Friday, February 20, 2015





Chuck Brooks, Distinguished Judge,
GSN 2014 Homeland Security Awards Program

Charles (Chuck) Brooks serves as Vice President/Client Executive for DHS at Xerox. Chuck served as the first Director of Legislative Affairs for the Science & Technology Directorate within the Department of Homeland Security. He was an Adjunct Faculty Member at Johns Hopkins University, where he taught a graduate course on “Congress and Homeland Security.” He also spent 6 years on Capitol Hill as a Senior Advisor on national security issues to the late Senator Arlen Specter. Chuck has an MA in International Relations from the University of Chicago and a BA in Political Science from DePauw University. He has served in several senior executive corporate roles and is widely published as a thought leader on subjects relating to homeland security, technology, innovation, CBRNE, and cybersecurity. He also operates two of the largest homeland security groups on LinkedIn and is a featured speaker at government and industry conferences. Chuck has also served as a judge for three recent Government Security News industry homeland security awards events.

GSN: What is the threat landscape for the Department of Homeland Security as it enters its second decade of operations?

CB: DHS has made great progress over the last decade but the current threat level is now heightened for DHS, the intelligence community, and law enforcement as a result of evolving threats. The most immediate threat is posed by ISIS and affiliated Islamic extremists who have gained combat experience in Iraq and Syria and have ac­cess to Western passports. Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, said these terrorists “present the greatest threat we’ve seen since 9/11.” Also, a decade ago terrorists’ ability to organize and mobilize was more limited because of com­munication capabilities. The exponential growth in smart phones (there are now 14B smartphones worldwide) and the terrorists’ use of social media has made surveillance and monitoring of those who might threaten the home­land a bigger challenge.

The defense against CBRNE (chemical, biological, radiological, nuclear, and explosive) threats will continue to be priorities of DHS because of the asymmetrical terror consequences they present. The recent Ebola outbreak illustrates our vulnerability to pandemics and infectious disease outbreaks. The potential for bio-terrorism directed by non-state actors is a frightening but real scenario. Right­fully so, countering biological threats remains a high prior­ity at DHS. As our experiences in Afghanistan and Iraq have shown, man portable improvised explosive devices (IEDS) and vehicle-borne IEDS are still a major concern, especially against soft targets.
Other threats such as chemical and radiological substance releases, and natural disasters from floods, hur­ricanes and earthquakes all still pose plausible and dire threats to the homeland. Unfortunately, it is likely that the nation’s preparedness will be tested again in the coming decade.

One area where DHS has taken on an increasingly larger role is in cybersecurity. Presidential Directives have mandated DHS to play the primary role in the civilian side of government for cybersecurity. A major reason for the new focus on cybersecurity has been the rapid changes in the information technology landscape. Since 2003, the capabilities and connectivity of cyber devices and communications has grown exponentially. Concurrently, so have the cyber intrusions and threats from malware and hackers. This has required restructuring of priorities and the cybersecurity missions at DHS. The cyber threat to the homeland reaches far beyond terrorists and includes various criminal enterprises and adversarial nation states.

What do government and industry perceive to be the main cybersecurity threats and required responses?

CB: Both government and industry have prioritized critical infrastructure as a focus of threat and hardened response. There is a growing understanding of the seri­ousness and sophistication of the cyber threats, especially denial of service. In terms of preparation, the financial and retail communities have been at the forefront of address­ing these threats with significant investment in technolo­gies and in training. However, 43% of companies had breaches last year (including companies such as Home Depot, JPMorgan, and Target) and the intrusion threats are not diminishing.

According to the think tank Center For Strategic and International Studies (CSIS), cyber related crime now costs the global economy about $445-billion every year. These breaches demonstrate that there is a continued need for protocols and enhanced collaboration between government and industry.

Last year, The Council on CyberSecurity, an influ­ential not-for–profit organization, formed a “20 Critical Se­curity Controls list” with collaboration between the public and private sectors. The list provides an emerging working framework for protecting the critical infrastructure and provides a recommended set of actions for cyber defense that includes specific and actionable ways to stop today’s most pervasive attacks. I was honored to participate in that working group.

