President Bush celebrated the five-year anniversary of the Department of Homeland Security on Thursday. In conjunction with the event, DHS dutifully released a fact sheet marking the department's priorities and progress since the inception.
Here's the part relating to IT:
"Increasing Cyber Security: DHS established the Computer Emergency Readiness Team (US-CERT) to provide a 24-hour watch, warning, and response operations center, which in 2007 issued over 200 actionable alerts on cyber security vulnerabilities or incidents. US-CERT developed the EINSTEIN intrusion detection program, which collects, analyzes, and shares computer security information across the federal civilian government. EINSTEIN is currently deployed at 15 federal agencies, including DHS, and plans are in place to expand the program to all federal departments and agencies. In addition, the Secret Service currently maintains 24 Electronic Crimes Task Forces to prevent, detect, mitigate, and aggressively investigate cyber attacks on our nation's financial and critical infrastructures."
Somebody, pass me the No-Doz before I fall off my chair.
Wish I could report otherwise, but when it comes to network security, DHS appears to be more of a wet noodle than even its sharpest critics assumed. The truth is they still don't have much to celebrate when it comes to cybersecurity.Talk with security consultants and former government officials involved with DHS and you come away wondering what these folks do all day. I've listened to countless government leaders since 2003 promise big advances just around the bend. I'm still waiting for something important to write about.
Obviously, it's easy to take shots at DHS from the peanut gallery, but come on, already. The government-led effort to shore up the nation's cybersecurity still remains a work-in-progress.
Then again, DHS grapples with deeply rooted bureaucratic challenges. Few experts want to talk on the record but check out this recent Washington Post piece. It paints a damning picture of an organization struggling with high-profile projects going nowhere. And the piece doesn't even begin to get into the cybersecurity question. The reason: despite all the reams of paper and la-di-da speeches, it remains on the political back burner in Washington.
And that's where it will stay, I'm afraid, until we get nailed by a real cyber-disaster.