- Filed Under
Two cyber experts who are about to become colleagues at the U.S. Department of Homeland disagreed about the role of classified government threat information in helping the private sector secure the nation's critical network infrastructure.
"For a very long time, there was this feeling like ‘Boy, the government's got this classified stuff and if I could just get my hands on it, it would solve all the problems,'" said Jenny Menna, director of critical infrastructure cyber protection and awareness at the Department of Homeland Security, speaking during a panel discussion on protection of the critical civilian network infrastructure. "I think they've looked at some of the classified information at the same time that we've been able to strip out those actionable indicators, and they say, ‘You know what, it's not the classified information that I need every day. Maybe it's nice to get a briefing once a quarter for context, but that's not something [that] we need every day to take action.'"
Mark Weatherford, vice president and chief security officer at the North American Electric Reliability Corp., said he would like to be able to share more classified information.
"I can't tell you how many times, because I do have a security clearance and do get classified briefings, that I get classified information that's important and I would like to share with my industry, but I can't talk about it," he said. "It's critically important that we figure out how to take classified information within government and sanitize it to a level that's actionable for the critical infrastructure in the private sector, because it does absolutely no one any good to have classified information that perhaps is threat-related or vulnerability-related that can't be shown to the private sector."
Weatherford is slated to leave his current position to join the Department of Homeland Security, and said that the issue of disclosure would be on his mind.
