GAO: DHS has 'major tasks' to do in cybersecurity

Related Links

A work in progress

A new Government Accountability Office report recognizes the efforts the Homeland Security Department has made to strengthen its responsibilities for enhancing the cybersecurity of critical infrastructures. But GAO said major tasks remain to be done.

The report was included as testimony by David Powner, director of information technology management issues at GAO, when he appeared before the House Homeland Security Committee’s Economic Security, Infrastructure Protection and Cybersecurity Subcommittee Sept. 13.

In its report, GAO states that in 2005 DHS had pinpointed 13 key cybersecurity responsibilities without fully addressing any of them. For example, DHS established forums to foster information sharing among federal and law enforcement officials “but had not developed national threat and vulnerability assessments for cybersecurity.”

GAO acknowledged that some progress has been made since then in all 13 categories, including DHS’ release of a National Infrastructure Protection Plan, but the department still has not completed any of them.

GAO said DHS’ initiatives this year to develop an integrated public/private plan for Internet recovery were not complete or comprehensive. Moreover, many of the efforts of the working groups DHS established to facilitate coordination and practice responding to cyber events “lacked time frames for completion, and the relationships among its various initiatives were not evident.”

GAO also took note of the number of senior DHS cybersecurity officials who have left the department. The newly created position of assistant secretary of cybersecurity and telecommunications has been unfilled for a year.

George Foresman, DHS’ undersecretary for preparedness, told the subcommittee the department has a strong potential candidate for that job and would possibly bring that person forward soon, pending a security clearance.

GAO noted that it has made about 25 recommendations to DHS in the past several years. It has suggested that the department conduct threat and vulnerability assessments and develop a strategic analysis and warning capability for identifying potential cyberattacks.

“Until they are addressed,” the report states, “DHS will have difficulty achieving results as the federal cybersecurity focal point.”

About the Author

David Hubler is the former print managing editor for GCN and senior editor for Washington Technology. He is freelance writer living in Annandale, Va.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.