PALM DESERT, CALIFORNIA (03/10/2004) - A private-sector group that developed a way to collect and analyze real-time security incident data throughout the U.S. economy may drop plans to work with the U.S. Department of Homeland Security (DHS) after the agency botched a high-level executive briefing on the program, according to an internal association memo obtained by Computerworld.
The meeting took place Feb. 27 between three high-level executives from the Cyber Incident Detection and Data Analysis Center (CIDDAC) and a group of senior officials from the DHS, including the agency's chief technology officer. CIDDAC is a Philadelphia-based volunteer partnership of more than a dozen IT vendors, user companies and the FBI's InfraGard program. The purpose of the meeting was to brief the DHS on the status and capabilities of CIDDAC's real-time cyberattack detection sensors.
But when CIDDAC representatives arrived, they were met by what was described in the memo as something akin to a Marx Brothers skit.
After failing to find an available conference room for the briefing, representatives from the DHS Infrastructure Analysis & Infrastructure Protection directorate forced the CIDDAC representatives to give their briefing in a hallway as it was being vacuumed by a cleaning crew. When the CIDDAC officials finished, DHS representatives acknowledged an immediate need for the data but said they didn't have the authority to issue a letter of interest in the program. They also said the program didn't qualify for DHS grant money, according to the association memo.
In an interview, Charles "Buck" Fleming, acting executive director of CIDDAC and CEO of AdminForce LLC in Boulder, Colo., confirmed the events.
"Our recent visit to DHS firmed our conviction that the private sector needs to lead in finding the answers to secure use of the Internet and the development of methods to assess threat levels to our nation's critical infrastructure," said Fleming. "We were there (to show them) that CIDDAC has a program that will give them useful data that is currently unavailable to them. We really don't seek their funding, only a written recognition of their verbal acknowledgment that CIDDAC is on a useful path.
"But the inability to get this small nonbinding recognition of our effort in a timely fashion indicates the wide gulf that needs to be closed before useful, cooperative development can take place," he said.
While an endorsement from the DHS could have helped move the CIDDAC program from testing to full operational status "within months," Fleming suggested that CIDDAC "reject their involvement at the front end ... (and) continue with a total private-sector effort."
The group's goal is to deploy what it calls Real-time Cyber Attack Detection Sensors, or RCADS, throughout as many U.S. companies as possible and feed incident data to a centrally managed operations facility at the University of Pennsylvania in Philadelphia. That data would then be made available to the DHS without proprietary or privacy-protected data attached.
News of CIDDAC's experience with the DHS comes amid a series of stinging comments from the private sector that have raised questions about the agency's ability to lead a national cybersecurity effort.
In addition, private-sector CIOs and security managers at Computerworld's Premier 100 IT Leaders Conference here in Palm Desert, California this week indicated that the National Strategy to Secure Cyberspace is having little or no impact on security. In a survey of 169 attendees, 75 percent said the strategy has had no impact at all on their company's security posture.
Likewise, a separate survey of 164 attendees showed that 40 percent of companies don't participate in a sector-specific Information Sharing and Analysis Center (ISAC), and despite the DHS's stated goal of raising awareness, 27 percent of attendees said they didn't even know what an ISAC was.
While the DHS's awareness efforts may be suffering some growing pains, so are the agency's internal IT systems. According to an IT manager at the agency who requested anonymity, many inside the DHS, particularly those working on customs and immigration issues, still can't communicate electronically in a timely manner.
"With the restructuring of many organizations, simple e-mail can't get passed to people in the same office," the official said, referring specifically to problems between Customs and Immigration and Naturalization Service officials. "The old U.S. Customs used Lotus Notes and the old INS uses Microsoft Outlook. It takes hours for the electronic mail to bounce around inside the headquarters to reach its destination. We can't fight the war in cyberspace if the employees inside the perimeter can't talk to each other."