In an address to a gathering of the Commonwealth Club last week, Homeland Security secretary Michael Chertoff re-emphasized the importance of government agencies working closely with the private sector to ensure the security of the computer systems that control the nation's critical infrastructure.
"We know the private sector and the high-tech world obviously have to work with us in deterring these kinds of physical attacks. But when it comes to securing our cyber systems that connect and control much of that physical infrastructure, we depend on our technology providers to take even a more direct role, and to partner with us in cyber risk assessment and mitigation, in order to achieve the measure of security that our cyber architecture demands," he said.
Secretary Chertoff then went on to outline several things the department has planned to improve the nation's cyber security and the security of computer systems controlling aspects of the nation's critical infrastructure. Among the priorities the secretary outlined for the department as regards cyber security were creating a cyber space response system, improved information sharing between government agencies and industry on both operational and strategic issues such as software assurance and security-aware corporate governance.
Chertoff also said the department is working to finalize the National Infrastructure Protection which will include "baseline preparedness plans and response protocols for seventeen critical infrastructure sectors and resources, including Information Technology, Agriculture, Water, and Energy."
"We're looking at all aspects of cyber in our risk management approach to identify threats, reduce vulnerabilities, and provide protective measures to mitigate against and respond to the possible consequences of an attack," he continued.
Chertoff said the federal government has done a lot to ensure the security of computer systems controlling the nation's critical infrastructure, much of which is privately owned; but at the same time, he pointed out the need for the ingenuity and creativity of the private sector.
"Security, even cyber security, cannot take the form of government dictates, but must be the product of strong partnership work and disciplined collaboration," Chertoff explained.
The next challenge, Chertoff said, is to work out how this partnership is implemented. He said the department is currently working with industry players in the information technology to determine the best way to facilitate the public-private partnership between the two parties.
As reported earlier, Chertoff created an Assistant Secretary for Cyber and Telecommunications position within DHS, as part of the recently completed Second Stage Review, which will elevate the importance of cyber security in the department's management and organizational structure.
"Going forward, [the Assistant Secretary] will play an integral role, working with you, as we implement our information technology infrastructure protection plans, and as we prepare for a large scale cyber security exercise this November to test the level of our preparedness."
This position still remains to be filled.