DHS keeps mum on cybersecurity contract work

The Homeland Security Department has released additional details about its role in the Bush administration’s Comprehensive National Cybersecurity Initiative (CNCI) to Congress, but it is being less forthcoming in public releases.

In particular, DHS redacted almost all of its responses to questions about the use of contractors to support its cybersecurity efforts in the public version of its response to questions from the Senate Homeland Security and Governmental Affairs Committee.

DHS said it redacted some information due to privacy and operational concerns.
DHS did say that to implement the unclassified portions of CNCI it is also in the process of converting 50 contractor personnel to federal positions.

Sen. Joseph Lieberman (I-Conn.), chairman of the committee, and Sen. Susan Collins (R-Maine), the ranking member, said the public release of the information on July 31 was important to improve awareness about the program.

“It is my hope that the release of this information will assist in improving security in both the public and private sectors,” Collins said.

Alan Paller, director of research at the SANS Institute, said it is imperative that DHS not rely too heavily on contractors to work on the CNCI project, even though contractors provide most of DHS’ technical cybersecurity talent.

“The government needs more than anything else to basically force the people who want to lead these efforts to be government employees, because otherwise there is no one to manage the contracts,” Paller said.

President Bush issued a classified presidential directive in January that laid out the multiagency, multiyear plan for securing the federal government’s cyber networks. DHS has been tasked with leading these efforts.

The committee asked DHS for clarification on a wide range of issues associated with the program, including privacy, performance metrics and the roles of the public and private sectors. The public version of the letter did address the role of the new National Cyber Security Center in improving collaboration between agencies, DHS’ goals for its National Cyber Security Division over the next year and metrics for determining the success of the initiative.