The growing role of the Department of Homeland Security in governing federal cybersecurity has its limits, says Mischel Kwon, who until this summer served as director United States Computer Emergency Readiness Team, the DHS agency that analyzes cyber threats and vulnerabilities in federal networks, disseminates cyber threat warnings information and coordinates national incident response activities.
Some lawmakers seek to give DHS additional authority, including the coordination of cybersecurity initiatives and review other agencies IT security budgets, but Kwon - now vice president of public sector security solutions at the security firm RSA - says that would be unadvisable.
"DHS has lot on plate right now in regards to cybersecurity. It's a new department and has a lot of growing and maturing to do, and I'm not sure it's the right thing to put all eggs in one basket," Kwon, now a vice president at the security firm RSA, said in an interview with GovInfoSecurity.com.
Besides, Kwon said, various departments and agencies already have cybersecurity expertise in their areas, and the government should exploit that know-how through better coordination. "We already have relationships and intellectual knowledge in each one of these departments and agencies, and I think it's important that we understand how we collaborate as a government to make this work instead of setting up one silo entity to be cyber," Kwon said. "Just taking everything and dumping into DHS is actually going to hurt the cause."
Other topics addressed by Kwon in the interview:
Kwon was interviewed by GovInfoSecurity.com's Eric Chabrow.
Kwon joined RSA in August. She headed U.S.-CERT from June 2008 to August 2009. previously, she served as chief IT security technologist within the Justice Department as well as its acting deputy director of IT security. Since 2006, she has served as an adjunct professor of cyber defense and leads the Cyber Defense Lab at George Washington University.
She earned a master in computer science from Marymount University and a master certificate in information assurance from George Washington University.