Cooperation with companies a challenge, homeland officials say
Convincing the private sector to share company information with the government in order to protect the country's cyberspace is proving challenging for the Homeland Security Department, officials said on Monday.
Simon Szykman, the department's director of cyber-security research and development, told industry executives that a "non-technical challenge" for cyber security is creating public-private relationships. "We're looking to the private sector for collaboration and cooperation," he said at the first day of the department's two-day industry forum, adding that industry owners also need to make the necessary economic investments to secure their own infrastructures.
Douglas Maughan, the cyber-security program manager for the Homeland Security Advanced Research Projects Agency (HSARPA), cited "a lack of real [company] data to test prototypes" for information and network security at research facilities.
HSARPA is looking to develop a process "by which data can be regulatory collected and shared with network-security research communities," such as national laboratories and universities, he said, noting that researchers need data on critical infrastructure, among other things.
Maughan said the department would play "marriage broker" among the companies and research facilities in order to protect sensitive information from being publicly disclosed. He said it is the government's "first attempt" working with industry to share information with researchers. Lawmakers are seeking to help the department via a bill that would give limited liability for security weaknesses to companies that provide information on those weaknesses.
Maughan also outlined for the industry executives the current and future security programs for fiscal 2005 and beyond.
HSARPA currently is researching technology to prevent Internet "worms" from attacking critical infrastructures, both physical and cyber. Under its national cyber-security strategy, the division is developing technology to combat vulnerabilities to the domain-name system.
Maughan said the department would test technology on the .mil and .gov networks before deploying it to other domain systems. "We're going to eat our own dog food first," he said.
Another project that is "heavy" on research rather than in the development stage is protecting the Internet-routing infrastructure, the systems that identify paths for Internet traffic. Maughan also said the department is conducting economic assessments of cyber attacks because the current estimates "are not founded on reality."
In fiscal 2005, Homeland Security plans to begin initiatives on privacy, information-security benchmarks and wireless security. Announcements of the programs are planned for this summer.
To fund cyber-security initiatives, the department received $18 million in fiscal 2004. The fiscal 2005 request is the same, but Szykman said it does not represent "flat funding" because Congress last year appropriated more funding for cyber security than the president requested.
"I wouldn't assume the cyber-security budget would stay flat for the future," he said, adding that several other federal entities, such as the Defense Department and National Science Foundation, are funding programs.