“Cybersecurity Is the New Homeland Security”
In a recent conversation with a state/local homeland security professional, a discussion about the relationship between cybersecurity and homeland security began with a compelling story about the early days, when homeland security was just emerging from the ashes of 9/11. Tom Ridge was, like William “Wild Bill” Donovan in the early days of WWII, building a new government agency to defend the country. White powder near the coffee maker or on the table where the powdered donuts were eaten yesterday was resulting in calls to 911. And concepts like “critical infrastructure protection” and “public-private partnerships” were becoming popular priorities…
“…I was appointed my agency’s representative on our states “homeland security task force”, so I was doing that plus my regular job which at that time hadn’t changed much. I remember clearly getting an email (back in those days I didn’t get as many so I could actually remember them). The email said that my agency was being awarded a grant of $100,000.00 for homeland security projects. Just like that. Here’s a hundred grand. Spend it. A few years later I applied for and was awarded over $2 Million in one year for my agency’s projects. Then we had a process but it was manageable. A couple of years after that, the process started getting heavy. Lots of red tape, lots of detailed submittals. And there was more competition and a rigorous application and selection process. Around 2008 it began to get downright difficult to find time to get the regular job done. Now, the money is almost non-existent, but the hassle remains and then some. So if you want to know what is keeping us from pulling out of the homeland security enterprise all together, I’ll tell you. First, we want to remain at the table and have access to collaborative opportunities and information. Second, cybersecurity. Our networks are being attacked all day everyday and our systems are vulnerable. Cybersecurity is the new homeland security and we are afraid of missing out on opportunities to get help.”
The phrase “cybersecurity is the new homeland security” was the impetus for a brainstorming session that resulted in the following five ideas or concepts associated with the relationship between cybersecurity and homeland security. We did not necessarily set out to answer any questions or decide on any outcomes, but we found the conceptual discussion provided great opportunities for research and discussion:
- Cybersecurity is a Part of Homeland Security – Cybersecurity may be a part of one sector of the homeland security enterprise. In the National Infrastructure Protection Plan it would likely fall somewhere within the Information Technology sector. However if that is true, it may be currently the only sector that matters. Toss out the sectors that haven’t been attacked today, or this week, or this month, and you are left with IT. And with all of the other sectors relying on IT systems to operate, why do we need the rest of the plan? (It’s a conceptual question.)
- The Bad Guys Are in Cyberspace – With drones buzzing overhead waiting for the bad guys to look up or worse, make a phone call, what better way to keep up the attack on the US then staying underground and anonymous. No need to go to the airport with a thousand cameras watching your every move. The Israelis have you profiled before your bags are out of the trunk. Just pick a cool online handle and bounce your IP through Iran. You’ll be probing US drinking water systems or the power grid by lunch.
- Cyberspace is All-Hazards – A few years into the homeland security enterprise “all-hazards” became a buzzword. It was followed by “resilience” and the current “whole community“. But homeland security should be an “all-hazards” enterprise, and cybersecurity certainly fits the bill. Cyberspace is rife with not just terrorists but, more abundantly, everyday criminals. Cybersecurity offers an unparalleled opportunity for the all hazards approach, and any agency involved in cybersecurity operations must operate to root out crime and terrorism. That’s worth funding with grants. And that’s why Director Mueller is focused on cyber.
- Homeland Security is Still Vague and Nebulous, Cybersecurity is Not -We know it is a recurring theme here at HLSR but we still don’t completely understand what “homeland security” really entails or how well most homeland security degrees prepare students to enter the workforce. However give me a BS in Network Security from an accredited school and I’ll give you a job.
- The Energy and Excitement Factor – The energy and excitement is in the Cybersecurity area today just as it was in the homeland security area in 2002. However the trends all point to a longer and more drawn out fight in cyber as computers become more and more a part of everything we do – cybersecurity may outlive homeland security. One litmus test is, “What is Congress currently unable to agree upon?” They have been most recently unable to pass some much needed cyber legislation, so states are getting more involved. That means that whether Congress acts or not lots of energy, excitement, money and jobs are in the field of cybersecurity, while the Homeland Security Grant Program fizzles and the Urban Area Security Initiative downsizes.
We’re not giving up on homeland security, and an “all-hazards”, “resilient”, “whole-community” approach is necessary in the long term. Tactics will evolve and too much focus in one sector will surely leave us vulnerable. But there is no denying the fact that thousands, probably millions of attacks occur daily on US infrastructure via the computer networks. If the Department of Homeland Security truly focuses on risk, there will be a laser focus on cybersecurity for years to come.