The Future of Homeland SecurityWhos in Charge?



  • Will the government be able to keep cybersecurity policies up to date during a time of digital disruption?
  • HPEs Bill Toti explains why responding to government cyber threats presents complex challenges

New cybersecurity legislation aims to improve coordination between government agencies and the private sector

As the cyber threat landscape continues to become more agile and innovative, the U.S. has made cybersecurity a priority across a number of federal government agencies. But in having so many organizations dedicated to protecting our population (e.g., the Department of Homeland Security, the FBI, the CIA, etc.) the adage too many cooks in the kitchen often seems to apply to our threat response plan.

The way these federal government agencies have responded to cyber threats in the past is quite complicated. Many of the agencies have overlapping responsibilities, both with each other and with the private sector. But cybersecurity experts agree that this setup is concerning. During a major cyber event is not the time to figure out whos in charge, said Bill Toti, VP of Homeland Security and Defense for HPEs U.S. Public Sector.

Toti also noted that cyber events dont typically occur in a confined area, such as within state lines, meaning that virtually every incident comes under federal jurisdiction.

In an effort to coordinate cybersecurity responses among federal agencies, President Obama recently signed a Presidential Policy Directive on United States Cyber Incident Coordination (PPD-41). PPD-41 complements the Cybersecurity National Action Plan, which, according to the White House, puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security and empower Americans to take better control of their digital security.

In other words, PPD-41 answers the questions around which agency should take the lead in cybersecurity-related situations. It notes that in responding to any cyber incident, federal agencies shall undertake three concurrent lines of effort:


  1. The Department of Justice, acting through the FBI, will lead threat response, including conducting law enforcement and investigative activity at the affected entitys site;

  2. The Department of Homeland Security will lead asset response, including helping affected entities protect their assets, mitigate vulnerabilities and reduce impacts of cyber incidents; and

  3. The Director of National Intelligence will lead intelligence support to share critical information and analysis of threat trends and events.

Its important to point out that PPD-41 isnt a plan to thwart cyber threats. Instead, explained Toti, it provides a plan for a plan. It establishes a large, multi-agency cyber incident coordination team that is responsible for the prevention and reaction to cyber threats.

PPD-41 will also help these organizations create actual policies around cybersecurity, something that has been missing in federal cybersecurity efforts thus far.

PPD-41 will have its challenges, of course, especially when it comes to the private sector. As an example, it will be difficult to create policies that will work across industries that have relationships with federal agencies. In addition, there is the ever-present concern that government agencies wont have the agility to keep policies up to date with constantly changing technologies. And lastly, private sector organizations have network architectures designed for their specific needs, and are concerned that federal cybersecurity policies will require cost-prohibitive changes to that architecture. Companies like HPE, which has insight into the different security architectures across government agencies and industries, could help bridge the gaps.

With a program of such size and scope, Toti expects that it will be some time before we see any real implementation. Its slow going, but it is steady going, he explained.

Toti added that making progress on PPD-41 is critical for the U.S. We cant lose sight of how serious the cybersecurity problem could be, he said. A cybersecurity attack could be the next 9/11it has the potential to affect our bank accounts, our airlines and our water supplies. There may not be a more important matter facing our country today than this one.