Panel: Government leadership in IT security is lacking
- By William Jackson
- May 18, 2005
A panel of government and industry representatives on Wednesday agreed that the government has not provided adequate leadership for the nation's cybersecurity, but that is just about all they agreed on.
'We are all frustrated at the pace at which the government has been reacting to this,' said Rep. Tom Davis (R-Va.), who has taken a lead in IT issues in Congress.
There was no agreement on where government responsibility for shepherding the nation through IT vulnerabilities should lie, however.
The House on Wednesday began debating the Homeland Security Department authorization act
for 2006, which would create an assistant secretary for cybersecurity within that department ' an idea that has failed to gain traction in previous years.
'Unlike in past years, the [Bush] administration has not come out against this,' said Rep. Zoe Lofgren (D-Calif.), who supports a new assistant secretary.
Lofgren originally voted against formation of the Homeland Security Department because she felt the task of organizing a new department would distract from the job of securing the nation.
'But we have the department now, and I think it is important they be given the authority to get the job done,' she said.
Davis disagreed, saying that DHS still has years of organizational work ahead of it. 'If you talk about governmentwide leadership, it should be in the White House or in the Office of Management and Budget, not in Homeland Security,' he said. 'Sticking it in one agency is not the way to accomplish this.'
Davis said the executive branch has the 'juice' to establish cybersecurity leadership, which it has not effectively used.
Paul B. Kurtz, former presidential adviser and now executive director of the Cyber Security Industry Alliance, said that government and private-sector security are different jobs that should be spearheaded by different officials.
The White House and OMB should oversee government security, Kurtz said, while responsibility for the rest of the critical infrastructure 'largely rests with the Homeland Security Department.'
The business community, however, just wants to see some government leadership, and does not care what direction it comes from.
'We're not satisfied with the progress that has been made' in improving the security of IT products and infrastructure, said Jody R. Westby, a managing director at PricewaterhouseCoopers LLP. Whether the official is in the White House or in DHS, 'Let's just do what it takes to get it done.'
The DHS authorization bill would establish the new assistant secretary in a National Cybersecurity Office in the Information Analysis and Infrastructure Protection directorate. The new official would have 'primary authority within the department for all cybersecurity-related critical infrastructure protection programs.'
The assistant secretary would oversee a national cybersecurity response system and would have primary authority over the National Communications System.
William Jackson is a Maryland-based freelance writer.