Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Information Security News: Q&A: Homeland security CIO Steven Cooper

Q&A: Homeland security CIO Steven Cooper

From: InfoSec News <isn_at_c4i.org>
Date: Wed, 24 Jul 2002 05:46:45 -0500 (CDT)

Forwarded from: William Knowles <wk_at_c4i.org>

http://www.computerworld.com/databasetopics/data/story/0,10801,72930,00.html

By MICHAEL MEEHAN
JULY 23, 2002

Steven Cooper, the new CIO of the White House Office of Homeland
Security, spoke this week with Computerworld about the challenges he
faces as he works to pull together information and resources from
disparate federal agencies for the fight against terrorism. Cooper, a
former CIO at Corning Inc. in Corning, N.Y., joined the Bush
administration in March.

Q: What are the first projects you're going to be tackling?

A: We're starting on two parallel tracks. Our job is national in
scope. It's not just federal. As a result, while the initial work will
focus on the federal agencies that will comprise the Department of
Homeland Security, what we really need to do is look at all the
end-to-end business processes of homeland security as they also
interact with state and local governments, private sector and
citizens.

Q: Is adopting metadata standards a key to that?

A: That's part of it. That's how we have to ensure that linkage to
things outside the federal government. There's a huge difference
between these wonderful proclamations we make about XML now being the
latest generation's silver bullet. But come on, let's get real guys;
this industry has been trying to pull this thing together for 40
years, and we still haven't gotten it right. And it isn't about the
ability to technically connect stuff; that's simple. I can hook
networks together. I can hook applications together. I can hook
databases together. What about the exchange of information in a
meaningful manner? Now we're talking about something completely
different.

So one of the things that we have to figure out is a way to drive --
not because we're going to get it right first shot out of the box -- a
dialogue across a broad community at large where we can very quickly
begin to figure out where we have agreement and where we don't. Let's
leverage where we have agreement. And I am talking about metadata
standards, and I am talking about the meaningful content of the
information we need to integrate. Where we don't, let's figure out a
way to either engage the right standards organizations. Although they
tend to do good work, it takes a little bit of time. Or can we create
some intergovermental/industry working groups? Not because anyone's
going to issue a federal mandate or make it a law, but because we
think these are ways people can collaborate and work together.

Q: Of course, XML standardization work has been a slow, tortuous
   process. Can you afford to be that patient?

A: What I would like to see is we could get the right folks together
and reach some type of consensus that's basically a win-win for
everybody involved. That's the ideal. Now, if that doesn't work in a
time frame where we need to accomplish some things, I do think we may
[have] to move to: If you're going to interact with the federal
government, then here is the format, here are the XML tags, here is
how you send it to us. Then yes, it is going to become a little less
flexible.

We're talking about homeland security. We're fighting a war. We're
talking about protecting lives and property. There is an urgency
around this. So, getting the balance right, we will probably err on
the side of: If we think it's taking too long, we're going to move
forward. And that may upset some people, but hopefully it will be a
small subset.

Q: And we're talking XML here, not electronic data interchange (EDI)?

A: I think we're talking primarily XML because that's where we have
the least investment thus far, therefore the highest probability of
not messing up legacy stuff where people have sunk a lot of money.

Could we use EDI in communication of information that's already well
established? Yes. I'm not sure I'd call it leading edge or bleeding
edge, but it works.

Q: What will be the role of the Critical Infrastructure Assurance
   Office (CIAO)?

A: It is tasked with the primary responsibility of
critical-infrastructure protection. As such, it is, we believe, an
excellent place to house the information integration program office.

I, being in the White House Office of Homeland Security, really act in
an advisory role, not an operation role. CIAO director John Tritek
acts in an operation role. I provide strategic guidance and basically
help establish the key objectives, performance measures, critical
success factors, those types of things. John will have the primary
responsibility for ensuring that the office is in fact operating to
the objectives and goals that we have jointly established.

 
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo_at_attrition.org with 'unsubscribe isn'
in the BODY of the mail.
Received on Jul 24 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]