House politicians search for DHS cybersecurity fix
It's easy to criticize government failures. But as the U.S. Congress is learning in the case of the executive branch's cybersecurity efforts, fixing problems and crafting improvements is a little more difficult.
The U.S. Department of Homeland Security's cybersecurity arm has been under fire practically since its inception, flunking tests by outside auditors and receiving letter grades of "F" from congressional overseers. That invited speculation last year about whether the National Security Agency or the White House should take over responsibility for cybersecurity tasks.
Both ideas met with a lukewarm reception during a congressional hearing on Tuesday. "The mission should not reside in NSA," said Microsoft Vice President Scott Charney, a onetime Justice Department computer crime chief. Charney said if you want the public to trust its government, "it's really important to empower DHS to take the necessary operational role."
Subcommittee Chairman Yvette Clark (D-NY) says the Bush administration failed on cybersecurity because it "stopped short of mandating security changes."
The chairman of the full House Homeland Security Committee, Bennie Thompson (D-MS), felt the same way. "I don't think the answer to our problems in cyberspace comes from giving control of the entire federal cybersecurity mission to NSA," he told the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.
There are "pockets within DHS showing signs of improvement," Thompson added.
And the idea of a White House takeover wasn't wildly popular. "I want to respectfully disagree with those of you who think the White House is a place to put this," said Rep. Paul Broun, a Georgia Republican. He added: "I think this committee, not the White House, should be setting policy."
Making the hearing more lively than usual was last week's resignation of Rod Beckstrom, director of Homeland Security's National Cybersecurity Center. In his farewell letter, Beckstrom blasted what he said was an NSA power grab, saying the secretive military agency "effectively controls DHS cyber efforts through detailees, technology insertions." (The week before, Director of National Intelligence Admiral Dennis Blair suggested to a House committee that the NSA was ready for the job, saying "there are some wizards out there at Fort Meade.")
"It's pretty clear (DHS) have not lived up to those responsibilities," said Dave Powner, a director at the Government Accountability Office, who testified at the hearing. "The question is: do we want to keep working with them...or do we just designate them an operational role and put someone else in charge of coordinating with the private sector and the intelligence community?"
Part of official Washington's dissatisfaction with DHS involves disagreements with not just who should handle cybersecurity topics, but what should be done. Security hawks would like the government to have the authority to order around the private sector. Defense hawks would like more focus on offensive "cyberattacks." Privacy advocates worry about Homeland Security's expansive mission, and remember how the NSA and FBI fought for many years to restrict domestic use of encryption.
"I don't think DHS can effectively lead offensive capabilities we need in cyber," said Amit Yoran, the CEO of monitoring firm NetWitness and a former DHS cybersecurity official. DHS's "key role" should be to protect government networks, he said.
Any significant legislative effort to rethink federal cybersecurity efforts is likely to wait until a two-month review ordered by the Obama administration in February is complete. Rep. Yvette Clark (D-NY), chairman of the cybersecurity subcommittee, said that review is crucial because the Bush administration's "strategy stopped short of mandating security changes. Without teeth, the strategy was never implemented."
CNET's Stephanie Condon contributed to this report.
Declan McCullagh, CNET News' chief political correspondent, chronicles the intersection of politics and technology. He has covered politics, technology, and Washington, D.C., for more than a decade, which has turned him into an iconoclast and a skeptic of anyone who says, "We oughta have a new federal law against this." E-mail Declan. 
Well, if the "head" does not "know" what the "hands" and "feet"; and, the "rest of the body" are doing then what scenarios will there be???
Take a look at it; after hundreds and hundreds of billions of dollars have been pumped into the economy and we still cannot get it right! Cut off the funding for cybersecurity programs at the DHS center at this center is toast!
Well, consider if when constructing a "pyramid" just how it will look if it not completed all the way to the top; and, then again the behavior of the "Wheel-In-A-Wheel" from that Biblical text and tell us if we can have any "part" missing.
Yep, an "cyber-infrastructure" that failed to forewarn of the current financial and economic meltdown that the world is currently facing along with (for now...) the question of what restrictions existed to have allowed data on the upgrade of the White House's helicopter to have appeared on an computer in Iran as was reported. Some sort of secured "cyber-infrastructure" we have existing - Huh! So much so, one wonders what is happening in the banking and finance industries and do not get reported!
That's the problem with gov't insecurity. You have these big vendors getting in there selling what's good for them, not the country.
The NSA probably wants to push hardware security and Microsoft wants it to be all about software. Their software.
You can bet the farm that the "cyber-security gloves" will be raised when the "Open-Source Gurus" challenging "Microsoft" enter the ring!
President Obama should dissolve the DHS and place the intelligence consolidation and analysis functions under the NSA.
- by Monkeydung March 12, 2009 12:42 PM PDT
- I agree with Dr_Zinj but would like to take it one step further and suggest dissolving the NSA, FBI, CIA and the secret service and even more important than the rest, dissolve the alchohol and firearms people.
- Like this Reply to this comment
-
(9 Comments)