A subcommittee of the Senate Homeland Security and Government Affairs Committee held a hearing today on “Cyber Security: Recovery and Reconstitution of Critical Networks.” DHS Under Secretary George Foresman testified at the hearing, and found himself having to respond to a GAO report also released at the hearing that lambasted DHS’s efforts to coordinate preparedness for a catastrophic cybersecurity attack. The hearing is summarized well in this story at ZDNet:
A Republican senator on Friday blasted the U.S. Department of Homeland Security’s readiness for a massive cyberattack, saying he hasn’t seen any improvements since bringing in department officials for questioning last summer.
“Despite spending millions of dollars over the past year, DHS continues to struggle with how to effectively form and maintain effective public-private partnerships in support of cybersecurity,” Sen. Tom Coburn of Oklahoma said at a hearing convened by a Senate Homeland Security subcommittee, of which he is chairman.
Coburn, the only politician present at the 90-minute hearing, grilled top computer security officials from Homeland Security, the National Security Agency, the Office of Management and Budget, and the Government Accountability Office (GAO). He also asked private-sector companies for suggestions for government action.
The Oklahoma senator joined industry groups and congressional colleagues in chiding the agency for failing to appoint a high-level cybersecurity chief one year after the post’s creation. He said having a strong leader in charge is critically important to defend against a crippling cyberattack that could take out not only e-commerce and communications capacities, but also “electrical transformers, chemical systems and pipelines” controlled by computers.
“There’s going to be an assistant secretary (for cybersecurity and telecommunications), I promise you, even if we have to raise the salary for the position,” he said.
The problem isn’t just the salary, as I’ve noted previously. There’s no good reason to apply a political litmus test to a technoratic position.
….Homeland Security’s top cybersecurity post has remained a low- to mid-level position ever since Congress passed a 2002 law that melded 22 federal agencies and made the department chiefly responsible for protecting cyberspace. Numerous audits have faulted the sprawling cabinet department for its lack of readiness to handle large-scale attacks and for shortcomings on its internal networks.
That blistering critique continued on Friday with a new GAO report, which accused Homeland Security of failing to finalize clear plans that detail the responsibilities of state and local governments, other federal agencies and the private sector before, during and after Internet disruptions. “Today, no such plan exists” despite a federal mandate to devise one, Keith Rhodes, the GAO’s chief technologist, told the committee.
Overall, a useful hearing, one that will hopefully prod DHS into filling this year-long vacancy and addressing the important concerns outlined in the GAO’s report.