Homeland Security Watch

News and analysis of critical issues in homeland security

September 17, 2008

A Rough Week for DHS Cyber Programs

Filed under: Cybersecurity — by Jonah Czerwinski on September 17, 2008

What a week for DHS cyber security efforts. Congressional hearings, think tank studies, and GAO reports all arguing that the Department is underpowered and disorganized in its effort to carry out its role as a lead in the National Cyber Security Initiative, a multi-billion dollar program to protect federal and private sector internet assets against attack and exploitation.

Not to leave anything ambiguous, GAO released three new studies this week:
DHS Faces Challenges in Establishing a Comprehensive National Capability
DHS Needs to Better Address Its Cybersecurity Responsibilities
DHS Needs to Fully Address Lessons Learned from Its First Cyber Storm Exercise

The pointy end of the spear is US-CERT. The US-CERT’s mission is to:

• analyze and reduce cyber threats and vulnerabilities
• disseminate cyber threat warning information
• coordinate incident response activities

They have a way to go. A new GAO report finds that US-CERT “lacks a comprehensive baseline understanding of the nation’s critical information infrastructure operations, does not monitor all critical infrastructure information systems, does not consistently provide actionable and timely warnings, and lacks the capacity to assist in mitigation and recovery in the event of multiple, simultaneous incidents of national significance.”

DHS spokesperson Laura Keehner explained that “We are undertaking something not unlike the Manhattan Project.” “Billions of dollars are going into this effort. We’re the first to admit there is more work to be done….” Of course, US-CERT was founded five years ago. In the last year, more cooks have been added to the kitchen, too. The DHS CIO has a leadership role, the Under Secretary for National Protection and Programs has a leadership role, the director of the National Cyber Security Center has a leadership role, the Assistant Secretary of Cyber Security and Communications has a leadership role.

This may be what drove James Lewis of the Center for Strategic & International Studies to tell Congress in testimony yesterday during a hearing on cyber issues that the core problems “are the lack of a strategic focus, overlapping missions, poor coordination and collaboration, and diffuse responsibility.”

Lewis serves on the Commission on Cybersecurity for the 44th Presidency along with 30+ other leading lights in this area, including Pete Allor of IBM and Paul Kurtz of Good Harbor. They make a pretty straight forward recommendation: If this is to be a truly national cyber initiative, move it to the White House. Getting this effort bogged down in DHS, the intelligence community, and DOD risks hobbling the whole endeavor, which is far too important.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

2 Comments »

Comment by William R. Cumming

September 17, 2008 @ 5:54 pm

Definitely indicates trouble in River City! Maybe a new sheriff will help. How many CZARS does it take? This area is not going away and will only grow as a problem. Is the basic problem still that cyber-security requires funding that neither the feds nor private industry have? Clearly the STATE and Local governments can only hope someone else has the lead and competence and funding to really address the critical issues and problems. I have tried to find the official delegations to each of the organizations in DHS and officials charged with cyber security and been unable to locate or understand them. Does anyone in DHS even know what authority they have, what budget, and what objectives they are trying to accomplish? While perhaps a fool may ask more questions than a wise man may answer does not necessarily mean all the fools questions don’t deserve study and analysis.

Comment by Christopher Tingus

September 21, 2008 @ 5:51 am

Fiat dollars which seem so readily available by simply printing whatever is ncessary to bail out those in the banking and corporate community – who should be held accountable for such intentional wrong doing – these fiat federal reserve notes – now worth less than 95% of their value back in 1913 – must be handed to those we can entrust in establishing a bi-partisan effort to improve our existing programs and response to the very serious requirements of assuring valued cyber security. This must be foremost in our national security agenda.

To the new administration, whomever will win this unfortunate ambition on both sides of the aisle finding it necessary to spend over a billion federal reserve notes to sit at the helm, whomever is leading the charge, look to the skies, look at your government’s computers, look to your own personal computers, look to the ways others are using technology on the battlefield….

Unless we make a commitment together to address the very real issues of cyber security before us now, today, our lack of unity in having this advanced cyber security well established will have a profound inpact on the near future and surely an uncertain look not too far beyond!

Christopher Tingus
Harwich, MA 02645

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>