This release from DHS Secretary Napolitano indicates an opportunity to evaluate current policies and policy directions:
“One of my top priorities is to unify this department and to create a common culture. These action directives are designed to begin a review, evaluation and dialogue between the various functions of this department and me,” said Secretary Napolitano.
- DHS intends to revitalize its relationship with state, local, and tribal governments effective immediately with the intent of creating a working partnership.
- Critical infrastructure protection. — This entails extensive dealings with other federal agencies, states, and the private sector, involving collaboration, data collection, risk analysis, and sharing of best practices.
- Risk analysis. — What is the status of risk analysis metrics and what is the plan and time frame for setting up a full-blown system to govern the establishment of critical infrastructure programs, the priorities among national planning scenarios, and the distribution of grants to state, local, and tribal entities? More broadly, how can DHS enhance risk management as the basis of decision making?
- State and local intelligence sharing. Provide an evaluation of which activities hold the most promise for achieving the smooth flow of information on a real time basis.
- The inventory and evaluation should take into account the voices of all stakeholders, especially state, local and tribal entities.
- The evaluation should also consider the private sector’s perspective and its relationship to these stakeholders.
Cyber security and the protection of the technology critical infrastructure have been a top priority in Arizona. As Attorney General, I created the Computer Crimes Unit to train law enforcement in the identification and investigation of cybercrimes; the Unit successfully prosecuted some of the first cybercrime cases in Arizona. As Governor, I created the Statewide Information Security and Privacy Office to ensure adequate controls and safeguards are in place for all State of Arizona government technology systems and business practices.
And from WhiteHouse.gov, an outline of Obama Cyber Security Policy:
Barack Obama and Joe Biden — working with private industry, the research community and our citizens — will lead an effort to build a trustworthy and accountable cyber infrastructure that is resilient, protects America’s competitive advantage, and advances our national and homeland security. They will:
- Strengthen Federal Leadership on Cyber Security: Declare the cyber infrastructure a strategic asset and establish the position of national cyber advisor who will report directly to the president and will be responsible for coordinating federal agency efforts and development of national cyber policy.
- Initiate a Safe Computing R&D Effort and Harden our Nation’s Cyber Infrastructure: Support an initiative to develop next-generation secure computers and networking for national security applications. Work with industry and academia to develop and deploy a new generation of secure hardware and software for our critical cyber infrastructure.
- Protect the IT Infrastructure That Keeps America’s Economy Safe: Work with the private sector to establish tough new standards for cyber security and physical resilience.
- Prevent Corporate Cyber-Espionage: Work with industry to develop the systems necessary to protect our nation’s trade secrets and our research and development. Innovations in software, engineering, pharmaceuticals and other fields are being stolen online from U.S. businesses at an alarming rate.
- Develop a Cyber Crime Strategy to Minimize the Opportunities for Criminal Profit: Shut down the mechanisms used to transmit criminal profits by shutting down untraceable Internet payment schemes. Initiate a grant and training program to provide federal, state, and local law enforcement agencies the tools they need to detect and prosecute cyber crime.
- Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Partner with industry and our citizens to secure personal data stored on government and private systems. Institute a common standard for securing such data across industries and protect the rights of individuals in the information age.
SecurityFix is a great place to watch developments in this regard.