Experts urge overhaul of cybersecurity

The Homeland Security Department, the agency in charge of coordinating federal cybersecurity efforts, is not fully prepared to protect the United States against a significant attack on the cyber infrastructure, according to government auditors and some independent experts. Also, cybersecurity coordination should be moved to the White House to reflect the scope of the threat posed by potential cyber attacks, some experts said.

The Government Accountability Office released findings Sept. 16 to a House subcommittee that concluded DHS has not fully addressed key issues that include monitoring network activity, analysis, warning and response. DHS also did not implement several corrective actions to strengthen coordination with the private sector after its first large-scale simulation exercise and does not effectively share information on control system vulnerabilities with the public and private sectors, the GAO said.

“Until these steps are taken, our nation’s computer-reliant critical infrastructure remains at unnecessary risk of significant cyber incidents,” David Powner, GAO’s director of information management issues, testified before the House Homeland Security Committee’s Emerging Threats, Cybersecurity and Science and Technology Subcommittee.

Also, DHS' performance was criticized by members of the Center for Strategic and International Studies’ Cyber Commission on Cyber Security.

Paul Kurtz, chief operating officer at Good Harbor Consulting and a commission member, said it was not clear who was leading the cybersecurity effort at DHS.

“There really is no one in charge right now at DHS,” Kurtz said. “It’s as though you have several people with their hands on the steering wheel and there is really no common direction.”

Kurtz said a lack of leadership was evidenced by infighting about cybersecurity efforts he had seen among the department’s senior leadership. He added that about 70 people from the private sector were present when that infighting happened.

Kurtz also said cybersecurity “really is no longer a homeland security issue, but a national security issue” and that situation is not the fault of DHS.

James Lewis, head of the CSIS program that sponsors the commission, said trust between the government and the private sector needed to be rebuilt and an increased focus was needed on the critical infrastructure sectors critical for cybersecurity – the sectors of telecommunications, electricity and finance.

The expansion of the cyber threat necessitates moving the authority for coordination from DHS to another organization, the commission’s preliminary findings indicated. The panel's complete report is expected to be released in November.

“Our view is that any improvement to the nation’s cybersecurity must go outside of DHS to be effective, and this will require rethinking the roles of DHS" and the White House’s Homeland Security Council, Lewis said. “We concluded that only the White House has the necessary authority and oversight for cybersecurity.”

Lewis said because the most dangerous cyber threats now come from foreign military and intelligence services, along with terrorist organizations and international crime organizations, DHS does not have significant authority to deal with those threats.

“We have to bump this up,” Lewis said.

In response, DHS spokeswoman Laura Keehner said in an e-mail message that the department was performing meaningful work on cybersecurity. She pointed to the recently created National Cyber Security Center, which will coordinate military and civilian cybersecurity efforts and to DHS' efforts to hire several hundred analysts.

"Rearranging the deck chairs is a classic inside the Beltway pastime, but all that it ensures are more headlines for political posturing and a guarantee that in two years [the] government's cyber efforts will be in the same place," she said. "Billions of dollars are going into this effort. We're the first to admit there is more work to be done; we are focused on collaborating with the private sector -- which owns the vast majority of this country's critical infrastructure -- to mitigate threats."

In a related development, Rep. James Langevin (D-R.I.), the subcommittee's chairman, announced the formation of a bipartisan House Cybersecurity Caucus scheduled to begin meeting in January, but he provided no details about its membership or operations.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.