Indeed, cyber security controls are very important. In the U.S., most (approximately 85%) of the cybersecu­rity critical infrastructure including defense, oil and gas, electric power grids, healthcare, utilities, communications, transportation, banking, and finance is owned by the private sector and regulated by the public sector. DHS has recognized the importance for private sector input into cybersecurity requirements across these verticals and has played a major part in bringing government and industry together to develop a strategy to protect critical infrastruc­ture.

There will always be a need for better encryption, biometrics, analytics, and automated network security to protect critical infrastructure in all categories. Also, cyber resilience is an area that must be further developed both in processes and technologies. In the future, cybersecurity for the “Internet of Things,” consisting of hundreds of mil­lions connected IP enabled smart devices, will certainly be a main priority

What would be on your own master list of cybersecurity priorities and emerging trends?

Emerging Technology Areas:
• Internet of Things (society on new verge of
exponential interconnectivity)
• Wearables
• Drones and Robots
• Artificial intelligence
• Smart Cities
• Connected transportation
• Protecting critical infrastructure through technologies
and Public/Private cooperation
• Better encryption and biometrics (quantum encryp
tion, keyless authentication)
• Automated network-security correcting systems (self-
encrypting drives)
• Technologies for “real time” horizon scanning and
monitoring of networks
• Diagnostics and forensics (network traffic analysis,
payload analysis, and endpoint behavior analysis)
• Advanced defense for framework layers (network,
payload, endpoint, firewalls, and anti-virus)
• Mobility and BYOD security
• Big data
• Predictive analytics
• Interoperability
• Informed risk management
• Emergence of Public/Private sector partnerships
• More information sharing and collaboration
between the public and private sectors
• Shared R & D spending
• Increased spending for cloud computing
• Consolidation of data centers
• Expansion of hiring and training of cybersecurity
• Tech foraging

What is Xerox’s focus in the homeland se­curity space?

CB: Xerox has a great tradition of innovation and has become a world leader in digitization, contact centers, document management, IT, and data analytics. Xerox is a recognized leader in “digitization” of documents in the Federal government. The company has been providing mailroom, scanning, imaging, indexing, and data capture for nearly three decades, including with DHS. Xerox uses innovative technologies, including Optical Character Recognition (OCR). OCR automatically extracts data from scanned images and makes those data available for elec­tronic processing for millions of images each day. Hav­ing electronic access to data and files provides for more efficient planning and operations in the security environ­ment.

Xerox is also known for its contact center exper­tise. The company uses multi-channel contact technology tools via phone, email, web, and mobility to optimize, automate, and help scale customer service agent response. Contact center management solutions are designed to minimize impact, assure end-user incidents are addressed quickly, and prevent reoccurrence that is important for a public safety mission.

Xerox has also developed and deployed a disease surveillance and outbreak management software called Maven that is of interest to homeland security and pub­lic health agencies. It is configured to provide “contact tracing” for Ebola and other communicable diseases. The software manages the identification and diagnosis of those who may have come in contact with an infected person.

Can you update us on your social media and thought leadership activities?

Many senior level executives in the Federal gov­ernment are on social sites such as LinkedIn, GovLoop, Facebook, and Twitter. There are an estimated 1.4 million Federal government employees who regularly use LinkedIn, including over 65,000 from DHS. Social media has be­come part of the fabric of how we communicate, operate, and conduct business. The two homeland security groups I run on LinkedIn –“U.S. Department of Homeland Security” and “Homeland Security”– have grown to over 50,000 members. (Please look them up and join and post!) I have become active now on Twitter too. Please follow me: @ChuckDBrooks

I have also been active on the speaking circuit at conferences, including recent presentations at the Na­tional Press Club, Homeland Security Week, Secure Cities, George Washington University, Bowie State University, and CyberMaryland. Please check out my recent article in The Hill newspaper called “Navigating the Four Pillars of Washington, DC” that explores the interplay between government, industry, media, and policy organizations in the nation’s capitol.

Thank you for speaking to me and letting me share my perspectives. GSN serves as an excellent media resource for all those active in the homeland security and national security fields. I strongly encourage others to become regular readers of your publication online and in print.'s Security Recruiter Blog