Right now, Rand Beers, the Undersecretary for the National Protection and Programs Directorate with the Department of Homeland Security has a lot on his mind. For one thing, he’s currently overseeing completion of the National Cyber Incident Response Plan — essentially, the playbook for how the federal government will respond to an attack on the nation’s cyber infrastructure, part of what has been called the National Response Framework.
“This will be the new plan. It is in the final stages of coordination,” Beers told cybersecurity industry representatives at the Intelligence and National Security Alliance breakfast meeting yesterday in Arlington. “It was built as part of a broad outreach program within the government, and within the private sector. And it’s absolutely critical to have that kind of input. As we try to move forward in trying to manage cyber-incidents, we can pretty much count on the fact that it’s not going to be limited to the government, but it’s going to have to involve the private sector.”
Beers says also on his to do list: the newest version of a well-known test that will stress the National Cyber Incident Response Plan.
What we intend to do then, is with the completion of the plan, to test it this fall in the Cyberstorm III exercise, which is our bi-annual exercise, which will take place in September bringing together individuals from the government, from the private sector, and in this case, from the international community as well in order to test the plan and to see, as a result of that, where it leads, what we need to adapt, both in terms of the response plan but in terms of policies and procedures.
Secretary Beers also says that for this Cyberstorm exercise, DHS will use the new National Cybersecurity Communications and Integration Center (NCCIC), which he says combines the original US-CERT computer network security program, as well as DHS’s Communications Response Center.
Beers also used the occasion of the INSA breakfast to brief the cybersecurity industry reps on the next phase of the Einstein Program. The recently implemented Einstein 2 system is what Beers called an “automatic, passive” cybersecurity system which has so far helped to uncover as many as a quarter of a million cybersecurity “intrusions”. Last March, DHS staged its first test of the next and final phase, Einstein 3.
“This Einstein 3 system will be an intrusion protection system to protect those portions of the executive branch, civilian agencies and networks.”
Beers says Einstein 3 is designed to scan entire packets of data traveling over a network for signs of an intrusion, and, “hold outside of the .gov domain those signatures that are deemed to be malicious.”
Beers briefly discussed the National Strategy for Trusted Identities in Cyberspace, which the DHS is developing with White House Cybersecurity Coordinator Howard Schmidt. He offered no new progress report on the NSTIC, for which the public comment period closed earlier this week.
He did spend his closing moments discussing an important on-going concern: the need to hire more cybersecurity technical experts, acknowledging Homeland Security Secretary Janet Napolitano’s pledge to hire a thousand new cybersecurity staff, which he characterized as an enormous challenge. Nonetheless, he says, they’re making slow progress.
“Within the National Protection and Programs Directorate, within the last few years, we’ve moved from, in fiscal 2009, we moved from 35 individuals in our national cybersecurity division, to 118, tripling of that particular workforce. Our hope by the end of this fiscal year is to have more than 260 individuals on board.”
Beers adds those additions to his staff are not included in the thousand cybersecurity experts promised by Napolitano, saying that those workers are being hired for the rest of DHS to help protect the agency’s IT infrastructure.