WASHINGTON--The U.S. Department of Homeland Security on Wednesday sustained more bashing of its cybersecurity efforts from politicians and government auditors.
In what has become a familiar refrain, a chorus of Republicans and Democrats--all from the U.S. House of Representatives panel on telecommunications and the Internet--urged the agency to get its act together and appoint a long-awaited cybersecurity czar.
Then, at a sparsely attended afternoon hearing here, members of the House of Representatives' Homeland Security panel grilled department officials about shortcomings in the Homeland Security Information Network, which was intended to ease sharing of counterterrorism information among federal, state and local investigators.
During the morning hearing, politicians voiced dismay at the unsurprising findings of a Government Accountability Office report (click for PDF) that was released Wednesday and that had been prepared at the committee's request.
"Both government and the private sector are poorly prepared to effectively respond to cyberevents," David Powner, the GAO's director of information technology management issues, told the politicians. "Although DHS has various initiatives under way, these need to be better coordinated and driven to closure."
The Department of Homeland Security, which is chiefly responsible for coordinating responses to cyberattacks, also has no concrete plan for responding to cyberdisasters in partnership with the private sector, Powner said.
A long job search
The department's Under Secretary for Preparedness George Foresman adopted a defensive posture throughout the two-hour hearing, which also included testimony from the Federal Communications Commission and private sector representatives. A similar slate of witnesses, including Foresman, was scheduled to testify on the subject before a House Homeland Security panel on Wednesday afternoon.
"We are in the final stages of a security process review for a candidate we feel is very well-qualified," he said. "We look forward to announcing this candidate with Congress very soon."
For a number of politicians, that assurance wasn't good enough. "To have gone this long without any attention to this or without having someone direct this part of the orchestra is dangerous for this country, I think, in plain English," said Rep. Anna Eshoo, a California Democrat. "I'm not one to try to hype up fear and all that, but we've placed outselves in a real ditch here by not having the administration name someone."
Foresman said he would "strenuously object" to the insinuation that department has been sitting idle while the post has remained vacant. "Had we been in neutral the entire time, I think there would be a grave concern, but I think we have been in overdrive all the time," he said.
One example of an action the department has taken was a weeklong mock attack called Cyber Storm, he said. The agency on Wednesday released a 17-page "after-action report" assessing the results of the February exercise, which involved more than 100 public and private agencies, associations, and corporations from more than 60 locations across five countries.
I think the Dept. of Homeland Sec. would be better prepared if they thought more like cybercriminals or even hired reformed hackers into their ranks.
Some of the training issues might just be common sense things we all do at businesses we work at and having firm Risk Policies in place <a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article7.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article7.htm</a>
The implementation excuses the DHS Inspector General gave would be poor logistic issues in the private sector:
-rushed roll-out schedule -inadequate training & guidance for users -general mistrust for the secrecy of information -lack of availability of real-time information
Why should I feel like my information on a shopping Database be more secure than information stored on government machines?
>>>"-lack of availability of real-time information"<<<
<<<<; so, why are programs like IBM's Lotus Sametime... ( <a class="jive-link-external" href="http://www-142.ibm.com/software/sw-lotus/products/product3.nsf/wdocs/st75home" target="_newWindow">http://www-142.ibm.com/software/sw-lotus/products/product3.nsf/wdocs/st75home</a> ) are not being implemented!
To me, the simplest way to get some thing like the Cyber security field going; is to work it in a competitive realm and have it open to use or observation by as many as possible. That way the system gets a work out, and with the competive realm at work, improved constantly as the parties working the systems up try to edge ahead to keep the goverment funding coming. Admittedly they may have to work the same type of deals as telephone companies that have to use each others lines at times. That's surmountable though.
Sincerely,
Gregory D. MELLOTT
PS: As for the concern that those trying to do damage would be also using to see how they're doing; well there is nothing like giving the guys enough rope to tie themselves up.
Of course, security is not a priority. Security compagnies are known for there backdoors in software. The goal is to launder black market money. <a class="jive-link-external" href="http://www.8thestate.com/audio/11-15-06%20RG%20RBNLive%20Interview.mp3" target="_newWindow">http://www.8thestate.com/audio/11-15-06%20RG%20RBNLive%20Interview.mp3</a> <a class="jive-link-external" href="http://www.911synchronicity.com/?cat=5" target="_newWindow">http://www.911synchronicity.com/?cat=5</a>
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Some of the training issues might just be common sense things we all do at businesses we work at and having firm Risk Policies in place <a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article7.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article7.htm</a>
The implementation excuses the DHS Inspector General gave would be poor logistic issues in the private sector:
-rushed roll-out schedule
-inadequate training & guidance for users
-general mistrust for the secrecy of information
-lack of availability of real-time information
Why should I feel like my information on a shopping Database be more secure than information stored on government machines?
Department of Homeland Security sounds like something the USSR or the Nazis would come up with.
But of course, since the US is implemeting its own KGB style spying, it might just be the perfect name.
To me, the simplest way to get some thing like the Cyber security field going; is to work it in a competitive realm and have it open to use or observation by as many as possible. That way the system gets a work out, and with the competive realm at work, improved constantly as the parties working the systems up try to edge ahead to keep the goverment funding coming. Admittedly they may have to work the same type of deals as telephone companies that have to use each others lines at times. That's surmountable though.
Sincerely,
Gregory D. MELLOTT
PS: As for the concern that those trying to do damage would be also using to see how they're doing; well there is nothing like giving the guys enough rope to tie themselves up.
Something they should have already done at least 5-6 years ago... if not earlier!
Walt
Security compagnies are known for there backdoors in software. The goal is to launder black market money.
<a class="jive-link-external" href="http://www.8thestate.com/audio/11-15-06%20RG%20RBNLive%20Interview.mp3" target="_newWindow">http://www.8thestate.com/audio/11-15-06%20RG%20RBNLive%20Interview.mp3</a>
<a class="jive-link-external" href="http://www.911synchronicity.com/?cat=5" target="_newWindow">http://www.911synchronicity.com/?cat=5</a>