Reprinted with permission from CNET News

Notwithstanding all the tough talk about defeating terrorism, the expression "good enough for government work" is, unfortunately, relevant when it comes to cybersecurity.

Indeed, a recent report released by the National Association of State Chief Information Officers chastises the Department of Homeland Security for not coordinating better with state and local authorities when it comes to combating cyberthreats.

Let's begin this discussion with a basic premise: The federal government is supposed to help state and local authorities combat terrorism.

You can read it in black and white: Section 7(c) of the Homeland Security Presidential Directive (HSPD) enunciates that it is United States policy "to enhance the protection of our Nation's critical infrastructure and key resources against terrorist acts that could...undermine State and local government capacities to maintain order and to deliver minimum essential public services." And Section 15 of the HSPD designates emergency services, the majority of which are provided by state and local authorities, as included among the most critical infrastructure.

To the extent cybersecurity is a real issue, then the left hand plainly needs to know what the right hand is doing.

With this premise in mind, the NASCIO's Information Security Committee conducted a survey of strategic cybersecurity issues. Its goal was to assess the nature of the relationship between state and local authorities and the programs and resources provided by Homeland Security. The committee concluded that much more needs to be done by Homeland Security to assist state and local governments.

First, it found that state and local governments would welcome a closer working relationship with Homeland Security, rather than the current private-sector approach now in place, which it characterized as "more detached."

Further, it recommended that a cybersecurity assessment be added to the current State Homeland Security Assessment and Strategy process to ensure that cybersecurity is adequately addressed for state and local sectors. This would help even if cybersecurity efforts are not funded to the levels desired by state and local authorities.

Third, the survey turned up a need to develop and maintain best practices and consistent methodologies and tools; conduct risk assessments; establish continuity of operations planning; and institute training for state and local governments.

Fourth, Homeland Security, as a direct provider of alerting services, needs to cure its reputation for lack of timeliness. In fact, "more emphasis needs to be placed on external-directed attacks, and internal ineptitude and maliciousness," according to the report. There needs to be "better coordination and allocation of effort among the multiple entities with a stake in the game, so to speak."

Finally, further academic programs and educational opportunities need to be made available to state and local players.

To the extent cybersecurity is a real issue, the left hand plainly needs to know what the right hand is doing. Above all, both hands need to be working together. Let's hope that best efforts are made by Homeland Security to reach out to and assist state and local authorities in safeguarding the Internet.

Biography

Eric J. Sinrod is a partner in the San Francisco office of Duane Morris. His focus includes information technology and intellectual property disputes. To receive his weekly columns, send an e-mail to ejsinrod@duanemorris.com with "Subscribe" in the subject line. The views expressed in this column do not necessarily reflect those of Sinrod's law firm or its individual partners.

This article is for general information and does not include full legal analysis of the matters presented. It should not be construed or relied upon as legal advice or legal opinion on any specific facts or circumstances. The description of the results of any specific case or transaction contained herein does not mean or suggest that similar results can or could be obtained in any other matter. Each legal matter should be considered to be unique and subject to varying results. The invitation to contact the authors or attorneys in our firm is not a solicitation to provide professional services and should not be construed as a statement as to any availability to perform legal services in any jurisdiction in which such attorney is not permitted to practice.

Duane Morris LLP, among the 100 largest law firms in the United States, is a full-service firm of more than 600 lawyers. In addition to legal services, Duane Morris has independent affiliates employing approximately 100 professionals engaged in other disciplines. With offices in major markets, and as part of an international network of independent law firms, Duane Morris represents clients across the nation and around the world.