Cybersecurity still handled by a 'place holder'
- By William Jackson
- Jul 13, 2006
It was one year ago that Homeland Security secretary Michael Chertoff announced a departmental reorganization that would create an assistant secretary for cybersecurity and telecommunications.
'Our department must drive improvement with a sense of urgency,' Chertoff said July 13, 2005. 'Our enemy constantly changes and adapts, so we as a department must be nimble and decisive.'
The decision was greeted with enthusiasm by the IT community, which had complained of the lack of focus on cybersecurity in the administration.
But one year later, the post remains vacant.
'It's an unfortunate anniversary,' said Paul Kurtz, a former presidential adviser and now executive director of the Cyber Security Industry Alliance. 'I can't understand why it continues to be a low priority.'
Repeated attempts by GCN to interview officials at DHS about the position were unsuccessful. But the anniversary has sparked a flurry of statements from industry groups urging a speedy appointment.
'It is indicative of the ongoing lack of attention being paid to cybersecurity at the most senior levels of government,' Kurtz said.
'We are hopeful that the administration will soon be able to nominate a qualified individual for the position,' said the Business Software Alliance, which called the position 'a profound step toward establishing the authority and recognition needed.'
Under Chertoff's plan, the new assistant secretary would report to a new undersecretary for preparedness. George W. Foresman was named undersecretary in December, but the department's top cybersecurity official remains Andy Purdy, long-time acting director of the National Cyber Security Division who replaced former director Amit Yoran in October 2004.
Kurtz called Purdy's position as an acting director thankless.
'I think he's been a place holder,' he said. 'He's not seen across government as the leader.'
Kurtz said the assistant secretary is needed as a focal point in government for developing effective situational awareness and early warning capabilities, continuity of operations planning and disaster recovery programs.
These areas were singled out as weaknesses in a white paper released last month by the Business Roundtable, an organization of U.S. CEOs. Although the private sector has the primary responsibility for securing the nation's information infrastructure, preparedness is seriously hampered by a lack of leadership and coordination at the federal level, the group said.
'There are too many institutions, both public and private, with unclear or overlapping responsibility,' the report said. It called upon DHS to clarify roles and coordinate planning for prevention of and response to serious disruptions.
This would be the job of the assistant secretary for cybersecurity, Kurtz said.
DHS has suffered a major distraction in the wake of the government's failed response to Gulf Coast hurricanes last summer, and concerns about FEMA may have diverted attention and energy from cybersecurity.
'Katrina was a massive issue for the department to deal with,' Kurtz acknowledged. 'But the time for excuses expired a long time ago. We ought to be able to walk and chew gum at the same time.'
Kurtz conceded some progress at DHS.
'We do have to give them credit for Cyber Storm,' a cyber defense exercise conducted with more than 100 private sector participants early this year, he said.
But the value of such an exercise comes from sharing the lessons learned, and at this point there is no adequate mechanism for evaluating and disseminating those lessons, he said.
William Jackson is a Maryland-based freelance writer.