DHS has once again partnered with IdeaScale to establish a ‘collaboration community’ to help the DHS Integrated Task Force in the implementation and the coordination of interagency, and public and private sector efforts to support the President’s Executive Order on Improving Critical Infrastructure Cybersecurity (EO 13636). Patterned on previous IdeaScale campaigns on the National Dialogue on Preparedness and the Quadrennial Homeland Security Review, the Integrated Task Force Collaboration Community (ITFCC) allows for public input and discussion of proposals associated with EO 13636 implementation.
DHS is not being real proactive in publicizing this ITFCC. I have seen a single TWEET® on the topic and nothing else. That might explain why there are only four ideas currently on the page after being up for at least a week (that’s the date on the initial suggestion).
There are three different topic about which the site is soliciting public ideas. They are:
Only the third topic has an extensive explanation of what is being sought. It is also the only topic page that specifically mentions one of the working groups from the ITFCC; Evaluation and Planning Workgroup. They explain that they have already conducted focus group analysis and have come up with a four part purpose of the development of a public-private partnership for the implementation of the EO. Those parts are:
• Evaluate and address critical infrastructure risk through public-private collaboration and collective action across the national preparedness spectrum to prevent, protect against, mitigate, respond to, and recover from all hazards.
• Define and address national priorities for all-hazards critical infrastructure security and resilience through the bidirectional sharing of relevant and actionable information and the identification and exchange of best practices, tools, capabilities, and resources.
• Build and sustain trust, leverage existing, and develop new relationships to ensure the continued maintenance and growth of the partnership.
• Work collaboratively to identify and mitigate organizational and structural barriers to entry to facilitate increased participation by State, local, and private sector stakeholders in regions across the Nation.
This is a public participation discussion site, open to all comers. To publish new suggestions, make comments, or vote upon on existing suggestions you have to be registered with IdeaScale. People who registered on the two earlier DHS discussions can still use that registration ID and password.
I don’t see a ‘registration’ tool or button, but if you try to vote, make a suggestion, or comment on an existing suggestion you will be prompted to either sign in or register. It has been a couple of years since I registered on IdeaScale, but I seem to recall that you have a wide latitude in the information that you provide or fail to provide to the site. I can’t vouch for the whole site security thing, but it does provide some fair level of anonymity on the public side if you so desire.
As I mentioned earlier there are only four comments currently posted on the board. They are (in order of current vote totals; highest to lowest):
The first three are glittering generalities that fall into the general ‘motherhood and apple pie’ category. The last is a little more specific but not really directed at cybersecurity concerns. This is one of the problems with these public comment/suggestion exercises; there are very few concrete proposals and more than a few that trend off-topic. Oh well, searching for gems is like that.
Currently there are no comments that directly apply to industrial control system security efforts. I will, however, continue to monitor and report upon this site.