Politics, bad luck and lack of maturity have hampered DHS
Former cybersecurity chief says department is still growing into its role
As the lead agency for securing dot-gov resources, the Homeland Security Department has a mandate to stop malware from getting into government networks and keep bad things from happening, a job it has not yet sorted out how to do, said Greg Garcia, former DHS cybersecurity chief.
A key element of this task will be the third phase of the Einstein network monitoring system, an intrusion prevention system that faces multiple challenges. “They are still working through it,” he said recently. “It is a complicated technical question with an overlay of political and privacy issues that delays the development of the architecture.”
Despite the challenges and false steps made by DHS in its cybersecurity initiatives, Garcia said he is confident the department can grow into its mission.
Progress on Einstein 3 will depend partly on how well the second phase of the program works as it is implemented during the next few months. Developers need to create protocols for dealing with apparently malicious traffic, and there still is tension between the demands of privacy and need to share information that the system gathers.
But the success of Einstein — and DHS in general — also will depend on the ability of the young department to wriggle free from the political squabbling between the administration and congressional overseers that has hampered its development during its early years, Garcia said.
Garcia was assistant secretary for cybersecurity and communications from September 2006 to December 2008, when he resigned to establish a private consulting firm. Established in 2003, DHS is a large and still young department, and its formative years were blighted partly by bad luck and partly by politics, the former official said.
“There is a different dynamic at work now than during my tenure,” he said.
During that time, the department was caught between a Republican president and a Democratic Congress that came into power shortly after the disaster of Hurricane Katrina, which gave the Federal Emergency Management Agency and the entire DHS a black eye. The fumbled response to the devastating Gulf Coast hurricane provoked aggressive congressional oversight of the department, he said.
“You had a number of members of Congress who used DHS as a whipping boy,” Garcia said. The department was on the defensive and too many decisions were being made by political types rather than line managers. “It creates an atmosphere of distrust.”
At the same time, DHS has been burdened with the challenge of developing an effective business infrastructure to support a department quickly cobbled together from a broad range of existing agencies. Even under good conditions, it can take a department that size 10 years to gain traction and begin operating at full efficiency, he said.
Garcia said legitimate oversight of the department is needed, including the overlapping jurisdictions of different committees that oversee different aspects of the DHS mission. And things have become better under a Congress that is no longer openly at odds with the executive branch. That bodes well for the department’s development, he said.
“DHS has to mature,” he said. “I have faith that it will. I have confidence in it.”