Critics say Homeland Security cannot handle cyberthreats
September 17, 2008
In 2002, when congressmen and various politicians got together and decided to create a number of federal agencies, one of them being The U.S. Department of Homeland Security, one of many of the underlying reasons at the time was to get a better grip on Internet security, especially as it pertains to the federal government's own IT systems and databases.
In November 2002, when signing the 500-page bill into law, President Bush said "we will gather and focus all our efforts to face the challenge of cyberterrorism. The U.S. Department of Homeland Security will now be charged with encouraging research on new technologies that can detect these threats in time and to help prevent attacks from happening."
That was then. But today, Homeland Security is weathering a deluge of criticism of its lackluster Internet security efforts on such grounds that they have proven to be extremely inefficient if not non-existant, bureaucratic and not even able to do a minimal job of monitoring any federal computer networks or IT system.
On Monday, it even led to what would have been unthinkable a year or two ago: a suggestion that Homeland Security can no longer be trusted with its cybersecurity mission and it should be handed to another federal agency that would be better prepared and better equipped to accurately monitor and prevent any cyberthreat from the outside world.
Adding to public concerns of Homeland Security were two new reports published by the GAO (Government Accountability Office, reports No. 1 and No. 2) detailing the numerous department's shortcomings. The two reports were very critical of the Department of Homeland Security, to say the least.
James Lewis, director and senior fellow at the Hawkish Center for Strategic and International Studies says "while DHS has improved somewhat, oversight for cybersecurity must definitely move elsewhere. The overall conclusion we reached is that only the White House would have the full authority and oversight for cybersecurity. Today, this is a very serious national security problem and should be addressed as such and rapidly."
He was testifying at a hearing of the House Homeland Security's subcommittee on emerging threats, Internet security and science and technology. Lewis appeared on behalf of CSIS's Commission on Cybersecurity for the 44th Presidency, a group made up of 40 cybersecurity and so-called government experts.
They are widely expected to release a final report in two months, with specific recommendations for the next administration.
The GAO's new reports include descriptions of the department's overall failure to fully address no less than fifteen key cyberanalysis and warning attributes related to activities such as monitoring government networks for unusual activity.
As a detailed example, several warnings sent to federal offices regarding threats were neither consistently actionable nor timely, the GAO reported.
For the last three years, the GAO has been reporting on the DHS' cybersecurity efforts (or lack thereof) and has made thirty specific recommendations to the department, yet the department "still has not fully satisfied any of them," said David Powner, the GAO's director of information management issues.
Powner bluntly said "we're simply not prepared yet to handle any cyberthreats." (!)
The GAO reports were released just one day after DHS Deputy Secretary Paul Schneider and a group of other federal officials who work on Internet security sought to address the many unanswered questions about the governemnt's secretive National Cyber Security Initiative.
Lewis pleaded with politicians to remain focused on the topic. "Congress has to be involved with this," Lewis urged, "to support building the infrastructure that will keep us secure and at almost any cost."
Subcommittee Chairman Rep. James Langevin announced at the hearing the creation of a House Cybersecurity Caucus, a forum for House members from various committees to discuss Internet security. The new caucus will begin work in January of next year.
Paul Kurtz, a partner for Good Harbor Internet Consulting who testified at the meeting yesterday said "obviously, there's really no one in charge right now at the DHS, and that's why they have struggled. But you also have several people with their hands on the steering wheel, and this is totally unacceptable from an agency that is mandated with such a critical role."
Rep. Bill Pascrell of New Jersey said it was time to start pointing fingers of who was responsible for the department's many problems. He made it very clear at a forum on Monday that Robert Jamison, the DHS undersecretary for national protection and programs, is leading the department's cybersecurity efforts. But some witnesses and congressmen at yesterday's hearing said there was a great lack of leadership in the DHS, and that things seem to be actually getting worse over time, not better.
"Robert Jamison, the undersecretary, gave himself a solid C in cybersecurity the last time he came before the full committee," Pascrell said. "When was getting a C a good mark?" he asked. (!)
Pascrell complained that the current administration has been too secretive about the National Cyber Security Initiative and that things need to change and rapidly.
Pascrell even pointed out that Marie O'Neill Sciarrone, a special assistant to the president, spoke at Monday's forum regarding federal cybersecurity efforts--but that the event cost $50 for government employees to attend.
"The Senate tried for months to get the information public, and the White House refused," he said.
The witnesses at the hearing concurred the DHS has been too secretive. "There's no reason to classify the cyber initiative," Lewis said. However, he also said the initiative has produced some useful results, but wouldn't offer any details.
While it may be the norm for a new administration to completely revamp such a program, "we can't afford" to have that progress set back, Lewis said. (!) "It'd be a lot easier to avoid that fumble if it wasn't top secret."
Lewis said that a cybersecurity strategy "should be one of the first documents the new administration issues." People representing both the Obama and McCain campaigns are on the CSIS commission, Lewis said, and both campaigns have recognized the need for greater cybersecurity.
The U.S. government is already working to establish working relationships with the private sector in an effort to greatly improve cybersecurity, but the next administration will have to consider whether to analyze all sectors for equal importance, Powner said. The three most critical sectors to work with, Lewis said, are the finance, electricity and telecom industries.
"We've asked them to brief all participants on our recommendations, and we believe in the next month or so we'll have that opportunity," he said.
"Existing partnerships are certainly not meeting the needs of the public or private sector," Lewis said. "The first need is to rebuild trust."
Harry Raduege, chairman of the Deloitte Center for Network Innovation, said another reason to make cybersecurity a priority for the White House is to better coordinate international efforts.
Source: Tech Blog.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing