September 13, 2006 2:20 PM PDT

Congress slams Homeland Security's tech efforts

WASHINGTON--The U.S. Department of Homeland Security on Wednesday sustained more bashing of its cybersecurity efforts from politicians and government auditors.

In what has become a familiar refrain, a chorus of Republicans and Democrats--all from the U.S. House of Representatives panel on telecommunications and the Internet--urged the agency to get its act together and appoint a long-awaited cybersecurity czar.

Then, at a sparsely attended afternoon hearing here, members of the House of Representatives' Homeland Security panel grilled department officials about shortcomings in the Homeland Security Information Network, which was intended to ease sharing of counterterrorism information among federal, state and local investigators.

During the morning hearing, politicians voiced dismay at the unsurprising findings of a Government Accountability Office report (click for PDF) that was released Wednesday and that had been prepared at the committee's request.

"Both government and the private sector are poorly prepared to effectively respond to cyberevents," David Powner, the GAO's director of information technology management issues, told the politicians. "Although DHS has various initiatives under way, these need to be better coordinated and driven to closure."

The Department of Homeland Security, which is chiefly responsible for coordinating responses to cyberattacks, also has no concrete plan for responding to cyberdisasters in partnership with the private sector, Powner said.

A long job search
The department's Under Secretary for Preparedness George Foresman adopted a defensive posture throughout the two-hour hearing, which also included testimony from the Federal Communications Commission and private sector representatives. A similar slate of witnesses, including Foresman, was scheduled to testify on the subject before a House Homeland Security panel on Wednesday afternoon.

Foresman emphasized that finding someone to fill the post of assistant secretary for cybersecurity and telecommunications remains a "top priority" for the department. The post has been vacant since its creation in July 2005, a situation that has drawn a rash of criticism inside and outside the government.

"We are in the final stages of a security process review for a candidate we feel is very well-qualified," he said. "We look forward to announcing this candidate with Congress very soon."

For a number of politicians, that assurance wasn't good enough. "To have gone this long without any attention to this or without having someone direct this part of the orchestra is dangerous for this country, I think, in plain English," said Rep. Anna Eshoo, a California Democrat. "I'm not one to try to hype up fear and all that, but we've placed outselves in a real ditch here by not having the administration name someone."

Foresman said he would "strenuously object" to the insinuation that department has been sitting idle while the post has remained vacant. "Had we been in neutral the entire time, I think there would be a grave concern, but I think we have been in overdrive all the time," he said.

One example of an action the department has taken was a weeklong mock attack called Cyber Storm, he said. The agency on Wednesday released a 17-page "after-action report" assessing the results of the February exercise, which involved more than 100 public and private agencies, associations, and corporations from more than 60 locations across five countries.

CONTINUED: Missed opportunities…
Page 1 | 2

See more CNET content tagged:
homeland security, department, politician, agency, telecommunications

6 comments

Join the conversation!
Add your comment
Homeland Sec's poor excuses
I think the Dept. of Homeland Sec. would be better prepared if they thought more like cybercriminals or even hired reformed hackers into their ranks.

Some of the training issues might just be common sense things we all do at businesses we work at and having firm Risk Policies in place <a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article7.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article7.htm</a>

The implementation excuses the DHS Inspector General gave would be poor logistic issues in the private sector:

-rushed roll-out schedule
-inadequate training &#38; guidance for users
-general mistrust for the secrecy of information
-lack of availability of real-time information

Why should I feel like my information on a shopping Database be more secure than information stored on government machines?
Posted by marileev (292 comments )
Reply Link Flag
>>>"-lack of availability of real-time information"<<<
&lt;&lt;&lt;&lt;; so, why are programs like IBM's Lotus Sametime... ( <a class="jive-link-external" href="http://www-142.ibm.com/software/sw-lotus/products/product3.nsf/wdocs/st75home" target="_newWindow">http://www-142.ibm.com/software/sw-lotus/products/product3.nsf/wdocs/st75home</a> ) are not being implemented!
Posted by Captain_Spock (894 comments )
Reply Link Flag
First thing they need to do
is change the name to something less sinister.

Department of Homeland Security sounds like something the USSR or the Nazis would come up with.

But of course, since the US is implemeting its own KGB style spying, it might just be the perfect name.
Posted by qwerty75 (1164 comments )
Reply Link Flag
Open & Competitive
hi all,

To me, the simplest way to get some thing like the Cyber security field going; is to work it in a competitive realm and have it open to use or observation by as many as possible. That way the system gets a work out, and with the competive realm at work, improved constantly as the parties working the systems up try to edge ahead to keep the goverment funding coming. Admittedly they may have to work the same type of deals as telephone companies that have to use each others lines at times. That's surmountable though.

Sincerely,

Gregory D. MELLOTT

PS: As for the concern that those trying to do damage would be also using to see how they're doing; well there is nothing like giving the guys enough rope to tie themselves up.
Posted by gdmellott (28 comments )
Reply Link Flag
'bout time...
'bout time is all I can say.

Something they should have already done at least 5-6 years ago... if not earlier!

Walt
Posted by wbenton (522 comments )
Reply Link Flag
Laundering money
Of course, security is not a priority.
Security compagnies are known for there backdoors in software. The goal is to launder black market money.
<a class="jive-link-external" href="http://www.8thestate.com/audio/11-15-06%20RG%20RBNLive%20Interview.mp3" target="_newWindow">http://www.8thestate.com/audio/11-15-06%20RG%20RBNLive%20Interview.mp3</a>
<a class="jive-link-external" href="http://www.911synchronicity.com/?cat=5" target="_newWindow">http://www.911synchronicity.com/?cat=5</a>
Posted by usstropicana (2 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.