Auditors, solons say DHS is 0-for-13 on cybersecurity
- By Wilson P. Dizard III
- May 26, 2005
A critical Government Accountability Office report on the Homeland Security Department's cybersecurity program has prompted members of the House and Senate Homeland Security committees to call for improved performance.
DHS' Information Assurance and Infrastructure Protection Directorate has failed to complete any of its 13 assigned cybersecurity tasks, according to a GAO report
Rep. Christopher Cox (R-Calif.), chairman of the House Homeland Security Committee, said in a statement that 'GAO's analysis affirms what this committee has been saying for the past two-and-a-half years: The status quo does not serve our cybersecurity needs.'
Cox noted that the House version of the Homeland Security Authorization Act of 2005, on a 424-4 vote last week, mandates a new assistant secretary for cybersecurity position and would improve federal and private-sector cybersecurity coordination [see GCN story
Rep. Bennie G. Thompson of Mississippi, the ranking Democrat on the Homeland Security Committee, said DHS 'is bogged down by the wrong priorities and is unable to carry out its responsibility to improve the nation's cybersecurity infrastructure.'
Rep. Zoe Lofgren (D-Calif.), also a member of the panel, said DHS lacks even a national plan to secure networks. She pointed to the threat that a cyberattack could disrupt major services or cripple the economy.
Lofgren drafted and introduced legislation last year in the 108th Congress to create an assistant secretary for cybersecurity. That legislation, reintroduced in the current 109th Congress as HR 285, had bipartisan support from co-author Rep. Mac Thornberry (R-Texas) and others in the GOP.
Sen. Joseph Lieberman of Connecticut, ranking Democrat on the Senate Homeland Security and Governmental Affairs Committee, joined in the chorus, citing DHS difficulties in working with the private sector and other federal, state and local agencies on cybersecurity.
DHS has dropped the ball on cybersecurity because of systemic management problems including organizational stability and authority, contracting and hiring and information-sharing, Lieberman said.
The GAO auditors cited a range of DHS failings in the cybersecurity field, ranging from poor analysis and warning activities to inadequate international cyberspace security and lagging threat assessment.
DHS officials agreed with the auditors' recommendations to engage stakeholders and establish priorities for the department's work, but rejected some recommendations about how to solve the cybersecurity program's problems, according to a written response included in the GAO report.
GAO titled its report 'Critical Infrastructure Protection: Department of Homeland Security Faces Challenges in Fulfilling Cybersecurity Responsibilities.' Congress has kept pressure on the department to improve its cybersecurity performance for years [see GCN story