Senator blasts Homeland Security's Net efforts

WASHINGTON--A Republican senator on Friday blasted the U.S. Department of Homeland Security's readiness for a massive cyberattack, saying he hasn't seen any improvements since bringing in department officials for questioning last summer.

"Despite spending millions of dollars over the past year, DHS continues to struggle with how to effectively form and maintain effective public-private partnerships in support of cybersecurity," Sen. Tom Coburn of Oklahoma said at a hearing convened by a Senate Homeland Security subcommittee, of which he is chairman.

Coburn, the only politician present at the 90-minute hearing, grilled top computer security officials from Homeland Security, the National Security Agency, the Office of Management and Budget, and the Government Accountability Office (GAO). He also asked private-sector companies for suggestions for government action.

The Oklahoma senator joined industry groups and congressional colleagues in chiding the agency for failing to appoint a high-level cybersecurity chief one year after the post's creation. He said having a strong leader in charge is critically important to defend against a crippling cyberattack that could take out not only e-commerce and communications capacities, but also "electrical transformers, chemical systems and pipelines" controlled by computers.

"There's going to be an assistant secretary (for cybersecurity and telecommunications), I promise you, even if we have to raise the salary for the position," he said.

Homeland Security's top cybersecurity post has remained a low- to mid-level position ever since Congress passed a 2002 law that melded 22 federal agencies and made the department chiefly responsible for protecting cyberspace. Numerous audits have faulted the sprawling cabinet department for its lack of readiness to handle large-scale attacks and for shortcomings on its internal networks.

That blistering critique continued on Friday with a new GAO report (click here for pdf), which accused Homeland Security of failing to finalize clear plans that detail the responsibilities of state and local governments, other federal agencies and the private sector before, during and after Internet disruptions. "Today, no such plan exists" despite a federal mandate to devise one, Keith Rhodes, the GAO's chief technologist, told the committee.

DHS Undersecretary of Preparedness George Foresman acknowledged that his department still has much to accomplish, but he suggested the federal auditors' assessment "is much bleaker than what is the actual progress to date."

Government officials have been meeting with corporations from vulnerable industries through committees and working groups, the official said, and the department conducted its first major cybersecurity exercise in February, with plans to release a report on lessons learned in the near future. "These lessons, like those of Katrina, will not sit idle," Foresman said.

Coburn questioned why Homeland Security has not let private companies take on an even greater role in devising policy. "It just seems to me that if 75 percent of (the nation's infrastructure) is private-sector owned, your bottom line depends on this staying up and working...Why don't you tell us what to do?" he asked.

"That's exactly what we're doing," Foresman responded, though he acknowledged it's challenging to work with companies that don't always trust the government with proprietary information that could aid their competitors.

An icy Coburn also couldn't resist taking a jab at DHS officials on another front: He said the agency's prepared testimony for the Friday hearing didn't arrive at his office until late Thursday night, despite receiving notice of the event on June 12. The last-minute submission speaks volumes, he said, providing "an example of exactly what's happening in DHS on cybersecurity."

Foresman, for his part, assured the senator that the tardiness will not occur in the future and added, "By no means were we trying not to get information to you."

[n3td3v]

Department of Hopeless Security

When Bush stands aside after his final term as president, the DHS should be scraped.

This will mark the end of Bush's hopeless security efforts to make the internet and the world safe.

[jabbotts]

Shouldn't Bush's term be ending in four short years?

After all, the president may be voted into the office for two cosecutive terms of two years each and Bush has yet to be placed in the office through popular vote.

[cooldogjones]

Before spouting off your...

mouth should I remind you that we haven't been attacked since
9/11 and before you think about it remember this: that the
terrorist cell of 9/11 was put in place during the Clinton
Administration. So drop the holier than though attitude and help
out our country. How about joining the US military and making a
difference?

[Nkully86]

Well deserved criticism

I completely agree with Coburns attitudes towards the nations homeland security practices. We are putting so much money into making the digital world a safer place when in reality it is only getting worse.

