DHS Grant Kit Offers Cybersecurity Guidance

Jan. 18, 2006
Recommendations include details on information sharing, IT security

The Homeland Security Department’s new preparedness unit is urging state governors to prepare cybersecurity plans, adopt a new national XML-based model for information-sharing and implement newly developed common rules for geospatial content.

The recommendations are some of the most detailed that the federal government has made to states and local governments to date on using IT in the fight against terrorism.

The IT-related guidance is included in the fiscal 2006 grant application kit for the distribution of $3.9 billion in federal homeland security grants to states and localities this year, published by the preparedness directorate. Cybersecurity guidance was attached as an appendix for the first time.

“Each state and local government entity should develop and execute a comprehensive cybersecurity plan that demonstrates due diligence in cybersecurity,” the guidance states. “The plan must account for factors such as limited staff and resources and staff turnover; varying size and complexity of the state and local government entities, varying cybersecurity and technology knowledge base within government; and a wide variance in technology being used.”

Guidelines for topics to be included in the cyberplans are somewhat open-ended. Recommendations cover about two dozen questions related to policy, training, IT deployment and vulnerability. Local governments’ cyberplans should be “at least rudimentary,” the guidance said, and should establish an information security officer as a single point of contact, with 24/7 contact information.

In addition to developing cybersecurity plans, states and localities this year should periodically test and exercise the plans, the fiscal 2006 document states.

In previous years, DHS has made general recommendations that states and other grant recipients conduct cybersecurity planning. This year, there are more details and additional IT-related advice, most of which is couched in terms of what states and localities should do to demonstrate due diligence and to comply with best practices.

The largest grant program, a $2.5 billion State Homeland Security Grant Program, sends money to the states for anti-terrorism planning, equipment, exercises and training. The second largest is $862 million for the Urban Area Security Initiative, which distributes grants to major cities. States and cities can spend some of those funds on IT and cybersecurity enhancements, which are included on the approved equipment list for both programs. IT and cyberequipment were added to the list for the first time in fiscal 2005.

Also among the IT-related recommendations, the preparedness directorate is asking grantees to use the National Information Exchange Model, an Extensible Markup Language foundation for information exchange, starting at the expected release June 30 of version 1.0 of the model. DHS and the Justice Department developed the model to leverage law enforcement metadata models.

In addition, DHS is recommending that states, local and tribal government adopt geospatial data guidelines developed by the Information Content Subgroup of the Federal Geographic Data Committee Homeland Security Working Group in October 2005.