In the cybersecurity realm, a number of professionals have advocated for a centralized approach. The U.S. military has stood up a Cyber Command to coordinate cybersecurity for the DoD and DHS has gained the lead role in securing civilian government networks. Yet, one expert questions this highly centralized approach to cybersecurity.
In a recent interview with Nextgov, Mischel Kwon, former head of USCERT and currently serving as VP for RSA’s Public Sector Security Solutions, questioned this model and advocated spreading the cyber responsibilities around while doing better to educate the private sector, rather than dictate what must be done.
Kwon discussed the problem of consistently seeing DHS as a dumping ground for new solutions. She would rather like to see if DHS can handle its current load without continuously giving it more responsibilities.
She also believes FISMA was well written, but poorly implemented. As the government considers its cybersecurity policy, Kwon cautions against being “overly prescriptive.” She also believes the security model needs to change from compliance in time limits to considering the issue as a series of competing priorities. The area that is of highest priority should be focused on, but time limits are counterproductive, according to Kwon.