6.1 The DHS cybersecurity organization

Dale L. Watson, executive assistant director of counterterrorism and counterintelligence of the FBI, testified before the Senate Select Committee on Intelligence on February 6, 2002. Watson pointed out that during the past several years, the FBI had identified a wide array of cyberthreats, ranging from defacement of Web sites by juveniles to sophisticated intrusions sponsored by foreign powers.

Some of these incidents pose more significant threats than others. The theft of national security information from a government agency or the interruption of electrical power to a major metropolitan area obviously would have greater consequences for national security, public safety, and economy than the defacement of a Web site. But even the less serious categories have real consequences and, ultimately, can undermine public confidence in Web-based commerce and violate privacy or property rights. An attack on a Web site that closes down an e-commerce site can have disastrous consequences for a Web-based business. An intrusion that results in the theft of millions of credit card numbers from an online vendor can result in significant financial loss and, more broadly, reduce consumers' willingness to engage in e-commerce.

Watson contended that beyond criminal threats, cyberspace also faces a variety of significant national security threats, including increasing threats from terrorists. Terrorist groups are increasingly using new IT and the Internet to formulate plans, raise funds, spread propaganda, and engage in secure communications. Cyberterrorism-meaning the use of cybertools to shut down critical national infrastructures (e.g., energy, transportation, or government operations) for the purpose of coercing or intimidating a government or civilian population-is clearly an emerging threat.

In pursuit of stronger cybersecurity, DHS created the National Cyber Security Division (NCSD) under the department's Information Analysis and Infrastructure Protection Directorate. The NCSD was established to provide for 24/7 functions, including conducting cyberspace analysis, issuing alerts and warnings, improving information sharing, responding to major incidents, and aiding in national-level recovery efforts.

The foundation of NCSD was transferred to DHS from the former CIAO, the NIPC, the Federal Computer Incident Response Center, and the National Communications System. With 60 employees, the Division is organized around three units designed to:

1. Identify risks and help reduce the vulnerabilities to the government's cyberassets and coordinate with the private sector to identify and help protect critical cyberassets.

2. Oversee a consolidated cybersecurity tracking, analysis, and response center (CSTARC), which will detect and respond to Internet events; track potential threats and vulnerabilities to cyberspace; and coordinate cybersecurity and incident response with federal, state, local, private-sector, and international organizations.

3. Create, in coordination with other appropriate agencies, cybersecurity awareness and education programs and partnerships with consumers, businesses, governments, academia, and international communities.

The NCSD will work closely with the DHS S&T Directorate to implement all required programs for research and development in cybersecurity. While S&T will provide the actual research and development functions and execution, the NCSD will provide detailed requirements for the direction of the research and development in response to needs of public- and private-sector organizations.