Grading DHS's Cyber-Security Efforts
The Department of Homeland Security today received more lumps for failing to implement programs to protect the nation's most vital computer systems from attack or disruption. The Government Accountability Office issued a report today concluding that the department's failure to make meaningful progress on its myriad cyber-security programs was due largely to organizational and staffing problems.
Not that this comes as a surprise to anyone who's tracked the department's languid progress on implementing the Bush administration's National Strategy to Secure Cyberspace, released in Feb. 2003 as a blueprint for hardening the electronic defenses around computers that power the nation's most important systems -- including power, water, sewer and telecommunications networks.
The GAO said nobody can reasonably expect Homeland Security to get moving on these tasks until it confronts and resolves the underlying problems of "achieving organizational stability, gaining organizational authority, overcoming hiring and contracting issues, increasing awareness about cyber-security roles and capabilities, establishing effective partnerships with stakeholders (i.e. other federal, state, and local governments and the private sector), achieving two-way information sharing with these stakeholders, and providing and demonstrating the value DHS can provide."
Homeland Security has come under fire in the past for not making cyber-security a higher priority. The department has seen several smart, dedicated people leave key cyber-security posts because of a perceived lack of authority given to those positions (see my previous reporting).
Already, lawmakers on Capitol Hill are moving to correct some of the problems outlined by the GAO. Last week, the House of Representatives voted 424-4 to create an assistant secretary for cyber-security at DHS, a step supporters say should ensure that the department's cyber-security priorities get the attention and funding they so rightly deserve.
DHS, by the way, helps run the US-CERT Web site, which includes computer security tips for businesses, ordinary computer users and government workers.
Posted by: cautiously optimistic | May 27, 2005 11:15 AM | Report abuse
The comments to this entry are closed.