Our organization is thinking about participating in the DHS Enhanced Cybersecurity Services program, but I heard...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
that it requires that staff have security clearances. Is that true, and how difficult is it to get U.S. security clearance?
The Enhanced Cybersecurity Services (ECS) program, sponsored by the Department of Homeland Security, had a lofty goal: to provide a channel to share classified threat information with private industry in order to boost overall cybersecurity. However, the program has fallen flat due to the high bureaucratic hurdles put in place to participation.
Your question hits upon one of the two major issues: Employees who will handle information from DHS must have valid U.S. security clearances. Obtaining clearance is an expensive and time-consuming process. Unless your business already has a requirement to handle classified information, you're likely to find that the benefits provided by the program don't justify the investment of time and money required to obtain high-level security clearances for your IT staff.
Ask the expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)
The second major barrier is that a security clearance is necessary, but not sufficient, to handle classified information. You must also have the IT infrastructure in place to ensure that there is no commingling of classified and unclassified information. This requires building a secure classified network and building systems dedicated to handling this type of information.
The bottom line is that the program is unlikely to expand beyond the small group of industries that already handle sensitive information. The numbers seem to back this opinion. DHS reported that only 17 businesses joined the program in its first year of operation.
Organizations interested in cybersecurity information sharing would be well-served to look into the growing number of industry-specific information security and analysis centers (ISACs) that foster sharing between the public and private sectors.
MSPs look to expand portfolios to include cybersecurity services
Dig Deeper on Government IT Security Management
Related Q&A from Mike Chapple
Encrypting data going to the cloud is a security best practice, but does it add extra challenges for regulators that might need to access the data? ...continue reading
Merchants that sell at off-site venues need to take extra care to follow PCI compliance standards. Expert Mike Chapple discusses how organizations ...continue reading
The FTC's order for PCI DSS compliance assessments is odd since PCI isn't a government regulation. Expert Mike Chapple explains the motivation ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.