DHS Special Report | Can DHS meet IT cybersecurity expectations?
The Homeland Security Department’s stagnant cybersecurity program stands in stark contrast to its progress in other IT areas.
The job of assistant secretary for cybersecurity and telecommunications remains open, as it has been since secretary Michael Chertoff created it last October.
DHS cybersecurity policies have been denounced steadily for three years by the Government Accountability Office and the department’s inspector general as well as the House Homeland Security Committee and many in the IT industry.
Congress is moving to prod DHS into specific actions via draft legislation that verges on micromanaging the problem. Even as the House Homeland Security Committee considered a bill to push the department forward on the problem, one influential lawmaker on the panel noted that the Pentagon is carrying the ball on cybersecurity.
Rancor over the issue surfaced earlier this month at a markup session during which the committee approved HR 4941, the Homeland Security Science and Technology Enhancement Act of 2006.
An effort by the committee’s Democratic members to specify $50 million for cybersecurity upgrades failed on a party-line vote of 15 to 13, which left the department’s spending on the problem up to the appropriations committees.
“The lack of progress on cybersecurity is of grave concern,” said Rep. Zoe Lofgren (D-Calif.), a longtime supporter of elevating the cybersecurity post within the department.
“There is very little leadership coming out of the department on cybersecurity,” added Rep. Loretta Sanchez (D-Calif.), sponsor of the amendment to specify an amount for additional cybersecurity spending.
Partisan and procedural grounds alike played a role in the panel’s defeat of Sanchez’s amendment. But Rep. Curt Weldon (R-Pa.), cast a light on how DHS has ceded its cybersecurity function to the Pentagon.
“In the Defense budget we have put hundreds of millions of dollars in for information dominance,” Weldon said. He cited Pentagon programs to fund universities to launch cybersecurity studies centers and to expand the military’s own cybersecurity programs.
The panel did agree to send to the full House a bill that directed DHS to launch several cybersecurity efforts, including mitigation and recovery technologies; modeling, testbed and data set development for cybersecurity research; secure Internet protocols; and voluntary standards for critical infrastructure systems.
DHS’ improving infrastructure may have paved the way for cybersecurity progress, but the department has failed to convince even the Republicans in Congress that its work in the field is acceptable.
Connect with the GCN staff on Twitter @GCNtech.