Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- Value of Health IT
Shows & Panels
DHS shifts from paperwork to operational cybersecurity
Monday - 12/5/2011, 8:36pm EST
Federal News Radio
The Homeland Security Department's cybersecurity stance has been reinvigorated, mostly thanks to a new face in the department's cyber division.
Alan Paller, the vice president for research at the SANS Institute, told Government Computer News the appointment of Mark Weatherford to lead the cyber division at DHS has the potential to be transformative for the agency.
Paller, who joined In Depth with Francis Rose to discuss the new DHS cyber posture, said the agency is moving into a more operational realm.
"I'm seeing a shift from paperwork and compliance energy that's been permeating the government for the last 15 years into an operational mode, where they're actually moving to improve security — not just writing about it," he said.
And it's all happening because of a change in management, he added.
"For a long time, the people who were running the cyber operation at DHS were bascially lawyers — wonderful laywers, great lawyers, but they couldn't spell TCP," Paller said. "Now that you have a new person running cybersecurity, there's a palpable shift. You can tell when you talk to the technical people that they feel like somebody's there who can understand what they're trying to do and how they're trying to do it. It's just a good feeling."
Paller said the agency's technical employees finally have a boss "who understands that you don't fix computer security by writing papers."
Overall, agencies still struggle with the hurdle of continuous monitoring, Paller said, because they continue to be graded on paper-based compliance reports rather than their actual security postures.