Cybersecurity: The Most Active, Dynamic and Threatening Area of Risk

PHILADELPHIA — Cybersecurity and public-private partnerships are two of the top buzzwords of 2012 in the homeland security and emergency management fields — and that was clearly the case during the ASIS International Annual Seminar on Monday, Sept. 10, in Philadelphia. DHS Secretary Janet Napolitano spoke during the event and called cybersecurity an urgent, sustained concern that requires industry and government to work together on preparedness and response.

“At DHS we recognize that government alone cannot protect our nation,” Napolitano said.

Napolitano said the private sector is in a good position to recognize signs of a potential cyberattack, and information sharing remains one of the most important tools for detecting threats and being able to act on them. Although information sharing has increased in the last 11 years since the 9/11 attacks, more work remains, and Napolitano said the DHS wants to make it easier for businesses to share information with the federal government when they are attacked.

She also stressed that the communication needs to go in both directions and the statistics show that this is already taking place. In 2011, the U.S. Computer Emergency Readiness Team (US-CERT), which seeks to manage cyber-risks, responded to more than 106,000 incident reports and released more than 5,000 actionable cybersecurity alerts to public- and private-sector partners.

In addition to US-CERT, Napolitano called out numerous DHS initiatives that seek to increase cybersecurity in the nation, including:

• the creation of the first  U.S. National Cyber Incident Response Plan;
• a cyber self-evaluation tool that more than 1,000 companies used last year;
• the DHS Industrial Control Systems Computer Emergency Response Team that assesses the security of control system entities. 78 of these assessments were completed in 2011;
• the National Cybersecurity and Communications Integration Center, a 24/7 watch center that includes private-sector representatives;
• the Science and Technology Directorate is working on deployable cybersecurity solutions; and
• getting the public involved with the Stop, Think, Connect campaign that promotes safe online practices.

A multitude of methods are used to prepare for and respond to cybersecurity, or as Napolitano called it, “the most active, most dynamic and most threatening area of risk.”

Another way the federal government seeks to prepare for cyberissues is by investing in a dependable workforce for the future. Napolitano said the DHS has increased its cybersecurity workforce by more than 600 percent and it’s creating a career path in government for security professionals. The DHS is increasing training and development opportunities through programs like internships and fellowships. In addition, it is building education infrastructure in the form of centers of excellence that will be located throughout the U.S.

The idea that it’s a good time to be a security professional was echoed in an ASIS International survey. The organization’s U.S. Security Salary Survey found that the average annual compensation for U.S. security professionals increased 14 percent from 2011 to $121,000. ASIS International also reported that the top three sectors in regard to average compensation are natural resources and mining ($181,000), information ($108,000) and manufacturing ($142,000).

“The [cyber] threats are real and they are ever evolving,” Napolitano said.

The ASIS International Annual Seminar brought together thousands of security professionals to discuss a broad range of security topics and runs through Sept. 13.