The government, specifically the Homeland Security Department, should have a role in protecting .gov cyberspace and critical infrastructure but it should avoid overly-rigid guidance, said Homeland Security Secretary Janet Napoliano.

"We believe that any government rules for cyberspace should identify where we want to be, not proscribe exactly how to get there, and should allow ample space for innovation. They should also be clear, fair and broadly supported, and respect and reflect the diversity of the society in which we live," Napolitano said April 25, in a speech delivered at the University of California Berkeley College of Engineering.

The Obama administration will soon present a legislative proposal to Congress that will allow government to "move toward agile, interoperable computer systems and networks that can be reliably authenticated and that can recognize and respond to threats in real-time," said Napolitano.

Last month DHS published a white paper (.pdf) endorsing a three-pronged approach to cybersecurity based on automation, interoperability and authentication. Cyber attack simulations modeled in the white paper, had only 30 to 35 percent of devices reacting to an attack--leading the white paper to conclude that large-scale modification of existing infrastructure wouldn't be necessary for implementation.

The paper suggests a government role similar to a "Cyber Center for Disease Control and Prevention," which would watch for threats and incidents, disseminate data, perform threat analysis, make recommendations and coordinate preventive actions.

Napolitano told the audience of engineers that progress toward such a model is slowly underway. One building block for improved authentication is the National Strategy for Trusted Identities in Cyberspace (.pdf), released by the White House April 15, she said. NSTIC is a government-coordinated effort to create a digital "identity ecosystem," executed by the private sector.

The secretary also cited recent gains with the deployment of a National Cybersecurity Protection System--of which the EINSTEIN intrusion detection system is a key component. "In addition, we've spearheaded the development of the first-ever National Cyber Incident Response Plan (NCIRP). The plan enables us to coordinate the response of multiple federal agencies, state and local governments, and hundreds of private firms, to incidents at all levels--just like we do at DHS for incidents in the physical world," added Napolitano.

Finally, Napolitano said workforce changes are paving the way for a better cybersecurity model. The National Cyber Security Division nearly tripled its cybersecurity workforce in 2009, and nearly doubled the 2009 number in 2010, she said.

For more:
- read Napolitano's prepared remarks
- read the DHS white paper (.pdf)

Related Articles:
DHS seeks to grow antibodies in cyberspace
OMB: Reported cyber attacks up 39 percent 
DIB active defense cybersecurity pilot near start