house talent to handle cybersecurity. One hole to be filled will be that left by Greg Garcia, assistant secretary for cyber security and communications, who departed in December.
“One of my top priorities is to unify this department and to create a common culture,” Napolitano said in a statement when issuing the first round of directives. “These action directives are designed to begin a review, evaluation and dialogue between the various functions of this department and me.”
Beyond data security
Napolitano’s placing a great deal of her immediate focus on other areas of her jurisdiction as well. Last week’s directives are also aimed at finding out the current status of the critical infrastructure list and details on plans to encourage private sector participation.
In the broadest terms, Napolitano’s look at risk analysis is to find out how DHS can enhance risk management as the basis of decision making. Among other things, she wants to know the status of risk analysis metrics, according to her directives.
Napolitano is also looking to get a handle on the multiplicity of activities underway in the DHS to focus on improved intelligence sharing between it and federal, state, local and tribal entities, as well as with the private sector. According to her directives, the new secretary wants to ensure they are linked to government-wide efforts to establish the Information Sharing Environment as described in Section 201(d) of the Homeland Security Act of 2002.