DHS cybersecurity strategy draws fire

The Homeland Security Department’s ambitious cybersecurity initiative might be relying too much on contractors and might not be providing enough information to the public, according to two key senators.

The department is requesting $294 million for the National Cyber Security Division in fiscal 2009, an increase of $83 million. In January, DHS issued a request for proposals for contractor mission support for the division for 10 months.

However, the solicitation did not clearly set out the roles, responsibilities and limitations of the contractor services, nor did it specify how contractor performance would be monitored, said Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), the chairman and ranking member of the Committee on Homeland Security and Governmental Affairs.

“The department’s plan to use contractor personnel to support the initiative merits some scrutiny,” Lieberman and Collins wrote to DHS Secretary Michael Chertoff May 1.

The senators asked several questions in the letter about the upcoming contract, including:

• What should be the right balance between contract and government staff to carry out the responsibilities at the cyberdivision?


• Why is the support contract only for 10 months, and what are the transition plans?


• The contractors will support inherently governmental functions, including intelligence analysis, coordinating with law enforcement, coordinating between government offices and responding to congressional requests. How will DHS provide appropriate oversight?


• Why, despite previous Government Accountability Office recommendations, is this a time and materials contract?


• How will DHS control costs on this contract?

The senators also expressed concern about how little information has been available about the cyber initiative to Congress, private entities and the public in addition to difficulties tracking which parts of the initiative are classified and which are not.

The lack of information might be creating confusion and concern about the initiative, Lieberman and Collins wrote.

The Bush Administration also has not substantially involved private owners of cyber infrastructures in the planning of its cyberstrategy, which may prove to be a shortcoming when it comes to implementation.

“Given their expertise, and the role that private industry must necessarily play in securing government and private sector networks, we urge you to ensure that they are appropriately involved in this initiative,” the senators wrote.

Lieberman and Collins said they support the cyber initiative in general but also want to ensure that information is shared with the public and privacy concerns are addressed.