DHS may formally merge its units that oversee critical infrastructure protection and cybersecurity in light of their closely intertwined missions, a senior agency official told Security Management.

 

Todd M. Keil, assistant secretary of homeland security for infrastructure protection, said that his office, the Office of Infrastructure Protection (OIP) already collaborates closely with the Office of Cybersecurity and Communications (CS&C) based on the fundamental interdependence between the IT and communications systems and the U.S. sixteen other federally designated critical infrastructure sectors.

“We do joint assessments, we look at the threat together, and we’re actually through some organizational changes that we’re making in our organizations,” Keil told Security Management’s Joseph Straw. “We’re going to be partnering closer and closer as we work on these things jointly…that’s the way forward for us.”

Whether a formal merger will occur — and its scope — remain to be seen, and both would be guided by input from private sector partners, Keil said. “It’s actually something we’re still looking at. We’re not just going to merge them for the sake of merging them. That just makes no sense,” he said. “Are there some components of (OIP) and components of CS&C that are going to merge and/or work very closely together? Sure. It just makes sense.”

Straw notes that OIP, part of DHS’s National Programs and Protection Directorate, is responsible for identifying the U.S. critical infrastructure and working with owner-operators to assess and mitigate risk. OIP may be best known to the private sector through its protective security advisors (PSAs) and its site assistance visits (SAVs) during which PSAs and other DHS experts assess vulnerabilities at critical infrastructure sites and offer owner-operators protection options to mitigate risk.

CS&C consists of three separate units: The Office of Emergency Communication, which oversees programs to improve first-responder communications; the National Communications System, which supports priority national communication during crises; and the National Cyber Security Division.

National Cyber Security Division programs include the U.S. Computer Emergency Readiness Team, US-CERT, a public-private partnership that works to identify and mitigate major threats to U.S. cyber infrastructure.

Straw also notes that DHS shares the broader national cybersecurity mission with various agencies including the Department of Defense, the National Security Agency, and the FBI.