New department would inherit cybersecurity problems, GAO warns
Combining six IT security agencies under the proposed Homeland Security Department is an opportunity for enhanced efficiency, but it will not necessarily secure the government's critical infrastructure, the General Accounting Office told a congressional panel last week.
'Since 1996 we have reported that poor information security is a widespread federal problem,' Robert F. Dacey, GAO's director of information security, told a subcommittee of the House Energy and Commerce Committee.
The new department's Information Analysis and Infrastructure Protection division would inherit this problem, Dacey said.
Under the proposal, the department would include the FBI's National Infrastructure Protection Center; the Commerce Department's Critical Infrastructure Assurance Office; the National Institute of Standards and Technology's Computer Security Division; the Energy Department's National Infrastructure Simulation and Analysis Center; the General Services Administration's Federal Computer Incident Response Center; and the multidepartmental National Communications System.
Challenges to bringing them together, he said, include:
- Lack of a national strategy for critical infrastructure protection
- The need to improve analytical and warning capabilities
- The need to improve information sharing both within the government and between government and the private sector
- The need to address pervasive weaknesses in federal IT security.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.