A Cybersecurity Wiki for All?

My first reaction to reading the following article was, "What took them so long?" Then I remembered how many revisions the original proposal most probably went through and how many people undoubtedly had to sign off on this before they reached the "planning" stage. See below for my further comments.

DHS plans wiki for agencies, cybersecurity centers to coordinate efforts

By Ben Bain, Government Computer News, August 17, 2009

The Homeland Security Department plans to develop a “cyber ops wiki” that agencies can use to improve collaboration on cybersecurity efforts, according to a notice from the department.

The wiki will be used by DHS’ National Cyber Security Center (NCSC) and the six other federal cybersecurity centers as a collaboration tool and a way to develop improved situational awareness, communication and information sharing, DHS said in a notice published on Aug. 11 on the Federal Business Opportunities Web site.

Amy Kudwa, a DHS spokeswoman, said "NCSC is engaging industry expertise to develop a Web 2.0/3.0-enabled collaboration platform — this is an important piece of the larger NCSC vision of meaningful collaboration across government."

DHS' NCSC was established during the George W. Bush administration to coordinate cybersecurity efforts across the government. Phil Reitinger, DHS' deputy undersecretary of the department’s National Protection and Programs Directorate now leads the center.

"The 'cyber ops wiki' ... will provide a capability for near-real-time information sharing and collaboration on cyber security incidents, as well as be a repository of technical information," Kudwa said. She added that DHS envisions that when completed the wiki "will leverage the individual strengths and technical competencies" of the government's cybersecurity centers run by defense, civilian, intelligence and law enforcement departments and agencies.

DHS said in the notice it intends to negotiate and award a sole-source contract with an company named WiiKnoInc based in Austin, Texas, to work on the project.

Mark says:

This is a welcome and necessary first step... but only an initial and probably baby step forward.

Why am I so grudging in my praise — and it is praise?

First of all, who will be allowed to participate in this wiki and what will they be allowed to write or share on it? Will it be transparent to government contractors and their employees? Will private industry, i.e., non-government businesses, have any access to it to either use it or contribute to it? Will government employees in their respective organizations and agencies be encouraged to contribute to this wiki? Or will some managers, organizations, or agencies discourage explicitly or implicitly their employees from participating on the grounds of "need to know" or other "security" reasons or simply because of any number of bureaucratic reasons?

It might help if there were a "Cybersecurity Czar" reporting directly to the President who made this a priority. Oh, wait... I forgot. We're seven months into this administration's term and a cybersecurity czar (whether reporting or not reporting directly to the President) has still not been appointed... and everything is a priority — which means nothing is a priority.