May 26, 2005 5:10 PM PDT

Homeland Security flunks cybersecurity prep test

The U.S. Department of Homeland Security has failed to live up to its cybersecurity responsibilities and may be "unprepared" for emergencies, federal auditors said in a scathing report released Thursday.

More than two years after its creation, Homeland Security has never developed a contingency plan to restore Internet functions in an emergency and has yet to create a vulnerability assessment of what could happen in an worst-case scenario, the Government Accountability Office concluded.

"DHS cannot effectively function as the cybersecurity focal point intended by law and national policy" at the moment, the report (Click for PDF) said. "There is increased risk that large portions of our national infrastructure are either unaware of key areas of cybersecurity risks or unprepared to effectively address cyber emergencies."

The dismal grade for Homeland Security comes as the federal government is conducting a war game called "Silent Harbor" that's designed to model what might happen during an electronic attack on the United States. It was convened by the CIA's secretive Information Operations Center and was set to conclude Thursday.

Thursday's report represents the most critical take yet on the cybersecurity efforts of the still-young agency, which was intended to become a central point for online warnings and responses inside the federal government but instead has come under fire for being too sluggish. The November 2002 law creating the Department of Homeland Security melded together computer security centers from the FBI, the Defense Department, the Commerce Department and the Energy Department.

In a letter signed by Steven Pecinovsky, a Homeland Security inter-governmental liaison, the department took issue with the report's conclusions. Homeland Security does not "agree with the report's implication that the challenges experienced to date have prevented us from achieving significant results in improving the nation's cybersecurity posture," Pecinovsky wrote. Because Homeland Security is a new agency, it is using less formal, non-quantitative ways to measure progress, he added.

The GAO warned that bot networks, criminal gangs, foreign intelligence services, spammers, spyware authors and terrorists were all "emerging" threats that "have been identified by the U.S. intelligence community and others." Even though Homeland Security has 13 responsibilities in this area, it "has not fully addressed any," the GAO said.

Homeland Security has been suffering from an ongoing exodus of top-level staff. The director and deputy director of Homeland Security's National Cyber Security Division, a top Computer Emergency Response Team official, the undersecretary for infrastructure protection, and the assistant secretary responsible for information protection have all left in the past year. (The House of Representatives this month approved a reorganization of those departments.)

Democrats on Capitol Hill were quick to take up the report's findings to suggest that the Bush administration's cybersecurity efforts have been a flop.

The "report only confirms what we have known all along; the DHS has failed to meet the responsibility for critical infrastructure protection," said Rep. Zoe Lofgren, who represents the San Jose, Calif., area.

Rep. Bennie Thompson of Mississippi, the top Democrat on a congressional homeland security panel, charged that "our critical infrastructures remain largely unprepared or unaware of cybersecurity risks and how to respond to cyber emergencies. This is unacceptable."

This isn't the first time the Homeland Security has been rapped by auditors. Last year, one report said the agency was plagued by computer systems that were incompatible, and another found that Homeland Security was woefully behind in terms of sharing computer security information with private companies.

5 comments

Join the conversation!
Add your comment
No wonder...
maybe it's because they waste their time on closing torrent hubs. Because I am sure everybody feels safer now that our Homeland Security is ridding the world of the dangerous file swappers. Lower the alert level Tom!! You did it!!
Posted by ZeroJCF (51 comments )
Reply Link Flag
different depts
Do you think that homeland security is five people in a basement somewhere. Surely fbi agents can raid the bittorrent pirates while progress in other areas is made.

I think cyber attacks are overhyped anyways. Some terrorist is going to DDoS a bunch of servers? Wasn't there a "major attack" a few years back and nobody noticed? Anyways at least they'll get more money now.

Homeland security has to worst job (which is why there's such turnaround) stuck in a beurocratic and political heck.

If they succeed at stopping some awful attack they will most likely never know it or if they know it they won't tell the whole truth to avoid panic. If they fail then...
Posted by sanenazok (3449 comments )
Link Flag
closing torrent hubs
<a class="jive-link-external" href="http://www.analogstereo.com/infiniti_q45_owners_manual.htm" target="_newWindow">http://www.analogstereo.com/infiniti_q45_owners_manual.htm</a>
Posted by George Cole (314 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.