Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:47 AM
Connect Directly

Homeland Security, Defense Sign Cybersecurity Pact

The deal should improve collaboration between the agencies and, in particular, boost DHS' encryption and decryption capabilities.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The Department of Homeland Security and Department of Defense, which together carry out much of the federal government's cybersecurity work, announced a pact Wednesday that aims to improve government defense of private, government, and military networks.

The five-page agreement, signed in late September by defense secretary Robert Gates and homeland security secretary Janet Napolitano, but made public only this week, creates a "framework" within which officials from DHS, DoD, the National Security Agency, and the military's new Cyber Command will work with one another on cyber-related issues. In the process, the deal increases formal ties in a relationship that, until now, has been largely ad hoc.

As part of the pact, a group of NSA cryptologic analysts will be embedded at the National Cybersecurity and Communications Center (DHS' cyber operations center) in Arlington, Va., and DHS will send Adm. Michael Brown, deputy assistant secretary of DHS for cyber security, with a support team of privacy and civil liberties personnel, to NSA's National Threat Operations Center and Cyber Command's headquarters at Fort Meade, Md. The organizations will also create a Joint Coordination Element under Brown at NSA headquarters to do joint operational planning and coordination.

While the agreement does nothing to add to or subtract from the responsibilities of any of the organizations involved, it could, in particular, improve DHS' capabilities to mitigate malware as part of its role to protect government networks and provide cybersecurity support to private companies, said Center for Strategic and International Studies senior fellow Jim Lewis.

"The easiest way to think about this is that malware has encrypted parts, and NSA is best equipped to crack the encryption, so we should give them that ability," Lewis said. "Getting them embedded in DHS will get the [National Cybersecurity and Communications Integration Center] to do a better job."

Embedding NSA officials within DHS is also likely a cheaper and quicker way to increase DHS' encryption capabilities than requiring DHS to ramp up its encryption skills on its own. Gates and Napolitano hinted at this in a joint statement, saying that one of the goals of the deal was to improve "economy and efficiency."

The relationship between DHS and NSA has not always been an easy one, and this deal could signal a bit of progress on that front. The March 2009 resignation letter of DHS' former cyber official Rod Beckstrom criticized the NSA's increasing involvement in cybersecurity, for example, and, while DHS has a primary responsibility over helping to protect critical infrastructure networks (think power plants, air traffic control systems, etc.), both NSA, via its Perfect Citizen project, and Cyber Command have demonstrated an interest in having an increased role there.

"This structure is designed to put the full weight of our combined capabilities and expertise behind every action taken to protect our vital cyber networks, without altering the authorities or oversight of our separate but complementary missions," Gates and Napolitano said in a joint statement. "We will improve economy and efficiency by better leveraging vital technologies and personnel to serve both Departments’ missions in full adherence to U.S. laws and regulation."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-08-16
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
PUBLISHED: 2019-08-16
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
PUBLISHED: 2019-08-16
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
PUBLISHED: 2019-08-16
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
PUBLISHED: 2019-08-16
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.