Cybersecurity agencies merge

The U.S. Department of Homeland Security has merged three organizations that help private industry cope with cyberemergencies–the National Infrastructure Protection Center, the National Communications System and the Federal Computer Incident Response Center–into a new agency called the Information Analysis and Infrastructure Protection (IAIP) directorate. The purpose of the merger, which is dictated by law, is to eliminate overlap and address gaps in how the government collects, investigates and disseminates information about security breaches. DHS Secretary Tom Ridge wants US$829 million to fund IAIP in 2004.

For now, says David Wray, acting communications director for the IAIP, companies won’t need to change how they share information with the government. Most employees who transferred will keep the same jobs in the new directorate for now, and Wray advises CIOs to maintain the relationships they have with staff from the previous organizations.

Alan Paller, director of research with the SANS Institute, a private organization that provides research and education about information security, says the consolidation will strengthen government’s cybersecurity efforts. But concerns linger about how effective the DHS will be at preventing cyberattacks during the months-long transition.

In testimony before the House Technology, Information Policy, Intergovernmental Relations and Census Subcommittee last month, former NIPC Director Michael Vatis said it could take at least a year for the IAIP to ramp up fully. That’s “troubling,” says Vatis, who now heads the Institute for Security Technology Studies at Dartmouth College, because the number and severity of cyberattacks is increasing.