Meet Bobbie StempfleyNew Director of National Cybersecurity Division Outlines Her Goals
"I always tell people that I live on my cell phone because my kids live on their cell phone, they do text. I can tell you where they are at any time because we are engaged," said Stempfley, who previously served as chief information officer at the Defense Information Systems Agency. "So, as I came in and I got onto Communicator, I saw there were a few people on it, I started texting. It was just a natural thing for me. It has been an interesting thing to see people adapt to this change as a part of this organization."
Texting allows for a more intimate collaboration among manager and subordinates, among peers, that can be missing in a massive bureaucracy like DHS.
"They already understood how to communicate and how to collaborate with people, but to add this other tool that allowed them to bring a bunch of people together in a way that wasn't a conference call ... was an instantaneous kind of thing; it really helped them see the power of this very small technology addition as they went forward," Stempfley said. "So, that kind of adaptation and agility in our thinking really is the thing that motivates me in helping ensure that our government is able to do that in my little corner of the world here at NCSD and DHS."
Big challenges await Stempfley in her little corner of the government bureaucracy. Under her charge is the United States Computer Emergency Readiness Team, the subject of a DHS inspector general report that contends U.S.-CERT is hindered in its ability to provide an effective analysis and warning program for the federal government. Inspector General Richard Skinner also noted that eight agencies his staff interviewed indicated that the Einstein 2 and Einstein 3 intrusion detection and prevention systems are effective tools but expressed concerns regarding the effectiveness of the U.S-CERT's information sharing and communication.
Our interview with Stempfley occurred before the IG issued his report, but she said the division is focused on providing better information and solutions such as metrics and benchmarks to agencies regarding U.S.-CERT, the Einstein programs and the Trusted Internet Connection initiative aimed at limiting government Internet connections. "We are not in a position where CIOs are told, 'Figure it out.'" Stempfley said.
Instead, she said, the division would provide agencies with reference architectures and metrics. "It is about our defining solution sets that are possible for people to use, and it is about our helping folks implement those solutions that are in their environment so that they can be successful," she said.
Super Traffic Cop
Stempfley sees her job, in part, as a super traffic cop who helps coordinate the sharing of IT security best practices across the government. To accomplish this, the division will distribute materials and hold training sessions. "It is really about the kind of coordination, communication and collaboration across the board and so I think one of the things you will see as we work ourselves forward is how do we take that and then how do we enable other federal agencies and other state organizations to be successful in the implementation of it," she said. "So it is not just about identifying those best practices and putting them out there, it is also about taking it to execution and implementation."
Skinner, the inspector general, also voiced concerns about the understaffing of U.S.-CERT, an impediment he saw to accomplishing its mission to coordinate the response to security threats from the Internet.
Stempfley said the division continues to look to hire the best people available. "I was thrilled to walk into NCSD and find an organization that is growing in a way that reinforces that dedication and that commitment both to the people and to the mission and the folks here are wonderful, "she said. "We have a number of vacancies today that we are working to fill as we go forward."
But staffing up U.S.-CERT and other division units is only part of Stempfley's mission. As important is improving collaboration with government agencies. She spoke of building a stronger relationship with agencies CIOs, holding face-to-face meetings to learn the cybersecurity challenges their organizations confront and the solutions they have discovered. "We can use that personal discussion to have or share with them how other federal CIOs have solved these problems as they go forward," Stempfley said.
The culture Stempfley found at the National Cybersecurity Division is one she believes can accomplish these goals, and one she feels comfortable in. Asked what surprised her most when she took the job, she said:
"Oh gosh - and I am not sure I would say it surprised me - but one of the things that I really love about what I found when I got here at DHS is the commitment to transparency, the engagement with the privacy sector, the ability to talk about how we are using our data, what we want to do with it, our engagement with the federal CIOs, transparency with the workforce and with the American public. That just resonated with me because that is very much what I have been trying; it is really my style. And so I really love the fact that I walked in and it was just the natural organic nature of this organization."