Mohana Ravindranath | Nextgov | May 3, 2017 | 0 Comments

Agency Leaders Should Be Accountable for Protecting Data, Former DHS Chief Says

Former U.S. Homeland Security Secretary Michael Chertoff Seth Wenig/AP File Photo

President Donald Trump's long-awaited cybersecurity executive order is expected to shift away responsibility for information security from agency chief information officers to agency heads. Michael Chertoff, homeland security secretary under President George W. Bush, thinks that's the right move.

Within federal agencies, "a significant failure of security that causes a lot of damage is ... a really fundamental problem. It's not just going to be, 'Here's a technical problem, fire the technical guy,'" Chertoff said at an Adobe Government event, which was produced by the events division of Government Executive Media Group, Nextgov's parent company.

Chertoff said he hoped "handling sensitive data of all kinds" will become an "accountability issue" in the incoming administration.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Chertoff, who co-founded security advisory firm the Chertoff Group after leaving government, noted the Edward Snowden revelations made data sharing between federal agencies more complicated. One solution he suggested could be to analyze every data set to understand which ones should be shared outside the owner agency.

During the 9/11 terrorist attacks, when Chertoff served as a federal judge, "one of the obvious imperatives ... was sharing information and connecting the dots. And we move[d] very much more in the direction of fighting the resistance to sharing, to actually making sharing an affirmative obligation," he said. After the Snowden incident, he said, "everybody goes, 'Whoa, wait a second, sharing is bad.' ... You've got to calibrate, at the data level, what degree of sharing is appropriate."

For instance, he suggested, an official might say, "'Here's something you need to know about, because it's relevant, but you're not privileged to look at it until you go to your originating agency and you get permission.' Or, you might want to say, 'If something moves out of a certain space, it no longer exists.'"

What's most important in today's information security landscape, replete with insider threats, is the "ability to be nimble and tailor security around what the needs of the data user are," he said.

Comments
JOIN THE DISCUSSION

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.