Homeland Security Watch

News and analysis of critical issues in homeland security

August 21, 2008

Congress Amends HSA Again; This Time for DHS Cyber

Filed under: Congress and HLS,Cybersecurity,Organizational Issues — by Jonah Czerwinski on August 21, 2008

The House recently passed a bill introduced by Rep. Langevin to amend the Homeland Security Act of 2002 to grant the DHS Chief Information Officer (CIO) authority for the development, approval, implementation, integration, and oversight of certain DHS cyber security initiatives (e.g “information management and information infrastructure”). The Homeland Security Network Defense and Accountability Act of 2008 authorizes the CIO to manage the policies, procedures, activities, funding, and systems relating to DHS networked information and infrastructure, and this surely bears on the Department’s role in the National Cyber Security Initiative.

Why the CIO? The GAO issued a report in June questioning DHS’s organization for addressing its cyber missions. There is CERT. There is an Assistant Secretary for Cyber Security and Communications and the director of the National Cyber Security Center at DHS. Of course, most of the component agencies of DHS also have their own CIOs.

The new bill directs the DHS CIO to establish and manage security control testing protocols to protect DHS’s and contractors’ information infrastructure against cyber-based attacks. It also tasks the DHS Inspector General with determining the effectiveness of the Department’s cyber security policies and controls. Moreover, the Secretary – through the CIO – has to determine that any contractors have their own cyber security policies and protections in place before entering into or renewing a covered contract.

That’s a lot on the CIO. The bill therefore sets forth a list of qualifications for the CIO. These quals include at least five years of executive leadership and management experience in IT and information security.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Comment by josephlogan

August 21, 2008 @ 10:24 am

Numerous CIOs should be a troubling sign for compatibility of systems, let alone for the likely waste in the IT capital planning process (Clinger-Cohen, for example). Are these all running on a common infrastructure, or are those independent as well?

Comment by William R. Cumming

August 21, 2008 @ 11:49 am

My understanding is because of statutory org chart DHS is exempt from Clinger-Cohen requirements. Of course on of the key reasons IT in DHS has so far wasted without much good product almost $35B! Big mess. More interestingly Executive Branch wide is the lack of uniformity in assignment of cyber-security to CIO’s or some other org including in some cases statutory IG offices. Again no consistent oversight but this legislative initiative unlikely to make it through Congress this session anyhow. At least someone is not asleep at the switch. Remember Chertoff’s previous experience in Government was with a lousy IT organization in DOJ and an outdated IT support structure in the federal courts. The money of course has long been spent. Just nothing to show for it.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>