GAO: DHS has 'major tasks' to do in cybersecurity

Related Links

A work in progress

A new Government Accountability Office report recognizes the efforts the Homeland Security Department has made to strengthen its responsibilities for enhancing the cybersecurity of critical infrastructures. But GAO said major tasks remain to be done.

The report was included as testimony by David Powner, director of information technology management issues at GAO, when he appeared before the House Homeland Security Committee’s Economic Security, Infrastructure Protection and Cybersecurity Subcommittee Sept. 13.

In its report, GAO states that in 2005 DHS had pinpointed 13 key cybersecurity responsibilities without fully addressing any of them. For example, DHS established forums to foster information sharing among federal and law enforcement officials “but had not developed national threat and vulnerability assessments for cybersecurity.”

GAO acknowledged that some progress has been made since then in all 13 categories, including DHS’ release of a National Infrastructure Protection Plan, but the department still has not completed any of them.

GAO said DHS’ initiatives this year to develop an integrated public/private plan for Internet recovery were not complete or comprehensive. Moreover, many of the efforts of the working groups DHS established to facilitate coordination and practice responding to cyber events “lacked time frames for completion, and the relationships among its various initiatives were not evident.”

GAO also took note of the number of senior DHS cybersecurity officials who have left the department. The newly created position of assistant secretary of cybersecurity and telecommunications has been unfilled for a year.

George Foresman, DHS’ undersecretary for preparedness, told the subcommittee the department has a strong potential candidate for that job and would possibly bring that person forward soon, pending a security clearance.

GAO noted that it has made about 25 recommendations to DHS in the past several years. It has suggested that the department conduct threat and vulnerability assessments and develop a strategic analysis and warning capability for identifying potential cyberattacks.

“Until they are addressed,” the report states, “DHS will have difficulty achieving results as the federal cybersecurity focal point.”

About the Author

David Hubler is the former print managing editor for GCN and senior editor for Washington Technology. He is freelance writer living in Annandale, Va.

Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.