Keeping IT Secure Under SequestrationDHS's Weatherford: Budget Cuts Won't Jeopardize IT Security
Homeland Security Deputy Undersecretary Mark Weatherford says the government will provide appropriate funding to keep federal IT secure even if President Obama and Congress fail to prevent automatic, across-the-board budget cuts scheduled for March 1.
In an interview with Information Security Media Group at RSA Conference 2013 in San Francisco on Feb. 25, Weatherford does not provide specifics on how the projects would be spared from sequestration - as the sweeping budget cuts are known - but says it was something DHS saw coming and for which it prepared.
"I won't say we're going to be made whole, but we're not seeing as big of an impact as some of the other areas [of the budget]," says Weatherford, the highest ranking DHS official solely focused on cybersecurity. "That's recognition that we can't be penny wise and pound foolish. We can't stop and start some of the things that we're doing; some of the acquisitions, some of the programs, some of the hiring. This is too critical for what we're doing for the nation right now."
Weatherford says he doesn't expect cutbacks on cybersecurity staff. "I don't foresee any of that in my organization."
Asked if other federal agencies also are prepared to weather across-the-board budget cuts in cybersecurity, Weatherford says that each agency must address sequestration on its own. "They have to prioritize and understand the risks that these different programs will have on their organizations," he says. "I feel pretty comfortable saying cybersecurity in most organizations is going to remain fairly healthy."
Growing Cyber-Threat Awareness
Weatherford, in the interview, also says the report from IT security provider Mandiant that documents how a unit of the Chinese army stole intellectual property from American companies is diplomatically awkward. But the report makes it easier to get support for government cybersecurity initiatives. "It brings an issue to light; sometimes there's no other way to get to the nut of the issue," he says.
Responding to a question about whether the wide coverage the Mandiant report received in the mainstream media has raised public awareness to cyber-threats and that, in turn, could push Congress to enact comprehensive cybersecurity legislation, Weatherford says, "I hope so."
"There is a growing awareness in the public that something needs to be done," saya Weatherford, who adds that he was very disappointed that Congress failed to enact cybersecurity legislation in 2012.
Although not advocating government regulation of the private owners of the nation's critical IT infrastructure, Weatherford expresses support for the adoption of some type of best practices. President Obama, in his executive order issued earlier this month, calls for the government and industry to identify IT security best practices that critical infrastructure owners could voluntarily adopt [see Obama Issues Cybersecurity Executive Order].
"There are not too many people who are fans of more regulation, but we're talking about things now for which society itself depends on," Weatherford says. "The health and safety of our citizens depend on some of these critical infrastructures that really don't have a lot of oversight right now."