Congress slams Homeland Security's tech efforts

(continued from previous page)

Among the challenges experienced during the exercise, according to the report, are an insufficient number of "technical experts" on board to "fully leverage the large volume of incident information that was being provided;" difficulty figuring who to call within organizations to seek help during crises; and lack of a rapid means to assess and prioritize--or "triage"--cyber incidents.

Terrorist cyber-attacks?
Fresh off commemorations of the fifth anniversary of the Sept. 11 attacks earlier this week, some members at the morning hearing seemed particularly alarmed by the specter of terrorist-driven cyberincidents.

"Certainly cyberterrorism is something that is likely to be in al-Qaida's playbook, and we should be vigilant against such threats," said Rep. Edward Markey, a Massachusetts Democrat who serves as co-chairman of the panel.

"Some people probably think they're exempt from the impact of the Internet, but you'd almost have to live in a cave to be truly unaffected," added Texas Republican Joe Barton, who serves as chairman of the influential House Energy and Commerce Committee. A widespread disruption on that front, he quipped, "is exactly the outcome envisioned by a man who does live in a cave: Osama bin Laden."

That theme continued in the afternoon hearing, convened by a House panel on intelligence, information-sharing and terrorism risk assessment.

"If we are not successful in our information-sharing efforts, then we are not going to be successful in connecting the dots to protect our people and our nation from the possibility of additional attacks," said Connecticut Republican Rob Simmons, the panel's chairman.

The focus of concern was a June 2006 report (click for PDF) from the department's Inspector General's Office that found the agency's information-sharing network was not performing as intended.

The Department of Homeland Security's Assistant Inspector General Frank Deffer outlined a number of those flaws. They included an overly rushed schedule for rolling out and expanding the system after DHS inherited control of it in 2003; inadequate training and guidance for users on how to use it; general mistrust for the secrecy of information shared through the portals; and lack of availability of real-time information about situations.

During the 2005 London Underground bombings, for instance, "users were able to get better information faster by calling personal contacts at law enforcement agencies with connections to the London police than by using the system," Deffer said. As a result, the system has very few active users, he said.

"Taxpayers really should be outraged by what's happened here," Rep. Zoe Lofgren, a California Democrat, said of the $50 million undertaking. "The program is not only a model of haste and waste, but it's a missed opportunity to do things right."

[marileev]

Homeland Sec's poor excuses

I think the Dept. of Homeland Sec. would be better prepared if they thought more like cybercriminals or even hired reformed hackers into their ranks.

Some of the training issues might just be common sense things we all do at businesses we work at and having firm Risk Policies in place http://www.essentialsecurity.com/Documents/article7.htm

The implementation excuses the DHS Inspector General gave would be poor logistic issues in the private sector:

-rushed roll-out schedule
-inadequate training & guidance for users
-general mistrust for the secrecy of information
-lack of availability of real-time information

Why should I feel like my information on a shopping Database be more secure than information stored on government machines?

[Captain_Spock]

>>>"-lack of availability of real-time information"<<<

<<<<; so, why are programs like IBM's Lotus Sametime... ( http://www-142.ibm.com/software/sw-lotus/products/product3.nsf/wdocs/st75home ) are not being implemented!

[qwerty75]

First thing they need to do

is change the name to something less sinister.

Department of Homeland Security sounds like something the USSR or the Nazis would come up with.

But of course, since the US is implemeting its own KGB style spying, it might just be the perfect name.

[gdmellott]

Open & Competitive

hi all,

To me, the simplest way to get some thing like the Cyber security field going; is to work it in a competitive realm and have it open to use or observation by as many as possible. That way the system gets a work out, and with the competive realm at work, improved constantly as the parties working the systems up try to edge ahead to keep the goverment funding coming. Admittedly they may have to work the same type of deals as telephone companies that have to use each others lines at times. That's surmountable though.

Sincerely,

Gregory D. MELLOTT

PS: As for the concern that those trying to do damage would be also using to see how they're doing; well there is nothing like giving the guys enough rope to tie themselves up.

[wbenton]

'bout time...

'bout time is all I can say.

Something they should have already done at least 5-6 years ago... if not earlier!

Walt

[usstropicana]

Laundering money

Of course, security is not a priority.
Security compagnies are known for there backdoors in software. The goal is to launder black market money.
http://www.8thestate.com/audio/11-15-06%20RG%20RBNLive%20Interview.mp3
http://www.911synchronicity.com/?cat=5