I don't think that it is the plan that homeland security has thus far as much as actually putting that plan into action. It seems like there are way too many "what ifs" and "We'll get to it when the issue arises" with that team. Well I hate to break it to ya fellas, the dangers have arrived and unless we start taking some serious action, we as consumers are all on our own in the dangerous digital world.
http://www.essentialsecurity.com/Documents/article16.htm

[Razzl]

The myth of the cyberattack

Perhaps the reason why the senator isn't getting the response he wants is because nobody has the courage to point out to him that the internet isn't susceptible to the kind of attack he envisions. The internet is a decentralized network of networks that can't be taken down in the manner he imagines--though it might be possible to disrupt it for an hour or two. Hurricane Katrina destroyed all of the electrical, hardware, and software infrastructure in a 1000 mile by 50 mile swath all at once and didn't manage to disrupt net traffic in North America, so the myth of terrorist cyberattack being able to damage it is pretty much busted...

[zanzzz]

Homeland Insecurity

The Homeland Security Agency is a classic pork barrel creation. The money thrown down this rat hole increased from less than $20 billion/ year to well over $47 billion in three years! Only now does the value of these expenditures finally begins to come into question. The fact is that the money is divided by political considerations first and security is an after- thought. The vast majority of this spending has little effect on real security. It's spent on tiny out of the way places that have essentially zero value as a terrorist target.
The intellectual dishonesty underlying the existence of The Homeland Security Agency is the fact that a nation that spends over HALF A TRILLION DOLLARS PER YEAR for "defense" finds this sum to be inadequate to get the job accomplished! What the hell is all that half a trillion a year protecting if it's not the USA? Vast sums are thrown at programs that made little sense during the Cold War and no sense now. Instead of weening the cash stream away from the mountains of misdirected priorities the easier path politically is to invent new streams. Of course the government does not collect the taxes sufficient to pay for this so it sells bonds at roughly a billion dollars a day to the Chinese- our bankers. Curiously that is also roughly what the US spends a day for the Iraqi misadventure.
In a few short years when the weight of debt from this madness becomes untenable we will have weakened the national security far beyond any gain this expenditure can provide for us now.

[swift2--2008]

Coburn? Seriously?

Does he think it's a series of tubes, too? "Coburn, the only
politician present at the 90-minute hearing--" Why do you think
that is? Nobody interested? Or is this Tom's little hobbyhorse. Tell
ya what, let's pass a constitutional amendment instituting an
Internet Czar. He can censor things, forbid things, and put it all
under the central control of the Party-- er, of a bureaucracy led by
Sooner Tom.

But wait a minute. If you centralize it all, you can bring it all down.

[cooldogjones]

You probably don't know...

much so I will educate you. Intelligence doesn't come cheap so any
assumptions you have about Homeland Security should be
squashed here and now. First of all when you try to obtain
information from the bad guys through a mutual friend he or she is
not going to provide that information for free. So next one would
have to pay a heavy fee to obtain the information. So even if we
spend $40 billion and save only one American life wouldn't it be
worth it? What kind of price are you willing to put on other poeples
lives?

[zanzzz]

You Obviously Don't Know!

The Homeland Security Budget is largely to provide defense of domestic targets. You are the one in need of some education here. The CIA is the agency with the task of cultivating intelligence resources, a small part of which is paying informers for information. Domestically the FBI has the job of finding information on terrorists leading to their arrest. Ironically the lack of spending and focus on "human" resources by the US intelligence services has largely contributed to their failures. An overemphasis and reliance on technical means has led to astounding failures such as misunderstanding the health of the Soviet empire right up to it's collapse and the complete misreading of Iraq's prewar status regarding WMD's and lack of involvement in terrorism.

[OneWithTech]

Here's a good place to start.

You know one thing that I've learned in life is that your clueless to where your going if you don't even know where you are!

How about starting with a current layout of the Government's Global Network in the form of a great big plan. Put in on one of those big glass tables with pretty lines and triangles and circles representing the current state of the Government's Networks.

From this point you can start pinpointing critical Technological pieces that need to be addressed according to a priority level to which you would also have to create.

Once you can get an idea of what your working with you can begin to improve upon the infrastructure from the most critical points outward. This would ensure that your covering the most important parts of the network from a tiered standpoint starting at the lowest point would ensure total network security from all levels.

Once you get an idea of how the internal Governments Networks relate to the World Wide Web as a whole you'll not only have built yourself some Data points but you'll also get a better idea on how to preemptively protected the network Globally.

This is just a start, but a valid start; that obviously nobody had the ability to come up with until now!

J Gund
Tech01
www.Tech01.net