The Department of Homeland Security’s (DHS) expanding presence in Silicon Valley could lead to closer cooperation on cybersecurity between private-sector technology firms and the federal government.
DHS has sent Sean McAfee, who previously was deputy chief for DHS’ National Cybersecurity Assessments and Technical Services team, to lead the agency’s National Protection & Programs Directorate (NPPD).
The NPPD works with state and local governments and private industry to make the country’s physical and cyber infrastructure more resilient and secure.
“The Silicon Valley Office will pursue relationships with industry, academic, and military partners, federal law enforcement entities, and non-profit organizations in the Silicon Valley,” Phyllis Schneck, DHS deputy undersecretary for cybersecurity and communications for the NPPD, wrote in an email sent to NPPD employees that was first reported by Federal News Radio and confirmed to FedTech by a DHS official. “This is meant to provide broader understanding of DHS roles and responsibilities in cybersecurity, to participate in regional events, and to facilitate dialogue while supporting operational activities between Silicon Valley cybersecurity partners and DHS component organizations.”
A New Face in Silicon Valley
DHS Secretary Jeh Johnson first announced plans to open a satellite office in Silicon Valley in April 2015. The goal, he said, was to “strengthen critical relationships in Silicon Valley and ensure that the government and the private sector benefit from each other’s research and development.”
The office, which had been supported by DHS’ Science & Technology Directorate, officially kicked off operations in February and the office issued a $200,000 contract to startup Pulzze Systems to improve security for devices connected to the Internet of Things (IoT), according to FCW. Melissa Ho, the office's managing director, told FCW that the office is still small and figuring out how its mission will evolve. “We’re still determining what bandwidth this office will require,” she said.
McAfee, who FedScoop notes led DHS’ efforts on cyber hygiene during the aftermath of the Heartbleed bug in 2014, has been with the agency since 2008. He started working in the Silicon Valley office on Feb. 2, according to FCW and FedScoop.
“We sent out one of our best,” Schneck told FCW, referring to McAfee. “We made a statement.”
McAfee will likely be responsible for recruiting cybersecurity professionals to join the NPPD, according to FCW, but the publication said that might be hampered by the fact that special arrangements might need to be made to give those workers access to classified networks and information.
However, it is clear that McAfee and the NPPD's presence in the Bay Area will seek to tighten the bonds between technology companies and DHS.
“NPPD seeks innovative capabilities and new developments that can be applied immediately to DHS cyber operations,” Schneck wrote in her email. “NPPD operational activities in this office will include the sharing of threat information, establishment of technical capability demos for broader stakeholder engagement, continued development of the ‘DHS Hacker-in-Residency’ program, and improving upon the lessons learned from our industry and government partners.”
Testing New Technologies
What kinds of technologies might DHS look to research, test and potentially use to enhance cybersecurity?
Andrew Lustig, a partner at law firm Cooley LLP who specializes in information technology and cybersecurity, told FedTech that DHS will likely focus on working with technology companies that specialize in hardening critical infrastructure and IoT devices. Another potential technology avenue, he says, would be anything that helps the agency take action based on threat intelligence.
Lustig says DHS is “desperately in need of technologies that help them streamline the analysis and the processing and mitigating of issues that come out of those systems” that monitor threats.
Lustig says that while the private sector, especially in Silicon Valley, is likely going to be warier of dealing with the federal government given the FBI’s contentious fight with Apple over encryption, getting validation from DHS could help tech companies gain credibility.
Additionally, Lustig says that even if DHS does not strike a formal partnership with a tech company, merely being in Silicon Valley could prove beneficial as an intelligence-gathering exercise. The technologies DHS observes could inform requests for proposals the agency makes; they could also help DHS developers work on new solutions.
DHS spokesman Scott McConnell declined to comment on what kinds of technologies the NPPD will be looking to test or incorporate to aid DHS' cybersecurity operations.
DHS plans to launch similar technology hubs at offices across the country. “We want to make sure we are not just focused on California,” Schneck told FCW. “That was a good place to start; it offers us a plethora of companies,” but there are other opportunities as well.